Scope capability contracts to bound capability builtins

Author: Mauricio Gomes

vibes/capability_contracts.go

@@ -25,6 +25,14 @@ func validateCapabilityDataOnlyValue(label string, val Value) error {
 	return nil
 }
 
+func bindCapabilityContracts(val Value, contractsByName map[string]CapabilityMethodContract, target map[*Builtin]CapabilityMethodContract) {
+	if len(contractsByName) == 0 {
+		return
+	}
+	scanner := newCapabilityContractScanner()
+	scanner.bindContracts(val, contractsByName, target)
+}
+
 func (s *capabilityContractScanner) containsCallable(val Value) bool {
 	switch val.Kind() {
 	case KindFunction, KindBuiltin, KindBlock, KindClass, KindInstance:
@@ -63,3 +71,37 @@ func (s *capabilityContractScanner) containsCallable(val Value) bool {
 		return false
 	}
 }
+
+func (s *capabilityContractScanner) bindContracts(val Value, contractsByName map[string]CapabilityMethodContract, target map[*Builtin]CapabilityMethodContract) {
+	switch val.Kind() {
+	case KindBuiltin:
+		builtin := val.Builtin()
+		if contract, ok := contractsByName[builtin.Name]; ok {
+			target[builtin] = contract
+		}
+	case KindArray:
+		values := val.Array()
+		id := sliceIdentity{
+			ptr: reflect.ValueOf(values).Pointer(),
+			len: len(values),
+			cap: cap(values),
+		}
+		if _, seen := s.seenArrays[id]; seen {
+			return
+		}
+		s.seenArrays[id] = struct{}{}
+		for _, item := range values {
+			s.bindContracts(item, contractsByName, target)
+		}
+	case KindHash, KindObject:
+		entries := val.Hash()
+		ptr := reflect.ValueOf(entries).Pointer()
+		if _, seen := s.seenMaps[ptr]; seen {
+			return
+		}
+		s.seenMaps[ptr] = struct{}{}
+		for _, item := range entries {
+			s.bindContracts(item, contractsByName, target)
+		}
+	}
+}

vibes/capability_contracts_test.go

@@ -60,6 +60,28 @@ func (duplicateContractCapability) CapabilityContracts() map[string]CapabilityMe
 	}
 }
 
+type unrelatedNamedContractCapability struct{}
+
+func (unrelatedNamedContractCapability) Bind(binding CapabilityBinding) (map[string]Value, error) {
+	return map[string]Value{
+		"probe": NewObject(map[string]Value{
+			"call": NewBuiltin("probe.call", func(exec *Execution, receiver Value, args []Value, kwargs map[string]Value, block Value) (Value, error) {
+				return NewString("ok"), nil
+			}),
+		}),
+	}, nil
+}
+
+func (unrelatedNamedContractCapability) CapabilityContracts() map[string]CapabilityMethodContract {
+	return map[string]CapabilityMethodContract{
+		"hash.merge": {
+			ValidateArgs: func(args []Value, kwargs map[string]Value, block Value) error {
+				return fmt.Errorf("hash.merge contract should not be applied")
+			},
+		},
+	}
+}
+
 func TestCapabilityContractRejectsInvalidArguments(t *testing.T) {
 	engine := MustNewEngine(Config{})
 	script, err := engine.Compile(`def run()
@@ -137,3 +159,28 @@ end`)
 		t.Fatalf("unexpected error: %s", got)
 	}
 }
+
+func TestCapabilityContractsDoNotAttachByGlobalBuiltinName(t *testing.T) {
+	engine := MustNewEngine(Config{})
+	script, err := engine.Compile(`def run()
+  base = { a: 1 }
+  override = { b: 2 }
+  base.merge(override)
+end`)
+	if err != nil {
+		t.Fatalf("compile failed: %v", err)
+	}
+
+	result, err := script.Call(context.Background(), "run", nil, CallOptions{
+		Capabilities: []CapabilityAdapter{unrelatedNamedContractCapability{}},
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result.Kind() != KindHash {
+		t.Fatalf("expected hash result, got %v", result.Kind())
+	}
+	if got, ok := result.Hash()["b"]; !ok || got.Kind() != KindInt || got.Int() != 2 {
+		t.Fatalf("unexpected merge result: %#v", result.Hash())
+	}
+}

vibes/execution.go

@@ -54,7 +54,7 @@ type Execution struct {
 	moduleLoading       map[string]bool
 	moduleLoadStack     []string
 	moduleStack         []moduleContext
-	capabilityContracts map[string]CapabilityMethodContract
+	capabilityContracts map[*Builtin]CapabilityMethodContract
 	receiverStack       []Value
 	envStack            []*Env
 	strictEffects       bool
@@ -607,7 +607,7 @@ func (exec *Execution) invokeCallable(callee Value, receiver Value, args []Value
 		return exec.callFunction(callee.Function(), receiver, args, kwargs, block, pos)
 	case KindBuiltin:
 		builtin := callee.Builtin()
-		contract, hasContract := exec.capabilityContracts[builtin.Name]
+		contract, hasContract := exec.capabilityContracts[builtin]
 		if hasContract && contract.ValidateArgs != nil {
 			if err := contract.ValidateArgs(args, kwargs, block); err != nil {
 				return NewNil(), exec.wrapError(err, pos)
@@ -3400,7 +3400,7 @@ func (s *Script) Call(ctx context.Context, name string, args []Value, opts CallO
 		moduleLoading:       make(map[string]bool),
 		moduleLoadStack:     make([]string, 0, 8),
 		moduleStack:         make([]moduleContext, 0, 8),
-		capabilityContracts: make(map[string]CapabilityMethodContract),
+		capabilityContracts: make(map[*Builtin]CapabilityMethodContract),
 		receiverStack:       make([]Value, 0, 8),
 		envStack:            make([]*Env, 0, 8),
 		strictEffects:       s.engine.config.StrictEffects,
@@ -3409,28 +3409,33 @@ func (s *Script) Call(ctx context.Context, name string, args []Value, opts CallO
 
 	if len(opts.Capabilities) > 0 {
 		binding := CapabilityBinding{Context: exec.ctx, Engine: s.engine}
+		knownCapabilityContracts := make(map[string]CapabilityMethodContract)
 		for _, adapter := range opts.Capabilities {
 			if adapter == nil {
 				continue
 			}
+			adapterContracts := map[string]CapabilityMethodContract{}
 			if provider, ok := adapter.(CapabilityContractProvider); ok {
 				for methodName, contract := range provider.CapabilityContracts() {
 					name := strings.TrimSpace(methodName)
 					if name == "" {
 						return NewNil(), fmt.Errorf("capability contract method name must be non-empty")
 					}
-					if _, exists := exec.capabilityContracts[name]; exists {
+					if _, exists := knownCapabilityContracts[name]; exists {
 						return NewNil(), fmt.Errorf("duplicate capability contract for %s", name)
 					}
-					exec.capabilityContracts[name] = contract
+					knownCapabilityContracts[name] = contract
+					adapterContracts[name] = contract
 				}
 			}
 			globals, err := adapter.Bind(binding)
 			if err != nil {
 				return NewNil(), err
 			}
 			for name, val := range globals {
-				root.Define(name, rebinder.rebindValue(val))
+				rebound := rebinder.rebindValue(val)
+				root.Define(name, rebound)
+				bindCapabilityContracts(rebound, adapterContracts, exec.capabilityContracts)
 			}
 		}
 	}

vibes/memory.go

@@ -81,9 +81,6 @@ func (exec *Execution) estimateMemoryUsage(extras ...Value) int {
 		total += estimatedStringHeaderBytes + len(name)
 	}
 	total += estimatedMapBaseBytes + len(exec.capabilityContracts)*estimatedMapEntryBytes
-	for name := range exec.capabilityContracts {
-		total += estimatedStringHeaderBytes + len(name)
-	}
 	total += estimatedSliceBaseBytes + len(exec.moduleLoadStack)*estimatedStringHeaderBytes
 	for _, key := range exec.moduleLoadStack {
 		total += len(key)