hakorune/docs/private/roadmap/phases/phase-20.8/CALL_FOR_REVIEW.md

Phase 20.8 — Call for Review (Boundaries & Contracts)
=====================================================

Purpose
- Fix boundaries/invariants before implementation to keep Phase‑20.8 small, explicit, and deterministic.

Agenda

1) Boundary/Scope (Rust layer)
- Final responsibilities: Boot (Lock/Capsule→BootPlan), HostBridge publish, CLI flags, PluginHost init (LockOnly order)
- No discovery fallback; propagate non‑OK status to exit code

2) C‑ABI Surface (HostBridge)
- 7 functions: open/close/last_error/list_types/type_id/method_id/call
- Versioning: abi_major/minor + struct_size; caps; optional allocator pointer
- Error policy: OK/NOT_FOUND/BAD_LOCK/INCOMPATIBLE/OOM/UNSUPPORTED/VALIDATION/PANIC

3) GC v0 (Mark & Sweep)
- Roots: stack frames, global static boxes, HostBridge handles
- Safepoints: call boundaries, loop back‑edges, pre‑I/O waits
- Triggers: live_bytes growth (>80% since last sweep) or +4MB
- Metrics: pause_ms/live_bytes/num_objects/alloc_rate; HAKO_GC_TRACE format

4) Allocator/HakMem (research only)
- Not adopted in 20.8; keep docs only. MVP metrics: determinism, latency distribution, fragmentation.

5) VM Semantics/Parity
- 16 ops + Call unified; Gate‑C Strict ban list finalized
- Eq/Ne: primitive=Compare, box=op_eq, enum=.equals (Rewrite + Verifier)

6) Published Names / SSOT
- Box.method/Arity only; alias TTL→remove (2 minor releases)
- Tail fallback OFF; CallAttrs.tail_ok marks explicit cases

7) Router/Rewrite/Intern
- Known/Rewrite default ON (Enum/Callable)
- Intern: published names only; name→id JSON dump for CI
- CallAttrs: effect/may_throw/tail_ok/inline_hint consumed by VM/LLVM only

8) Determinism / Capsule / Lock
- LockOnly: fixed order; sha256 verify (plugins + optional AOT)
- Frozen: verify required; no fallback

9) WASM/Embedded
- Built‑in plugin preset via LTO/inline; Capsule “baked‑in” artifacts when dynamic load is restricted

10) AOT/FFI
- AOT: bytes_len parity; skip when AOT_PRESENT cap is absent
- FFI‑C: allow‑list only; signatures normalized via Box/Value

11) Error/Fail‑Fast
- Three guards: Verifier (Boot), Router (E_NOT_FOUND), Runner (exit code)

12) Migration/Rollback
- `--backend vm-rust` as last escape hatch with deprecation schedule; path‑shim deprecation→removal plan

13) KPIs/Observability/CI
- VM ≥ 70% of LLVM (representative ops); 30‑run p95 geometric means
- Determinism: Frozen runs produce identical logs/hashes (10×)
- CI: SSOT diffs (published names set, intern table), negative cases (Strict/Gate‑C), determinism checks

Expected Outcome
- Sign‑off on boundaries/contracts. Green‑light to implement GC v0 and backend deprecation with minimal risk.
-												docs: restore docs/private/roadmap from 7b4908f9 (Phase 20.31)

											
										
										
											2025-10-31 18:00:10 +09:00
+								Phase 20.8 — Call for Review (Boundaries & Contracts)
 								=====================================================
 								Purpose
 								- Fix boundaries/invariants before implementation to keep Phase‑20.8 small, explicit, and deterministic.
 								Agenda
 ) Boundary/Scope (Rust layer)
 								- Final responsibilities: Boot (Lock/Capsule→BootPlan), HostBridge publish, CLI flags, PluginHost init (LockOnly order)
 								- No discovery fallback; propagate non‑OK status to exit code
 ) C‑ABI Surface (HostBridge)
 								- 7 functions: open/close/last_error/list_types/type_id/method_id/call
 								- Versioning: abi_major/minor + struct_size; caps; optional allocator pointer
 								- Error policy: OK/NOT_FOUND/BAD_LOCK/INCOMPATIBLE/OOM/UNSUPPORTED/VALIDATION/PANIC
 ) GC v0 (Mark & Sweep)
 								- Roots: stack frames, global static boxes, HostBridge handles
 								- Safepoints: call boundaries, loop back‑edges, pre‑I/O waits
 								- Triggers: live_bytes growth (>80% since last sweep) or +4MB
 								- Metrics: pause_ms/live_bytes/num_objects/alloc_rate; HAKO_GC_TRACE format
 ) Allocator/HakMem (research only)
 								- Not adopted in 20.8; keep docs only. MVP metrics: determinism, latency distribution, fragmentation.
 ) VM Semantics/Parity
 								- 16 ops + Call unified; Gate‑C Strict ban list finalized
 								- Eq/Ne: primitive=Compare, box=op_eq, enum=.equals (Rewrite + Verifier)
 ) Published Names / SSOT
 								- Box.method/Arity only; alias TTL→remove (2 minor releases)
 								- Tail fallback OFF; CallAttrs.tail_ok marks explicit cases
 ) Router/Rewrite/Intern
 								- Known/Rewrite default ON (Enum/Callable)
 								- Intern: published names only; name→id JSON dump for CI
 								- CallAttrs: effect/may_throw/tail_ok/inline_hint consumed by VM/LLVM only
 ) Determinism / Capsule / Lock
 								- LockOnly: fixed order; sha256 verify (plugins + optional AOT)
 								- Frozen: verify required; no fallback
 ) WASM/Embedded
 								- Built‑in plugin preset via LTO/inline; Capsule “baked‑in” artifacts when dynamic load is restricted
 ) AOT/FFI
 								- AOT: bytes_len parity; skip when AOT_PRESENT cap is absent
 								- FFI‑C: allow‑list only; signatures normalized via Box/Value
 ) Error/Fail‑Fast
 								- Three guards: Verifier (Boot), Router (E_NOT_FOUND), Runner (exit code)
 ) Migration/Rollback
 								- `--backend vm-rust` as last escape hatch with deprecation schedule; path‑shim deprecation→removal plan
 ) KPIs/Observability/CI
 								- VM ≥ 70% of LLVM (representative ops); 30‑run p95 geometric means
 								- Determinism: Frozen runs produce identical logs/hashes (10×)
 								- CI: SSOT diffs (published names set, intern table), negative cases (Strict/Gate‑C), determinism checks
 								Expected Outcome
 								- Sign‑off on boundaries/contracts. Green‑light to implement GC v0 and backend deprecation with minimal risk.