migration: 6 integer-brain kernels (wave 2) from string-gated idaptik modules#585
Merged
Conversation
… modules Each a four-gate deliverable (G1 compile, G2 independent-oracle parity, G4 assail-clean), all re-verified by the parent (not just self-reported): - DLCLoader (46/46): tier 0..4 band fold + absent/explicit flag selects; completes the pre-existing DLCLoaderCoprocessorBridge.js contract. - CharacterSelectScreen (161/161): card-desc truncation over the length Int (string stays host-side) + integer card-grid placement. - StateDiff (108/108): per-variable change/mismatch classification; option<int> lowered to a (present,value) i32 pair. - InstructionParser (297/297): opcode->operand-arity validation over the canonical VmInstruction 0..22 band (text parse stays host-side). - Coprocessor_Compute (4839/4839): gcd/mod_nonneg/is_prime/fib/pow_clamped + signal/thermal/cablesag/power scalar kernels (is_prime via d*d<=n; pow saturating at 2^30-1). - Coprocessor_Security (1533/1533): the Numerical-Recipes LCG generator spine + XOR-fold/checksum bit-arithmetic (Math.imul/|0 i32 oracle). NO_NEW_BRAINS this wave: GossamerFs (%raw IPC senses), KernelMonitor (already in the uirenderlogic coprocessor), SafeJson (pure JSON-text parsing). Re-decomposition kept all strings/floats/async host-side; no string subscript / string == in any brain. https://claude.ai/code/session_01WoKhFQePiRsAj7aqnxbG8s
The companion-AI behaviour brain from Moletaire.res (1317 LOC) + its MoletaireCoprocessors/MoletaireHunger helpers: 60 pure-Int exports — the 11-state machine + transitions, equipment/level/behaviour taxonomies as closed integer bands, the 5 coprocessor effect ladders, order gates, carry capacity, item-eat roll, and the hunger system (classifier, rate, gravity-pull, colour/display bands, objective-risk predicates). G2 2027/2027, G4 clean. ABI note recorded by the agent (useful for future brains): AffineScript Int is i32 in the wasm ABI, so the two float-derived kernels were rescaled to keep every intermediate under 2^31 (fold /1000 after each milli-factor; gravity pull takes plain px^2 not milli-px^2), verified bit-identical to BigInt references before wiring the oracles. NO_NEW_BRAINS: MoletaireMusic (Web-Audio synthesis sense — float note-frequency arrays + %raw AudioContext, only a bare mod(step,16)). https://claude.ai/code/session_01WoKhFQePiRsAj7aqnxbG8s
🔍 Hypatia Security ScanFindings: 40 issues detected
View findings[
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in scorecard-enforcer.yml",
"type": "scorecard_publish_with_run_step",
"file": "scorecard-enforcer.yml",
"action": "split_scorecard_publish_job",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affinescript-cli/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (2 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affine-vscode/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/affinescript-vite/src/affine-plugin-improved.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "expect() in hot path (32 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/wasm_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "expect() in hot path (29 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/affine_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (2 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/panic.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/alloc.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migration wave 2 — 6 integer-brain kernels from string-gated idaptik modules
Continues the integer-brain extraction (the C1–C12 pattern: pure-integer decision logic crosses to
.affine/wasm; strings/floats/async stay host-side as "senses"). Each kernel is a four-gate deliverable — G1 compile, G2 independent-oracle differential parity, G4 assail-clean — and every one was re-verified by me, not just self-reported by the agent that wrote it:All assail-clean (0 findings). Re-decompositions, not transliterations — e.g. CharacterSelectScreen sees only the length Int (the string stays host-side), InstructionParser reuses the canonical
VmInstruction0..22 opcode band (text parse host-side), Coprocessor_Security's LCG models i32 wraparound withMath.imul/|0in its independent oracle.NO_NEW_BRAINSthis wave (honest non-results): GossamerFs (%rawIPC senses), KernelMonitor (already covered by theuirenderlogiccross-cutting coprocessor), SafeJson (pure JSON-text parsing — no integer core).A 7th kernel (Moletaire) is still extracting and will be added to this branch when verified.
https://claude.ai/code/session_01WoKhFQePiRsAj7aqnxbG8s
Generated by Claude Code