Cap manifest format
caps-manifest.toml at the repo root is the reproducibility pin for
every sibling wasm capability component that pylon.wasm composes
against. It records the pinned git SHA per sibling repo, plus a
sha256 of the built artifact, so a fresh machine can prove its build
matches upstream bit-for-bit.
The manifest is consumed by two scripts:
scripts/caps-sync.sh— clones + checks out + builds + verifies.scripts/verify-artifact.sh— recomputes sha256 ofbuild/pylon.wasmand each cap, compares against this manifest, prints drift. No rebuild.
Regenerate after a deliberate cap update:
python3 scripts/regen-caps-manifest.py
Top-level fields
pylon_sha256 = "2b3cb1315e474429851633af4c7a8981ccc7089630747164311e49470696e353"
pylon_sha256 — sha256 of the composed build/pylon.wasm.
regen-caps-manifest.py updates this in place after each successful
compose.
[[cap]] entries
One [[cap]] block per sibling repo:
[[cap]]
id = "aead"
repo = "https://github.com/tegmentum/aead-multiplexer.git"
sha = "57b070c806e66c1772d81c922d8d86d016718d66"
target = "wasm32-wasip1"
artifact = "target/component/aead_multiplexer.wasm"
sha256 = "703a5c73f56494ed07c07d95e2142d98e9b0c415b5758e29563d070307156e3e"
Field-by-field
| Field | Meaning |
|---|---|
id | Cap identifier. Matches the cap id in scripts/build-pylon-dynlink-plan.py CAPS and (where applicable) the wrap stem in scripts/wrap-caps-as-components.sh. |
repo | Canonical git URL to clone from. "" for artifacts that are precomposed inside this repo (see precomposed). |
sha | Pinned git SHA. 0000000000000000000000000000000000000000 = TODO placeholder (sibling repo not present in dev env when the manifest was written) — regenerate after a fresh clone. |
target | Cargo target triple used to build the artifact; blank if the sibling repo uses a non-cargo build (CMake/Make/etc.) or the artifact is precomposed. |
artifact | Path to the wasm artifact. For sibling-repo builds: relative to the sibling repo root (i.e. under $HOME/git/<repo>/). For precomposed artifacts: relative to this repo root. |
sha256 | sha256 of the artifact bytes. 0 × 64 = TODO. |
local_dir | Optional: local sibling directory name if it differs from the URL tail. Example: local_dir = "v86" when the repo URL points at wasm-machine.git but everyone clones it as ~/git/v86/. Sync/verify scripts consult this first. |
precomposed | true for artifacts assembled in-repo by scripts/precompose-*.sh. Their sha256 is a function of the underlying sibling caps + the precompose script; sha here is the pylon repo's own HEAD as a pointer to the precompose script's version. |
Reporting shape
make caps-sync reports one line per cap:
- OK — sha256 matches.
- SKIP — manifest has placeholder
0000...sha (a sibling that wasn't pinned on the maintainer's dev machine). - FAIL — clone/build failed.
- MISMATCH — the artifact was rebuilt but its bytes don't match the pinned sha256.
make verify reports the aggregate:
caps OK: 74
caps placeholder: 1
caps missing: 0
caps drifted: 0
pylon_sha256 status: OK