chore: port the ABI-FFI gate from Python to Julia (RSR-H4: no Python)#174
Merged
Conversation
`scripts/abi-ffi-gate.py` was the repo's last Python file, which the
estate-wide `governance / Language / package anti-pattern policy` check
flags (RSR-H4 bans Python — Julia for scripts/data, Rust for systems).
This replaces it with a faithful Julia port and removes the .py, so the
governance gate goes green without weakening the ABI↔FFI conformance check.
- `scripts/abi-ffi-gate.jl` — 1:1 translation (Julia PCRE maps onto Python
`re`): same three checks (unrendered `{{...}}` tokens, every `%foreign
"C:<name>"` ABI symbol is `export fn`-ed in Zig, and `resultToInt` ↔ Zig
`Result enum` agree on names+values), same messages, same exit codes.
- `.github/workflows/abi-ffi-gate.yml` — the conformance job installs the
pinned Julia 1.11.5 release tarball (mirroring the adjacent zig-build job's
pinned-tarball pattern) and runs the .jl.
Verified locally with julia 1.11.5: on this tree the OK output is
byte-identical to the Python (`24 ABI functions exported, 8 result codes
match`), and three adversarial drifts (a changed result-code value, a missing
export, an injected `{{...}}` token) each fail with exit 1 — the gate is
behaviour-equivalent and non-vacuous.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01JdqVWGSSv36Ph8ZWvizGMp
10 tasks
hyperpolymath
added a commit
that referenced
this pull request
Jun 27, 2026
## Summary Follow-up to **#174**. That PR's `Install Julia` step pointed `$GITHUB_PATH` at `/tmp/julia-1.11.5-linux-x86_64/bin`, but the official Julia tarball extracts to `julia-1.11.5/`. The path never existed, so the `ABI ↔ FFI structural conformance` gate silently ran on the runner's **pre-installed** Julia and the 1.11.5 pin was a no-op — green today, but wasteful (a ~150 MB download that's never used) and not reproducible (it would break if the runner image ever drops Julia). ## Changes - **`.github/workflows/abi-ffi-gate.yml`** - `$GITHUB_PATH` → `/tmp/julia-1.11.5/bin` (the actual extracted directory), so the pinned Julia is the one on `PATH`. - `julia --version` echoed in the gate step, so the CI log shows the pin is in effect (and any future regression is visible). ## RSR Quality Checklist ### Required - [x] Tests pass — gate behaviour unchanged (verified against the same tree under julia 1.11.5: `OK — 24 ABI functions exported, 8 result codes match`) - [x] Code is formatted — YAML validated locally - [x] Linter is clean - [x] No banned language patterns - [x] No `unsafe` blocks — n/a - [x] No banned functions - [x] SPDX header unchanged - [x] No secrets, credentials, or `.env` files ### As Applicable - [x] ABI/FFI gate behaviour preserved (this only fixes *which* Julia runs it) - [ ] State files / CHANGELOG — no change ## Testing The extracted directory name was confirmed directly: `tar -tzf julia-1.11.5-linux-x86_64.tar.gz | head -1` → `julia-1.11.5/`, and `/tmp/julia-1.11.5/bin/julia` is the real binary. The gate itself is unchanged from #174 and still reports `ABI-FFI GATE: OK (verisimiser) — 24 ABI functions exported, 8 result codes match`. ## Screenshots n/a (workflow only) --- 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- _Generated by [Claude Code](https://claude.ai/code/session_01JdqVWGSSv36Ph8ZWvizGMp)_ Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Clears the one pre-existing red on the estate's
governance / Language / package anti-pattern policycheck.scripts/abi-ffi-gate.pywas the repo's last Python file (RSR-H4 bans Python — Julia for scripts/data, Rust for systems), and the whole-tree scanner flags it. Rather than suppress the scanner, this ports the gate to Julia and removes the.py, so the check goes green and the ABI↔FFI conformance gate keeps doing its job.(Follow-up to #173 — this is the cleanup of the lone pre-existing failure carried on #172/#173.)
Changes
scripts/abi-ffi-gate.jl(new) — a 1:1 Julia port of the former Python gate (Julia PCRE maps directly onto Pythonre). Same three checks, same messages, same exit codes:{{...}}template tokens;%foreign "C:<name>"symbol in the ABI.idrsources isexport fn-ed by the Zig FFI;resultToIntmap and the ZigResult = enum(c_int)agree on names and values (Error/errunified)..github/workflows/abi-ffi-gate.yml— theABI ↔ FFI structural conformancejob now installs the pinned Julia 1.11.5 release tarball (mirroring the adjacentzig-buildjob's pinned-tarball pattern) and runsjulia scripts/abi-ffi-gate.jl.scripts/abi-ffi-gate.py(removed) — the last Python file in the repo.RSR Quality Checklist
Required
cargo/Zig/Idris surfaces untouchedunsafeblocks without// SAFETY:— n/aabi-ffi-gate.jl(MPL-2.0).envfilesAs Applicable
Testing
Verified locally with julia 1.11.5 against this tree:
Adversarial (the gate must fail on drift) — each returns exit 1 with the right diagnosis:
null_pointer = 4→9in the Zig enumexport fn{{PROJECT_NAME}}token to the ZigSo the port is behaviour-equivalent and non-vacuous.
Screenshots
n/a (script + workflow)
🤖 Generated with Claude Code
Generated by Claude Code