-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjustfile
More file actions
180 lines (142 loc) · 5.69 KB
/
Copy pathjustfile
File metadata and controls
180 lines (142 loc) · 5.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# SPDX-License-Identifier: MPL-2.0
# SPDX-FileCopyrightText: 2026 Jonathan D.A. Jewell (hyperpolymath)
#
# justfile — VeriSimDB
# Run with: just <recipe>
set shell := ["bash", "-euo", "pipefail", "-c"]
# Default recipe: show help
default:
@just --list
# ── Build ──────────────────────────────────────────────────────
# Build Rust core (release)
build:
OPENSSL_NO_VENDOR=1 cargo build --release
# Build Rust core (debug)
build-dev:
OPENSSL_NO_VENDOR=1 cargo build
# Build Elixir orchestration layer
build-elixir:
cd elixir-orchestration && mix deps.get && mix compile
# Build everything (Rust + Elixir)
build-all: build build-elixir
# Compile Idris2 ABI definitions
build-abi:
cd src/abi && idris2 --build hypatia-abi.ipkg
# Build Zig FFI bridge
build-ffi:
cd ffi/zig && zig build
# ── Test ───────────────────────────────────────────────────────
# Run Rust tests
test:
OPENSSL_NO_VENDOR=1 cargo test
# Run Elixir tests
test-elixir:
cd elixir-orchestration && mix test
# Run Rust integration tests
test-integration:
OPENSSL_NO_VENDOR=1 cargo test --test integration
# Run all tests (Rust + Elixir)
test-all: test test-elixir
# ── Lint & Format ──────────────────────────────────────────────
# Format all Rust code
fmt:
cargo fmt
# Run clippy lints
lint:
cargo clippy -- -D warnings
# Format Elixir code
fmt-elixir:
cd elixir-orchestration && mix format
# ── Run ────────────────────────────────────────────────────────
# Run verisimdb API server (dev mode)
serve:
RUST_LOG=debug cargo run -p verisim-api
# Run Elixir OTP orchestrator
serve-otp:
cd elixir-orchestration && MIX_ENV=dev mix run --no-halt
# The consonance loop, live: dissonance -> measured drift -> repair -> re-measure
demo-consonance:
scripts/demo-consonance.sh
# VCLTGate admissibility — show admit / reject paths before any query reaches the store
# Requires vclt-gate from vcl-ut; set VCLT_GATE=/path/to/binary or build it first:
# cd vcl-ut/src/interface/parse && cargo build --bin vclt-gate
demo-admissibility:
scripts/demo-admissibility.sh
# ── Container ──────────────────────────────────────────────────
# Build container image with Podman
container-build:
podman build -t verisimdb:latest -f container/Containerfile .
# Run container locally
container-run:
podman run --rm -p 8080:8080 verisimdb:latest
# Build with stapeln layers
stapeln-build:
@if command -v stapeln &>/dev/null; then \
stapeln build --config stapeln.toml --target production; \
else \
echo "stapeln not found — falling back to podman build"; \
just container-build; \
fi
# Deploy full stack with selur
deploy:
@if command -v selur &>/dev/null; then \
selur seal && podman-compose -f selur-compose.yml up -d; \
else \
echo "selur not found — using podman-compose directly"; \
podman-compose -f selur-compose.yml up -d; \
fi
# Stop deployed stack
deploy-stop:
podman-compose -f selur-compose.yml down
# Sign container with cerro-torre
container-sign:
@if command -v cerro-torre &>/dev/null; then \
cerro-torre sign verisimdb:latest --algorithm ML-DSA-87; \
else \
echo "cerro-torre not found — skipping image signing"; \
fi
# ── Security ───────────────────────────────────────────────────
# Run panic-attack static analysis
panic-scan:
@if [ -x "/var/mnt/eclipse/repos/panic-attacker/target/release/panic-attack" ]; then \
/var/mnt/eclipse/repos/panic-attacker/target/release/panic-attack assail . --verbose; \
else \
echo "panic-attack not built — run 'cd /var/mnt/eclipse/repos/panic-attacker && cargo build --release'"; \
fi
# Run hypatia neurosymbolic scan
hypatia-scan:
@if command -v hypatia-v2 &>/dev/null; then \
hypatia-v2 . --severity=critical --severity=high; \
else \
echo "hypatia-v2 not found — run via CI workflow instead"; \
fi
# Run vordr runtime verification
vordr-verify:
@if command -v vordr &>/dev/null; then \
vordr verify --target localhost:8080 --policy strict; \
else \
echo "vordr not found — skipping runtime verification"; \
fi
# Check license compliance
license-check:
@echo "Checking for banned AGPL-3.0 headers..."
@if grep -rl "AGPL-3.0" --include='*.rs' --include='*.ex' --include='*.exs' --include='*.idr' --include='*.zig' --include='*.yml' . 2>/dev/null; then \
echo "FAIL: Found AGPL-3.0 headers"; \
exit 1; \
else \
echo "PASS: No AGPL-3.0 headers found"; \
fi
# Validate SCM files are in .machine_readable/ only
check-scm:
@for f in STATE.scm META.scm ECOSYSTEM.scm; do \
if [ -f "$$f" ]; then \
echo "ERROR: $$f found in root"; exit 1; \
fi; \
done
@echo "PASS: No SCM files in root"
# ── Clean ──────────────────────────────────────────────────────
# Clean all build artifacts
clean:
cargo clean
cd elixir-orchestration && mix clean 2>/dev/null || true
@echo "Cleaned."