chore(roadmap): release plan v0.22 → v0.31 + SR-34/SR-35 trace sync#221
Merged
Conversation
Rewrites docs/roadmap.md (stale at v0.8→v0.11; all four shipped) with the ten-release plan walking the DWARF umbrella (#143 closeout, #144, #208), separate-input linking (#212.1), P3-async closeout (#94/#141), formal-soundness inc 1 (#218), and a final traceability audit to completion. GitHub milestones v0.22.0–v0.31.0 created as the mirror (rivet artifacts remain the source of truth); stale v0.8–v0.11 milestones closed; open issues assigned. Status sync (honest-state corrections, no code change): - SR-34 (static stream validation, #142) planned → implemented — the chain shipped v0.12.0–v0.21.0. The originally-planned Kani harness for cycle detection was NOT produced; recorded as a proof gap carried to the v0.31.0 audit rather than silently dropped. - SR-35 traceability entry filled with real implementation/test anchors (dwarf.rs, not the originally-planned dwarf_remap.rs); `verified` stays gated on the v0.25.0 cross-repo witness run. Co-Authored-By: Claude Opus 4.8 <[email protected]>
LS-N verification gate
Approved Failed LS entries(none) Missing regression tests
Updated automatically by |
Clean-room audit of #141's five deliverables (2026-06-10, full report on the issue): only the DETECTION half (StreamPairGraph, resolver-built, four ADR-3 detection fixtures) shipped in v0.9.0. The in-module stream adapter emitter that SR-33's text actually demands — same-memory ring buffer, cross-memory read→copy→write chain — is zero code; fused stream traffic still round-trips through pulseengine:async host imports, and the runtime fixtures named in the verification description exist only as ABI-enum unit tests. The `implemented` flip came from PR #211's bulk status sync taking the milestone label at face value. SR-33: implemented → planned, milestone v0.9.0 → v0.29.0, verification description rewritten to record exactly what exists vs what's missing. traceability.yaml gains the detection-half linkage with the same note. roadmap v0.29.0 reframed from "audit" to "build" release. Co-Authored-By: Claude Opus 4.8 <[email protected]>
avrabe
added a commit
that referenced
this pull request
Jun 10, 2026
Test, Clippy, and Format are now REQUIRED status checks on main (branch protection hardened 2026-06-10 after the campaign-invariants audit found required_status_checks empty). ci.yml deliberately paths-ignores docs/safety-only changes to reduce smithy fleet draw — so a docs-only PR never reports those contexts and can never merge (observed live on #221: all checks green, BLOCKED forever). Standard companion-workflow pattern: this stub triggers on exactly the paths ci.yml ignores and reports the same three contexts as instant successes from GitHub-hosted runners. Different workflow name + concurrency group than ci.yml so a mixed PR can't have the stub cancel a real CI run. Co-authored-by: Claude Opus 4.8 <[email protected]>
avrabe
added a commit
that referenced
this pull request
Jun 11, 2026
…239) * feat(dwarf): StreamBridge synthetic kind + adapter line 10 (#141) SyntheticKind::StreamBridge tags the stream-bridge dispatch shims the #141 emitter appends to merged.functions, mirroring AdapterShim / TaskReturnShim. AdapterRole::StreamBridge maps it to <meld-adapter> line 10 (next free line; adapter_lines_are_distinct_and_nonzero pins the contract witness consumes). Co-Authored-By: Claude Opus 4.8 <[email protected]> * feat(p3-bridge): cross-component stream-bridge emitter (#141, SR-33) The headline #141 deliverable: when the resolver's StreamPairGraph is non-empty, the fuse pipeline (new step 2.6) emits the shim-dispatch bridge designed in the issue's v0.29.0 design comment: - one bridge memory (8 slots x 4096-byte power-of-two rings; 1 header page + 1 ring page, fixed 2 pages, compile-time layout asserts), - per-component shims for stream_new/read/write/drop_readable/ drop_writable with the component's merged memory index hardwired as an immediate (same-memory fusion = identical codegen, immediates 0), - bit-31 LOCAL_TAG handle dispatch: tagged -> ring ops, untagged -> the retained pulseengine:async host import (foreign fallback); slot exhaustion falls back to host stream_new, never errors, - ADR-2 contract preserved: write returns accepted count (0 = backpressure), read returns bytes (0 = EOF only after writer drop AND drain, -5 Pending while open+empty); u32 wrapping monotonic cursors, two-part wrapping memory.copy on both sides, - call sites rewired via function_index_map + body re-extraction (the wire_adapter_indices mechanism). Placement deviation from the prompt-level plan, recorded in the module docs: the emitter runs BEFORE adapter generation/wiring because adapters are encoded after merged.functions - appending shims after wire_adapter_indices had baked functions.len()-derived adapter indices into call sites would shift every adapter call off-target. ADR-3 amendment recorded: 'zero-copy same-memory ring' drops to 'no host crossing, single copy' (the ABI's caller-buffer contract requires the copy; fusion removes the double host round-trip). Co-Authored-By: Claude Opus 4.8 <[email protected]> * test(p3-bridge): four runtime oracles + host-fallback fixture (#141) Fuses two hand-built components through the REAL pipeline (no test-only entry point) and executes the fused core module under wasmtime with pulseengine:async host stubs that TRAP on any bit-31-tagged handle — proving bridged streams never cross the host: - ls_st_1_round_trip_local_stream_never_crosses_host: [1,2,3,4] producer->consumer via a local stream, zero host calls (LS-ST-1 gate) - cross_memory_chain_preserves_data_across_distinct_memories: 3 memories (producer + consumer + bridge), 300-byte pattern intact - backpressure_partial_write_then_drain_then_resume: write > RING_CAP returns 4096 accepted, 0 on full ring, remainder after drain, two-part ring-wrap copy exercised on write AND read - ls_st_1_eof_only_after_writer_drop_and_drain: -5 Pending while open+empty; drop_writable -> drain -> sticky 0 EOF (LS-ST-1 gate) - slot_exhaustion_falls_back_to_host_stream: 9th stream is host-minted (untagged) and its ops reach the host imports exactly once each Pair-gating construction (documented in the test header): the detector needs CanonicalEntry::StreamWrite/StreamRead plus a resolved_imports connection. Components carry an UNTYPED stream type + canon stream.write/stream.read (untyped avoids the validator's memory-option requirement, which would force instantiating the module in-component and internalise the host imports), and are fusion-connected by the producer exporting its core module as "link" and the consumer importing a core module "link". The sanctioned fallback (driving the emitter with a constructed StreamPairGraph) was NOT needed. Co-Authored-By: Claude Opus 4.8 <[email protected]> * docs(safety): LS-ST-1 bridge mis-route scenario; SR-33 implemented (#141) LS-ST-1 (approved, UCA-A-4, H-1/H-3/H-4): the bridge mis-routes a stream op (local handle to host / foreign handle to ring) or corrupts ring cursors — fix pins the four p3_bridge_runtime oracles plus the host-fallback fixture, mirroring LS-D-3's structure. SR-33 planned -> implemented (milestone v0.29.0), keeping the honest history note: detection shipped v0.9.0 (#173), the emitter was MISSING until v0.29.0 (the earlier 'implemented' status was a bulk-sync error reverted in PR #221). Verification names the four runtime oracles and records the ADR-3 'zero-copy' -> 'no host crossing, single copy' amendment. rivet validate: 175 -> 174 pre-existing errors (this change closes one gap, introduces none). Co-Authored-By: Claude Opus 4.8 <[email protected]> * fix(p3-bridge): harden read/write shims per Mythos suspicions S1/S2 S1: a zero-length read with data available returned 0 — the EOF sentinel — so a status probe could close a live stream. Now returns Pending (-5); 0 stays reserved for writer-dropped-and-drained. S2: a write to a slot whose reader (or writer) end was dropped silently filled the ring and returned the accepted count. Now returns AbiError::Closed per ADR-2 ('subsequent writes return Closed'). Both flagged by the clean-room pass as contract deviations not provable as divergence against the in-repo host stubs (which share the same idealization) — fixed defensively since the production host semantics are the authority. All 5 runtime oracles still pass. Co-Authored-By: Claude Opus 4.8 <[email protected]> --------- Co-authored-by: Claude Opus 4.8 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The standing roadmap (
docs/roadmap.md) was stale at v0.8→v0.11 — all four shipped, and v0.12–v0.21 went out issue-driven without a written plan. This restores the practice with a ten-release plan, v0.22.0 → v0.31.0, in the established format (items / issues / rivet IDs / Mythos surface / done-when per release).--memory auto+ composed-export correctness (PRs #220/#216, merge-blocked only)<meld-adapter>lines (inc 4, Tier-5 merger tagging) — closes #144#[ignore]d) — closes #212GitHub milestones v0.22.0–v0.31.0 created as the mirror (rivet stays the source of truth); stale v0.8–v0.11 milestones closed; open issues assigned to their milestones.
Honest-state corrections (no code change)
planned→implemented— the chain actually shipped across v0.12.0–v0.21.0. The originally-planned Kani harness for cycle detection was never produced; rather than silently dropping that claim, it's recorded as a proof gap carried to the v0.31.0 audit.dwarf.rs, not the originally-planneddwarf_remap.rs);verifiedstays explicitly gated on the v0.25.0 cross-repo witness run — same gate as the Strip→Remap default flip.No Tier-5 files touched (docs + YAML only).
🤖 Generated with Claude Code