Skip to content

feat(ffi): Zig FFI consumer demo + CI lane (#6)#13

Merged
hyperpolymath merged 2 commits into
mainfrom
chore/vdd6-zig-ffi-consumer
May 18, 2026
Merged

feat(ffi): Zig FFI consumer demo + CI lane (#6)#13
hyperpolymath merged 2 commits into
mainfrom
chore/vdd6-zig-ffi-consumer

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 17, 2026

Resolves #6 (V-L3-N1) — add a Zig FFI consumer demo + CI lane.

The ffi/zig tree was an un-buildable {{PROJECT}} skeleton (pre-0.14 addSharedLibrary API, references to nonexistent include/{{project}}.h / bench/bench.zig, an opaque Handle with fields, callconv(.C), and a {{project}} integration-test stub). This de-templates it and proves the contract end-to-end.

Changes

  • build.zig — ported to the Zig 0.15.x module API (b.addLibrary / b.createModule), link_libc (the FFI uses std.heap.c_allocator), dropped the dead header/bench/docs/integration steps, added test / consumer / check steps.
  • src/main.zig — added OctadDimension + ProvenanceEntry extern structs and verisimdb_data_{octad,provenance}_{encode,decode} with a lossless wire format; fixed the two latent template bugs that blocked any build (Handle opaque→struct, callconv(.C).c); +5 round-trip/negative unit tests.
  • test/octad_consumer.zig — NEW standalone executable that linkLibrary()s the FFI and round-trips both structs across the boundary (incl. a short-buffer negative path), non-zero exit on mismatch. Replaces the uncompilable test/integration_test.zig stub.
  • .github/workflows/zig-ffi.yml — CI lane; Zig pinned by tarball sha256 (no third-party action → Scorecard pinned-deps clean) running zig build check.
  • .gitignore — ignore ffi/zig/.zig-cache/ + zig-out/.

Acceptance

  • Consumer in ffi/zig/test/ (octad_consumer.zig, links the library)
  • CI lane runs it (zig-ffi.ymlzig build check)

Local verification

$ zig build check
... 7/7 tests passed
PASS: verisimdb-data FFI v0.1.0 — OctadDimension + ProvenanceEntry round-trip OK

🤖 Generated with Claude Code

hyperpolymath and others added 2 commits May 17, 2026 06:35
@hyperpolymath @claude
feat(ffi): Zig FFI consumer demo + CI lane (#6)
b8701e2 
De-templates ffi/zig from the {{PROJECT}} skeleton and proves the C-ABI
contract with a linking consumer.

- build.zig: ported to the Zig 0.15.x module API (b.addLibrary /
  b.createModule), dropped the dead header/bench/docs/integration steps
  that referenced nonexistent files, link_libc (the FFI uses
  std.heap.c_allocator), and added `test` / `consumer` / `check` steps.
- src/main.zig: added the OctadDimension + ProvenanceEntry extern
  structs and verisimdb_data_{octad,provenance}_{encode,decode} with a
  lossless wire format. Fixed two latent template bugs that blocked any
  build: `Handle` was `opaque` *with fields* (now a struct; still
  opaque to C behind ?*Handle), and `callconv(.C)` → `callconv(.c)`
  (0.15 rename). Added 5 round-trip/negative unit tests.
- test/octad_consumer.zig: NEW standalone executable that
  linkLibrary()s the FFI and round-trips both structs across the
  boundary (incl. a short-buffer negative path); exits non-zero on any
  mismatch. Replaces test/integration_test.zig, which was an
  uncompilable {{project}} template stub.
- .github/workflows/zig-ffi.yml: CI lane; Zig pinned by tarball
  sha256 (no third-party action — Scorecard pinned-deps clean) running
  `zig build check`.

Local: `zig build check` → 7/7 unit tests pass; consumer prints
"PASS: verisimdb-data FFI v0.1.0 — OctadDimension + ProvenanceEntry
round-trip OK".

Closes #6.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@hyperpolymath
Merge branch 'main' into chore/vdd6-zig-ffi-consumer
a8f4a35
@hyperpolymath hyperpolymath merged commit 98be0a8 into main May 18, 2026
12 of 13 checks passed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 18, 2026

🔍 Hypatia Security Scan

Findings: 12 issues detected

Severity Count
🔴 Critical 0
🟠 High 5
🟡 Medium 7
View findings 
[
  {
    "reason": "No test directory or test files found",
    "type": "no_tests",
    "file": "/home/runner/work/verisimdb-data/verisimdb-data",
    "action": "flag",
    "rule_module": "honest_completion",
    "severity": "high",
    "deduction": 20
  },
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "codeql.yml lists `language: javascript-typescript` but the repo has no source files in any CodeQL-scannable language. The analyze job will exit 'no source files' on every run. Switch the matrix to `actions` (which scans workflow files — every repo has those).",
    "type": "codeql_language_matrix_mismatch",
    "file": "codeql.yml",
    "action": "switch_codeql_matrix_to_actions",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Download-and-execute pattern (curl|wget pipe to shell) -- verify integrity before execution (3 occurrences, CWE-494)",
    "type": "shell_download_then_run",
    "file": "/home/runner/work/verisimdb-data/verisimdb-data/setup.sh",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "Nominal-only SAST in verisimdb-data: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
    "type": "StaticAnalysis",
    "file": "/home/runner/work/verisimdb-data/verisimdb-data",
    "action": "auto_fix",
    "rule_module": "scorecard",
    "severity": "medium",
    "remediation": "Add CodeQL or equivalent SAST workflow.",
    "scorecard_check": "SAST"
  },
  {
    "reason": "Repository has 4 non-main remote branch(es). Policy: single main branch only.",
    "type": "GS007",
    "file": ".",
    "action": "delete_remote_branches",
    "rule_module": "git_state",
    "severity": "medium"
  },
  {
    "reason": "References STATE.scm -- should be .machine_readable/6a2/STATE.a2ml",
    "type": "SD007",
    "file": "0-AI-MANIFEST.a2ml",
    "action": "update_reference",
    "rule_module": "structural_drift",
    "severity": "medium"
  },
  {
    "reason": "References META.scm -- should be .machine_readable/6a2/META.a2ml",
    "type": "SD007",
    "file": "0-AI-MANIFEST.a2ml",
    "action": "update_reference",
    "rule_module": "structural_drift",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

V-L3-N1: add a Zig FFI consumer demo + CI lane

1 participant

@hyperpolymath