chore: wasmvm dynamic modules & libc support#16
Merged
NathanFlurry merged 4 commits intomainfrom Mar 21, 2026
Merged
Conversation
Member
NathanFlurry
commented
Mar 20, 2026
NathanFlurry
commented
- feat: US-001 - CommandRegistry path-based resolution and dynamic registration
- chore: update progress for US-001
- feat: US-002 - On-demand command discovery in kernel
- chore: update progress for US-002
- feat: US-003 - Extract grep library with argv[0] dispatch and create binary crates
- chore: update progress for US-003
- feat: US-004 - Create shell (sh) standalone binary crate
- chore: update progress for US-004
- feat: US-005 - Extract and create text/data processing binary crates
- chore: update progress for US-005
- feat: US-006 - Extract and create file utility binary crates
- chore: update progress for US-006
- feat: US-007 - Extract and create compression binary crates
- chore: update progress for US-007
- feat: US-008 - Create uutils coreutils binary crates - batch 1
- chore: update progress for US-008
- feat: US-009 - Create uutils coreutils binary crates - batch 2
- chore: update progress for US-009
- feat: US-010 - Create builtins, shims, and _stubs multicall binary crates
- chore: update progress for US-010
- feat: US-011 - Build system - cargo-secureexec wrapper, Makefile, and symlinks
- chore: update progress for US-011
- feat: US-012 - ModuleCache with concurrent-compile deduplication
- chore: update progress for US-012
- feat: US-013 - Refactor WasmVmRuntimeDriver for commandDirs and filesystem scan
- chore: update progress for US-013
- feat: US-014 - Worker pre-compiled module transfer via workerData
- chore: update progress for US-014
- feat: US-015 - JS driver integration tests for dynamic module loading
- chore: update progress for US-015
- feat: US-016 - BrowserWasmVmRuntimeDriver with command manifest
- chore: update progress for US-016
- feat: US-017 - Browser caching - Cache API and preload
- chore: update progress for US-017
- feat: US-018 - Per-command permission tiers - type definitions and filesystem enforcement
- chore: update progress for US-018
- feat: US-019 - Per-command permission tiers - process enforcement and wildcard config
- chore: update progress for US-019
- feat: US-020 - Delete multicall crate and final cleanup
- chore: update progress for US-020
- feat: US-021 - C build system - wasi-sdk download and Makefile
- chore: update progress for US-021
- chore: update progress for US-021
- feat: US-022 - Tier 1 C test fixtures - basic I/O (hello, args, env, exitcode, cat)
- chore: update progress for US-022
- feat: US-023 - Tier 1 C test fixtures - data processing (wc, fread, fwrite, sort, sha256)
- chore: update progress for US-023
- feat: US-024 - C test harness - native vs WASM parity testing
- feat: US-025 - patch-wasi-libc.sh script and wasi-libc vendoring
- feat: US-026 - wasi-libc patches - pipe, dup, dup2
- feat: US-027 - wasi-libc patches - spawn, wait, kill, getpid
- feat: US-028 - wasi-libc patches - user identity and isatty
- feat: US-029 - Tier 2 C test fixtures - custom imports (isatty, getpid, userinfo, pipe, dup, sleep)
- feat: US-030 - Tier 3 C test fixtures - custom imports (spawn, pipeline, kill)
- feat: US-031 - Tier 4 C test fixtures - custom imports (c-ls, c-tree, c-find, c-cp)
- feat: US-032 - Tier 5 C test fixture - cJSON (json_parse)
- feat: US-033 - Tier 5 C test fixture - SQLite (sqlite3_mem)
- feat: US-034 - CI integration for C toolchain
- feat: US-035 - Comprehensive node binary integration test suite
- feat: US-036 - Fix Ctrl+C at shell prompt not resetting the input line
- feat: US-037 - Fix fdPwrite permission bypass and gate proc_kill, fd_pipe, fd_dup by tier
- feat: US-038 - Implement proc_getppid and fd_dup2 host imports in kernel-worker and driver
- feat: US-039 - Gate isolated-tier VFS operations and add integration tests
- feat: US-040 - Move FDTable out of test path and fix module compile error handling
- feat: US-041 - Fix isPathInCwd symlink escape and validate unknown tier strings
- feat: US-042 - Fix vfsReadFile SAB overflow guard and lstat fallthrough
- feat: US-043 - Fix posix_spawn file_actions and waitpid return value
- feat: US-044 - C parity test improvements - stderr, sleep_test tier, getpid assertions
- feat: US-045 - C syscall coverage integration test
- feat: US-046 - Fix spawn RPC data race in driver.ts
- feat: US-047 - Fix poll_oneoff clock subscription sleep behavior
- feat: US-048 - Update CLAUDE.md with WasmVM syscall coverage policy
… ralph/wasmvm-dynamic-modules) Full WasmVM runtime with POSIX-compliant process model, VFS, PTY, signals, pipes, FD table, and shell integration. Includes 98 user stories covering: - WasmVM Rust workspace migration and monorepo integration - Kernel process table, FD table, and VFS implementation - WASI host imports (host_process, host_user, host_net) - C toolchain with wasi-libc patches for process spawning - Interactive shell (brush-shell) with PTY support - Dynamic module loading and permission tiers - Network proxy and HTTP client via host_net - Codex CLI stub binaries (to be replaced with real fork) - C parity test suite for syscall coverage - Documentation and compatibility tracking Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
NathanFlurry
force-pushed
the
ralph/wasmvm-dynamic-modules
branch
from
dae1c57 to
287fa75
Compare
…pecheck errors - Add UpgradeSocketWriteRawBridgeRef, UpgradeSocketEndRawBridgeRef, UpgradeSocketDestroyRawBridgeRef to bridge-contract.ts (were imported in index.ts but never defined) - Fix V8 postinstall to use postinstall.cjs (package.json has type:module so postinstall.js with require() fails) - Add type annotations to execution-driver.ts callback params Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stories cover: - US-110: Kernel PTY flaky test - US-111: Node RuntimeDriver test failures (11/25) - US-112: V8 crash isolation test timeouts - US-113: Crossterm vendor patch auto-apply - US-114: C parity WASM exit code 17 - US-115: secure-exec test suite cascade fix Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
secure-exec
@secure-exec/browser
@secure-exec/core
@secure-exec/node
@secure-exec/python
@secure-exec/typescript
@secure-exec/v8
commit: |
- Delete 477K lines of vendored C source (sqlite3, zlib, minizip, cJSON, libcurl) - Delete Ralph's clean-room git.c (2925 lines) and make.c (1864 lines) which violated Tool Integration Policy - Delete git.test.ts, git-remote.test.ts, make.test.ts (tests for fake impls) - Push modified libcurl (with WASI patches) to rivet-dev/secure-exec-curl - Add fetch-libs Makefile target to download libs at build time: - sqlite3 from sqlite.org - zlib from GitHub - cJSON from GitHub - libcurl from rivet-dev/secure-exec-curl - Add C Library Vendoring Policy to CLAUDE.md - Mark git/make stories (US-083–085, US-090–095) as passes:false in prd.json - libs/ and .cache/ added to .gitignore Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.