Skip to content

feat(provenance): SCPV v3 fusion premises for scry (#313 inc 1)#314

Merged
avrabe merged 4 commits into
mainfrom
feat/313-fusion-premises
Jun 26, 2026
Merged

feat(provenance): SCPV v3 fusion premises for scry (#313 inc 1)#314
avrabe merged 4 commits into
mainfrom
feat/313-fusion-premises

Conversation

@avrabe

@avrabe avrabe commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Producer side of #313 (expose fusion facts for loom/synth specialization), inc 1. Pairs with scry#63 (consumer-side format).

What

Reworks the component-provenance section to the converged binary SCPV v3 wire format and emits the two fusion-unique optimization premises that feed scry's sound abstract interpreter:

  • bounded_memory — no memory.grow in the fused core (fixed linear memory).
  • closed_world — all cross-component import edges internalised; no residual import in a non-host namespace (conservative — unknown namespace ⇒ false, never over-asserted).

Why binary, why now

meld emitted JSON; scry-provenance decodes binary SCPV → the boundary never actually connected (BadMagicprovenance=None, a dead feature). Per DD-002 scry owns the format; we converged (scry#63) on binary-canonical so scry's DO-333 trusted decoder stays lean/no_std (extend its SCPV reader, no JSON parser in the trusted base), and the one-time encoder swap lands on meld (untrusted host). meld's richer schema (sha256 binding, code_range, String component_id via length-prefix) ports into v3; premises live in the fixed header.

Scope discipline

meld does not compute value-ranges / const-args / dead-params — that's scry's analysis (scry-interval/scry-analyze-core), fed by these premises, for synth. inc 2+ is scry's, not meld's.

Verification

  • SR-45 (sw-req, derives-from SYS-4) + SWV-45.
  • 9 provenance unit tests: SCPV v3 codec round-trips both premises across all (bounded,closed) combos; header byte-layout pinned to scry#63; host-namespace classification (wasi/env/no-imports ⇒ closed; component-instance import ⇒ not closed).
  • v3_fusion_premises_present_on_real_fusion: a real wac-composed fusion emits SCPV magic with closed_world=true and bounded_memory = !uses(memory.grow).
  • 439 lib tests green, clippy clean, rivet validate PASS. DWARF path unaffected (reads the in-memory struct, not the section bytes).

Refs #313, scry#63.

🤖 Generated with Claude Code

Reworks the `component-provenance` section to the converged binary SCPV v3
wire format (scry#63) and emits the two fusion-unique optimization premises
that feed scry's sound abstract interpreter:
- bounded_memory: no memory.grow in the fused core (memory_probe).
- closed_world: all cross-component imports internalised; no residual import
  in a non-host namespace (conservative — unknown namespace ⇒ false).

Why binary, why now: meld emitted JSON, scry-provenance decodes binary SCPV —
the boundary never actually connected (BadMagic → provenance=None). Per DD-002
scry owns the format; converged on binary-canonical so scry's DO-333 trusted
decoder stays lean/no_std (extend its SCPV reader, no JSON parser), and the
one-time encoder swap lands on meld (untrusted host). meld's richer schema
(sha256 binding, code_range, String component_id via length-prefix) ports into
SCPV v3; premises live in the fixed header.

meld does NOT compute value-ranges/const-args/dead-params — those are scry's
analysis (scry-interval/scry-analyze-core), fed by these premises, for synth.

SR-45 (sw-req, derives-from SYS-4) + SWV-45. Oracle: 9 provenance unit tests
(codec round-trip both premises, header layout pinned, host-namespace
classification) + v3_fusion_premises_present_on_real_fusion golden assertion;
439 lib tests green, clippy clean, rivet validate PASS. DWARF path unaffected
(reads the in-memory struct, not the section bytes). Producer side of #313;
scry consumer side tracked in scry#63.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

LS-N verification gate

57/57 approved LS entries verified

count
Passed (≥1 test, all green) 57
Failed (≥1 test failure) 0
Missing (no ls_*_NN_* test found) 0

Approved loss-scenarios.yaml entries are expected to have a
regression test named ls_<letter>_<num>_* (e.g. LS-A-11
ls_a_11_*). The gate runs each prefix via cargo test --lib --no-fail-fast and aggregates pass/fail/missing.

Failed LS entries

(none)

Missing regression tests

(none)

Updated automatically by tools/post_verification_comment.py.
Source of truth: safety/stpa/loss-scenarios.yaml.

@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

Mythos delta-pass (auto)

NO FINDINGS across 1 Tier-5 file(s)

File Verdict Hypothesis
`` ✅ NO FINDINGS

Auto-run via anthropics/claude-code-action@v1
(SHA-pinned) on the touched Tier-5 files, using the
maintainer's Max-plan OAuth token. See
.github/workflows/mythos-auto.yml and
scripts/mythos/discover.md.

avrabe and others added 3 commits June 26, 2026 06:09
…314)

Mythos delta-pass finding on the new SCPV v3 decoder: `from_bytes` read the
entry count as a bare untrusted wire u32 and called `Vec::with_capacity(count)`
unbounded — a crafted `component-provenance` section with count=u32::MAX forces
a ~190 GiB allocation that aborts the process on memory-constrained hosts
(containers/CI cgroups). Fix: cap the pre-allocation at the maximum entries the
remaining bytes could hold (min entry = 13 bytes); the loop's bounded `take`
still errors cleanly on genuine truncation. Regression PoC:
from_bytes_huge_count_does_not_overallocate (count=u32::MAX + no entry bytes →
Err, not OOM). 10 provenance tests green, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…#314)

Second Mythos delta-pass finding: `is_host_import_namespace` used
`starts_with("wasi")`, an over-broad prefix classifying a cross-component
namespace like `wasi_auth_component` as host — so `fused_is_closed_world`
returned true even when a real inter-component import edge survived, OVER-
ASSERTING the `closed_world` premise (unsound; scry relies on it). Fix: precise
host matching — exact `wasi_snapshot_preview1`/`wasi_unstable`/`env` + reserved
`wasi:` and `pulseengine:async` prefixes; else non-host ⇒ closed_world stays
conservatively false. Regression: a `wasi`-prefixed component namespace is
non-host; `wasi:io/streams` stays host. 10 provenance tests green, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…hos #314)

Third Mythos finding flagged `env` as another non-spec-reserved host
namespace; the deeper issue is that ANY host allowlist is an over-assertion
risk for a soundness premise (no namespace string is spec-guaranteed host).
Stop patching the allowlist and make closed_world provably sound: true iff the
fused module has zero imports (a tautology — no imports ⇒ no import edge ⇒ no
inter-component escape — that cannot be over-asserted). Conservative (a module
with host/WASI imports reports false); precise host-aware classification needs
meld's resolution-state and is a follow-up — the SCPV v3 field already carries
it. bounded_memory unchanged. 10 provenance unit tests + the real-fusion golden
assertion (closed_world == zero-imports) green, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added the mythos-pass-done Mythos delta-pass completed on Tier-5 file changes; findings (or NO FINDINGS) attached to PR label Jun 26, 2026
@avrabe avrabe merged commit 028c9da into main Jun 26, 2026
17 checks passed
@avrabe avrabe deleted the feat/313-fusion-premises branch June 26, 2026 19:38
avrabe added a commit that referenced this pull request Jun 26, 2026
…315) (#316)

Downstream-boundary release. Bundles:
- #313 inc 1 (#314): SCPV v3 fusion premises (bounded_memory, closed_world)
  for scry; meld↔scry component-provenance boundary live end-to-end
  (scry v2.0.0 consumer, scry#63).
- #301 inc 1 (#315): explicit pulseengine:embedder passthrough recognition
  for the gale#89 single-address-space MCU lowering (LS-R-17).

Readiness audit green: rivet validate PASS, full meld-core suite passes,
pre-release Mythos delta-pass satisfied by PR-time gates (provenance.rs +
resolver.rs NO FINDINGS, mythos-pass-done; closed_world hardened through 3
findings). Carried gap disclosed in CHANGELOG: fuse --output component still
rejects embedder passthrough (#301 inc 2, fixture-gated).

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

mythos-pass-done Mythos delta-pass completed on Tier-5 file changes; findings (or NO FINDINGS) attached to PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant