Context
Epic #273 gap (2): "store is local flat files, not a private verisimdb via snif (snif boundary is pure aspiration; freestanding-wasm cannot reach verisimdb -- architectural gap)".
Audit produced a decision-ready memo, committed in-tree as docs/architecture/boundary-design-options.adoc (see open PR -- linked at bottom).
The hard finding (decision driver)
The naive target chain VCL → SNIF → verisimdb cannot be built as stated:
- SNIFs are
wasm32-freestanding with zero imports -- no filesystem, no network, no clock. WASI is listed as unspecified future work in snifs/docs/whitepapers/academic/snif.tex (~639-644).
verisimdb has no octad/VCL-native embeddable surface a freestanding guest could use; verisim-nif is currently a placeholder (returns {"status":"nif_placeholder"}).- The conformant VCL parser is ReScript + Idris2 (
vcl-ut); there is no conformant Elixir or Zig parser anywhere in the estate.
Any viable architecture must either (a) keep the DB hop host-side, (b) upgrade the SNIF to WASI, or (c) drop the SNIF from the data path.
Decision request
Rule on one boundary question:
Does the VCL parse+typecheck stage run inside the SNIF sandbox (A), inside the SNIF with WASI I/O so it can also reach the DB (B), or in-process in Elixir with no SNIF on the data path (C)?
|
A -- Split (RECOMMENDED) |
B -- WASI SNIF |
C -- No SNIF on data path |
| SNIF used for VCL safety |
Yes (pure check) |
Yes (+ I/O) |
No |
| Impossible wasm→db hop avoided |
Yes (host-side DB) |
N/A (WASI grants I/O) |
Yes (no SNIF) |
verisim-nif prerequisite |
Required (M) |
HTTP/gRPC real instead (≥M) |
Required (M) |
| Parser work |
Idris2-spec → Zig SNIF (M-L) |
A's parser + guest DB client (L) |
Idris2-spec → Elixir (M-L), non-conformant |
| Safe-boundary property kept |
Yes |
Weakened (guest gets I/O) |
Lost for VCL |
| Effort tier |
L |
L+ |
M |
| Time-to-first-store |
Medium |
Slowest |
Fastest |
Secondary ruling (only if A or B): confirm parser strategy -- port the Idris2 core to a wasm32-freestanding Zig SNIF, differential-tested against the ReScript reference. (Recommended.)
What ruling unlocks
- A: verisimdb-side
verisim-nif real implementation + private-instance lifecycle, then hypatia-side Idris2→Zig SNIF parser port + boundary module + verisim_connector.ex re-target.
- B: all of A's hypatia-side work plus WASI binding spike in
wasmex plus in-guest verisimdb client.
- C: verisimdb-side
verisim-nif real implementation, then Elixir VCL parser/checker port from the Idris2 spec; no SNIF on the data path.
Out of scope
- The
verisim-nif real implementation is verisimdb-side work and should be tracked there once a ruling lands.
- This issue only asks for a ruling, not for an immediate build. Build issues spin off afterwards.
Companion PR
docs(arch): add boundary-design-options.adoc (#273 gap 2, decision-ready) -- adds the full memo to docs/architecture/. (PR link will be posted in this issue once opened.)
Parent: #273.
Context
Epic #273 gap (2): "store is local flat files, not a private verisimdb via snif (snif boundary is pure aspiration; freestanding-wasm cannot reach verisimdb -- architectural gap)".
Audit produced a decision-ready memo, committed in-tree as
docs/architecture/boundary-design-options.adoc(see open PR -- linked at bottom).The hard finding (decision driver)
The naive target chain
VCL → SNIF → verisimdbcannot be built as stated:wasm32-freestandingwith zero imports -- no filesystem, no network, no clock. WASI is listed as unspecified future work insnifs/docs/whitepapers/academic/snif.tex(~639-644).verisimdbhas no octad/VCL-native embeddable surface a freestanding guest could use;verisim-nifis currently a placeholder (returns{"status":"nif_placeholder"}).vcl-ut); there is no conformant Elixir or Zig parser anywhere in the estate.Any viable architecture must either (a) keep the DB hop host-side, (b) upgrade the SNIF to WASI, or (c) drop the SNIF from the data path.
Decision request
Rule on one boundary question:
verisim-nifprerequisiteSecondary ruling (only if A or B): confirm parser strategy -- port the Idris2 core to a
wasm32-freestandingZig SNIF, differential-tested against the ReScript reference. (Recommended.)What ruling unlocks
verisim-nifreal implementation + private-instance lifecycle, then hypatia-side Idris2→Zig SNIF parser port + boundary module +verisim_connector.exre-target.wasmexplus in-guest verisimdb client.verisim-nifreal implementation, then Elixir VCL parser/checker port from the Idris2 spec; no SNIF on the data path.Out of scope
verisim-nifreal implementation is verisimdb-side work and should be tracked there once a ruling lands.Companion PR
docs(arch): add boundary-design-options.adoc (#273 gap 2, decision-ready)-- adds the full memo todocs/architecture/. (PR link will be posted in this issue once opened.)Parent: #273.