Skip to main content

Cap manifest format

caps-manifest.toml at the repo root is the reproducibility pin for every sibling wasm capability component that pylon.wasm composes against. It records the pinned git SHA per sibling repo, plus a sha256 of the built artifact, so a fresh machine can prove its build matches upstream bit-for-bit.

The manifest is consumed by two scripts:

  • scripts/caps-sync.sh — clones + checks out + builds + verifies.
  • scripts/verify-artifact.sh — recomputes sha256 of build/pylon.wasm and each cap, compares against this manifest, prints drift. No rebuild.

Regenerate after a deliberate cap update:

python3 scripts/regen-caps-manifest.py

Top-level fields

pylon_sha256 = "2b3cb1315e474429851633af4c7a8981ccc7089630747164311e49470696e353"

pylon_sha256 — sha256 of the composed build/pylon.wasm. regen-caps-manifest.py updates this in place after each successful compose.

[[cap]] entries

One [[cap]] block per sibling repo:

[[cap]]
id = "aead"
repo = "https://github.com/tegmentum/aead-multiplexer.git"
sha = "57b070c806e66c1772d81c922d8d86d016718d66"
target = "wasm32-wasip1"
artifact = "target/component/aead_multiplexer.wasm"
sha256 = "703a5c73f56494ed07c07d95e2142d98e9b0c415b5758e29563d070307156e3e"

Field-by-field

FieldMeaning
idCap identifier. Matches the cap id in scripts/build-pylon-dynlink-plan.py CAPS and (where applicable) the wrap stem in scripts/wrap-caps-as-components.sh.
repoCanonical git URL to clone from. "" for artifacts that are precomposed inside this repo (see precomposed).
shaPinned git SHA. 0000000000000000000000000000000000000000 = TODO placeholder (sibling repo not present in dev env when the manifest was written) — regenerate after a fresh clone.
targetCargo target triple used to build the artifact; blank if the sibling repo uses a non-cargo build (CMake/Make/etc.) or the artifact is precomposed.
artifactPath to the wasm artifact. For sibling-repo builds: relative to the sibling repo root (i.e. under $HOME/git/<repo>/). For precomposed artifacts: relative to this repo root.
sha256sha256 of the artifact bytes. 0 × 64 = TODO.
local_dirOptional: local sibling directory name if it differs from the URL tail. Example: local_dir = "v86" when the repo URL points at wasm-machine.git but everyone clones it as ~/git/v86/. Sync/verify scripts consult this first.
precomposedtrue for artifacts assembled in-repo by scripts/precompose-*.sh. Their sha256 is a function of the underlying sibling caps + the precompose script; sha here is the pylon repo's own HEAD as a pointer to the precompose script's version.

Reporting shape

make caps-sync reports one line per cap:

  • OK — sha256 matches.
  • SKIP — manifest has placeholder 0000... sha (a sibling that wasn't pinned on the maintainer's dev machine).
  • FAIL — clone/build failed.
  • MISMATCH — the artifact was rebuilt but its bytes don't match the pinned sha256.

make verify reports the aggregate:

caps OK: 74
caps placeholder: 1
caps missing: 0
caps drifted: 0

pylon_sha256 status: OK