feat(rsr-certifier): BoJ-first 3-tier compliance in the VS Code extension#123
Merged
Conversation
…sion
Rewires the AffineScript VS Code extension from CLI-only (with honest
placeholders) to a real three-tier compliance resolver, and brings the
vendored runtime adapter up to the current compiler contract.
Tiers (BoJ-first per estate policy — boj-server is the canonical
provider for tooling surfaces; standalone rsr LSP/CLI are fallbacks):
1. PRIMARY — BoJ `reposystem-mcp` cartridge tool
`reposystem_run_audit`, via in-process JSON POST to boj-server
(`httpPostJson`, affinescript#210). Endpoint/repo configurable
(`rsr.bojEndpoint`, `rsr.repoName`); default
`http://127.0.0.1:7700/cartridge/reposystem-mcp/invoke`.
2. FALLBACK — standalone rsr LSP via
`languageClientSendRequest "workspace/executeCommand"` command
`rsr.checkCompliance` (the method the server actually answers),
settled with the #205 thenable primitives (#199 closure callback
+ thenableResultJson), fields read via `jsonField`
(affinescript#211).
3. LAST RESORT — `rsr` CLI in a terminal (always-reachable floor;
never worse than the previous CLI-only behaviour).
Each tier observes its result asynchronously and cascades on
error/empty/unusable payload. Kills all four dishonest placeholders:
top-of-file note rewritten, webview now renders the real payload (or a
neutral prompt), status bar shows the live tier, badge no longer fakes
a hardcoded "silver". Command registration migrated to the #199
function-value ABI.
affine-vscode-adapter.cjs is now vendored byte-for-byte from
affinescript `packages/affine-vscode/mod.js` (MIT header to match this
subtree) — the contract-matched runtime with the post-#199
closure-pointer + #205 + #210 + #211 conventions. The previous hand-port
predated #199 (stale wrapHandler, no async surface); verified strict
superset (zero externs lost, 4 gained), so no regression to any
existing binding.
README: the LSP Methods table documented custom `rsr/*` requests the
server never implemented — corrected to the real
`workspace/executeCommand` commands + diagnostics it actually answers.
Not wired: withProgress (withProgressNotification declared in stdlib
but no wasm/Node runtime impl yet — calling it would fault; tracked
follow-up, does not affect tier correctness).
Verification: compiles clean (resolve/typecheck/borrow/codegen) with
the affinescript main compiler incl. #210/#211; out/extension.cjs
regenerated; adapter confirmed to bind every imported extern; index.cjs
wiring unchanged. Runtime behaviour in a live VS Code host is not
exercised here (no host available) — the CLI tier guarantees the
extension is never worse than before.
Refs hyperpolymath/affinescript#103 hyperpolymath/affinescript#199 hyperpolymath/affinescript#205
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
to hyperpolymath/affinescript
that referenced
this pull request
May 18, 2026
…er (#213) stdlib/Vscode.affine:307 declares `withProgressNotification(title, work: fn(Unit) -> Thenable) -> Thenable / Async`, but packages/affine-vscode/mod.js had no runtime impl — calling it from the wasm/Node backend faulted (undefined extern). Surfaced by the first #205 consumer (rsr-certifier extension rewire, standards#123), which had to omit progress UI and document the gap. Adds the impl following the established async-extern convention exactly: - `work` is the #199 closure (`fn(Unit) -> Thenable`); invoking it via wrapHandler returns the guest's Thenable *handle*, resolved through the shared handle table. - The overall progress Thenable is `reg`-ed so the guest observes completion with thenableThen / thenableResultJson, identical to httpPostJson (#210). - Failures settle as `{ __error }` — the same reject shape thenableThen / httpPostJson use, so guests branch to a fallback uniformly. - Graceful degradation: if the host has no `withProgress` (non-VS Code / test runner), the work still runs; only the progress chrome is skipped (mirrors httpPostJson's fetch-unavailable stance). Pure adapter addition — no stdlib/compiler change (the extern was already declared). Node syntax-checked; full dune gate green (257/257), zero regression. Closes #212 Refs #199 #205 #210 #211 ; consumer hyperpolymath/standards#123 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 101 issues detected
View findings[
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance-reusable.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml-templates/state-scm-to-v2.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/a2ml/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/lol/test/vitest.config.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/standards/standards/k9-svc/bindings/deno/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/standards/standards/lol/src/abi/Locale.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "Wildcard CORS -- restrict to specific origins or use env var (1 occurrences, CWE-942)",
"type": "js_wildcard_cors",
"file": "/home/runner/work/standards/standards/consent-aware-http/examples/reference-implementations/deno/aibdp_middleware.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rewires the AffineScript VS Code extension from CLI-only (honest placeholders) to a real three-tier compliance resolver, and brings the vendored runtime adapter up to the current compiler contract.
Tiers (BoJ-first — boj-server is the canonical provider for tooling surfaces; standalone rsr LSP/CLI are fallbacks):
reposystem-mcptoolreposystem_run_auditvia in-process JSON POST to boj-server (httpPostJson, affinescript#210). Configurablersr.bojEndpoint/rsr.repoName; defaulthttp://127.0.0.1:7700/cartridge/reposystem-mcp/invoke.languageClientSendRequest "workspace/executeCommand"cmdrsr.checkCompliance(the method the server actually answers), settled with the #205 thenable primitives (#199 closure callback +thenableResultJson), fields read viajsonField(affinescript#211).rsrCLI (always-reachable floor; never worse than before).Cascades on error/empty/unusable payload. Kills all four dishonest placeholders (top note, webview, status-bar tier, faked-silver badge). Command registration migrated to the #199 function-value ABI.
affine-vscode-adapter.cjsis now vendored byte-for-byte from affinescriptpackages/affine-vscode/mod.js(MIT header to match this subtree) — the contract-matched runtime (post-#199 closure-pointer + #205 + #210 + #211). The prior hand-port predated #199 (stalewrapHandler, no async surface); verified strict superset — zero externs lost, 4 gained, so no regression.README: corrected the LSP Methods table — it documented custom
rsr/*requests the server never implemented; now lists the realworkspace/executeCommandcommands + diagnostics.Not wired:
withProgress—withProgressNotificationis declared in stdlib but has no wasm/Node runtime impl yet (calling it would fault); tracked follow-up, does not affect tier correctness.Verification: compiles clean (resolve/typecheck/borrow/codegen) with the affinescript main compiler incl. #210/#211;
out/extension.cjsregenerated; adapter confirmed to bind every imported extern;index.cjswiring unchanged. Live-VS-Code-host runtime behaviour is not exercised here (no host available) — the CLI tier guarantees the extension is never worse than before.This is the PR-5d-B pilot: the first real consumer of #205, which surfaced three genuine ABI gaps now resolved at source (httpPostJson #210, jsonField #211, withProgressNotification impl tracked).
Refs hyperpolymath/affinescript#103 hyperpolymath/affinescript#199 hyperpolymath/affinescript#205
🤖 Generated with Claude Code