kobako 0.1.2 → 0.2.0

data/lib/kobako/outcome.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require_relative "outcome/panic"
+
+module Kobako
+  # Host-facing boundary for the OUTCOME_BUFFER produced by
+  # +__kobako_run+. Takes raw outcome bytes — a one-byte tag followed by
+  # the msgpack-encoded body — and maps them to either the unwrapped
+  # mruby return value or a raised three-layer
+  # ({SPEC.md "Error Scenarios"}[link:../../SPEC.md]) exception.
+  #
+  # Self-contained: this module owns the wire framing (tag bytes,
+  # body decoding), and the +Panic+ wire record lives at
+  # +Kobako::Outcome::Panic+. The byte-level msgpack codec at
+  # +Kobako::Codec+ is invoked for the body itself; otherwise
+  # nothing in +RPC+ participates.
+  #
+  #   * tag 0x01, decode OK                 → return decoded value
+  #   * tag 0x01, decode fails              → SandboxError (E-09)
+  #   * tag 0x02, origin="service"          → ServiceError (E-13)
+  #   * tag 0x02, origin="sandbox"/missing  → SandboxError (E-04..E-07)
+  #   * tag 0x02, decode fails              → SandboxError (E-08)
+  #   * unknown tag                         → TrapError    (E-03)
+  module Outcome
+    # First byte of the OUTCOME_BUFFER for the success branch — body is
+    # the bare msgpack encoding of the returned value
+    # ({SPEC.md Outcome Envelope}[link:../../SPEC.md]).
+    TYPE_VALUE = 0x01
+    # First byte of the OUTCOME_BUFFER for the failure branch — body is
+    # the msgpack Panic map.
+    TYPE_PANIC = 0x02
+
+    module_function
+
+    def decode(bytes)
+      tag, body = split_tag(bytes)
+      case tag
+      when TYPE_VALUE
+        decode_value(body)
+      when TYPE_PANIC
+        decode_panic(body)
+      else
+        raise build_trap_error(tag)
+      end
+    end
+
+    # TrapError for unknown or absent tag
+    # ({SPEC.md ABI Signatures}[link:../../SPEC.md]: len=0 and unknown-tag
+    # both walk the trap path).
+    def build_trap_error(tag)
+      return TrapError.new("guest exited without writing an outcome (len=0)") if tag.nil?
+
+      TrapError.new(format("unknown outcome tag 0x%<tag>02x", tag: tag))
+    end
+
+    def split_tag(bytes)
+      bytes = bytes.b
+      return [nil, "".b] if bytes.empty?
+
+      tag = bytes.getbyte(0) # : Integer
+      body = bytes.byteslice(1, bytes.bytesize - 1) # : String
+      [tag, body]
+    end
+
+    # Decode failure on the success tag is a SandboxError (E-09): the
+    # framing was fine, but the carried value is unrepresentable.
+    def decode_value(body)
+      Kobako::Codec::Decoder.decode(body)
+    rescue Kobako::Codec::Error => e
+      raise build_wire_violation_error("result envelope decode failed: #{e.message}")
+    end
+
+    # Decode failure on the panic tag is a SandboxError (E-08). Either
+    # path raises — on success the decoded Panic is mapped to its three-
+    # layer exception via +build_panic_error+ and raised; on wire-decode
+    # failure the rescue path raises the wire-violation +SandboxError+.
+    def decode_panic(body)
+      raise build_panic_error(parse_panic(body))
+    rescue Kobako::Codec::Error => e
+      raise build_wire_violation_error("panic envelope decode failed: #{e.message}")
+    end
+
+    # Build a +Panic+ value object from the msgpack-decoded body. Raises
+    # +Kobako::Codec::InvalidType+ when the body is not a map or
+    # when required keys are missing — both routed by +decode_panic+ to
+    # +build_wire_violation_error+.
+    def parse_panic(body)
+      map = Kobako::Codec::Decoder.decode(body)
+      raise Kobako::Codec::InvalidType, "Panic envelope must be a map, got #{map.class}" unless map.is_a?(Hash)
+
+      Kobako::Codec::Utils.wire_boundary do
+        Panic.new(
+          origin: map["origin"], klass: map["class"], message: map["message"],
+          backtrace: map["backtrace"] || [], details: map["details"]
+        )
+      end
+    end
+
+    # Map a decoded Panic record into the corresponding three-layer
+    # Ruby exception. +origin == "service"+ → ServiceError (with the
+    # +::Disconnected+ subclass selected when the panic carries the
+    # disconnected sentinel —
+    # {SPEC "Error Classes"}[link:../../SPEC.md]); everything else
+    # → SandboxError.
+    def build_panic_error(panic)
+      panic_target_class(panic).new(
+        panic.message,
+        origin: panic.origin,
+        klass: panic.klass,
+        backtrace_lines: panic.backtrace,
+        details: panic.details
+      )
+    end
+
+    # {SPEC "Error Classes"}[link:../../SPEC.md]: when
+    # +origin="service"+ and the panic +class+ field names
+    # +ServiceError::Disconnected+, surface that subclass so callers can
+    # rescue the disconnected path specifically (E-14).
+    def panic_target_class(panic)
+      return SandboxError unless panic.origin == Panic::ORIGIN_SERVICE
+
+      panic.klass == "Kobako::ServiceError::Disconnected" ? ServiceError::Disconnected : ServiceError
+    end
+
+    def build_wire_violation_error(message)
+      SandboxError.new(
+        message,
+        origin: Panic::ORIGIN_SANDBOX,
+        klass: "Kobako::RPC::WireError"
+      )
+    end
+  end
+end

data/lib/kobako/rpc/dispatcher.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+module Kobako
+  module RPC
+    # Pure-function dispatcher for guest-initiated RPC calls. Decodes a
+    # msgpack-encoded Request envelope, resolves the target object through
+    # the Server (path lookup or HandleTable lookup), invokes the method,
+    # and returns a msgpack-encoded Response envelope.
+    #
+    # The module is stateless — all mutable state is threaded through the
+    # +server+ argument so Dispatcher has no instance variables and no side
+    # effects beyond mutating the HandleTable via +alloc+ when a non-wire-
+    # representable return value must be wrapped ({SPEC.md B-14}[link:../../../SPEC.md]).
+    #
+    # Entry point:
+    #
+    #   Kobako::RPC::Dispatcher.dispatch(request_bytes, server)
+    #   # => msgpack-encoded Response bytes (never raises)
+    module Dispatcher
+      module_function
+
+      # Internal sentinel raised when target resolution fails. Mapped to
+      # Response.error with type="undefined". Contained at the wire boundary —
+      # not part of the public Kobako error taxonomy
+      # ({SPEC.md E-xx}[link:../../../SPEC.md]).
+      class UndefinedTargetError < StandardError; end
+
+      # Internal sentinel raised when a Handle target resolves to the
+      # +:disconnected+ sentinel in the HandleTable (ABA protection,
+      # {SPEC.md E-14}[link:../../../SPEC.md]). Mapped to Response.error with
+      # type="disconnected". Contained at the wire boundary.
+      class DisconnectedTargetError < StandardError; end
+
+      # Dispatch a single RPC request and return the encoded response bytes.
+      # Called by +Kobako::RPC::Server#dispatch+ which is invoked from the
+      # Rust ext inside +__kobako_dispatch+. +request_bytes+ is the
+      # msgpack-encoded Request envelope. +server+ is the live Server for
+      # this run, used to resolve path-based targets via +#lookup+ and to
+      # access the +#handle_table+ for Handle-based targets and return-value
+      # wrapping. Always returns a binary String — never raises. Any failure
+      # during decode, lookup, or method invocation is reified as a
+      # Response.error envelope so the guest sees the failure as a normal RPC
+      # error rather than a wasm trap
+      # ({SPEC.md B-12}[link:../../../SPEC.md]).
+      def dispatch(request_bytes, server)
+        request = Kobako::RPC.decode_request(request_bytes)
+        handle_table = server.handle_table
+        target = resolve_target(request.target, server, handle_table)
+        args = request.args.map { |v| resolve_arg(v, handle_table) }
+        kwargs = request.kwargs.transform_values { |v| resolve_arg(v, handle_table) }
+        value = invoke(target, request.method_name, args, kwargs)
+        encode_ok(value, server)
+      rescue StandardError => e
+        encode_caught_error(e)
+      end
+
+      # Map an error caught at the dispatch boundary to a +Response.error+
+      # envelope. +error+ is the +StandardError+ caught by {#dispatch}'s
+      # rescue. Returns a msgpack-encoded Response envelope (binary). Four
+      # error buckets ({SPEC.md B-12}[link:../../../SPEC.md]):
+      # +Kobako::Codec::Error+ → type="runtime" (wire decode failed);
+      # +DisconnectedTargetError+ → type="disconnected" (E-14);
+      # +UndefinedTargetError+ → type="undefined" (E-13); +ArgumentError+ →
+      # type="argument" (B-12 arity mismatch); everything else →
+      # type="runtime".
+      def encode_caught_error(error)
+        case error
+        when Kobako::Codec::Error then encode_error("runtime", "wire decode failed: #{error.message}")
+        when DisconnectedTargetError then encode_error("disconnected", error.message)
+        when UndefinedTargetError    then encode_error("undefined", error.message)
+        when ArgumentError           then encode_error("argument", error.message)
+        else                              encode_error("runtime", "#{error.class}: #{error.message}")
+        end
+      end
+
+      # Dispatch +method+ on +target+. +kwargs+ is already Symbol-keyed
+      # (the +Envelope::Request+ invariant pins it). The empty-kwargs
+      # branch omits the +**+ splat so Ruby 3.x's strict kwargs
+      # separation does not reject calls to no-kwarg methods when the
+      # wire carries the uniform empty-map shape.
+      def invoke(target, method, args, kwargs)
+        if kwargs.empty?
+          target.public_send(method.to_sym, *args)
+        else
+          target.public_send(method.to_sym, *args, **kwargs)
+        end
+      end
+
+      # {SPEC.md B-16}[link:../../../SPEC.md] — An RPC::Handle arriving as a positional or keyword
+      # argument identifies a host-side object previously allocated by a prior
+      # RPC's Handle wrap (B-14). Resolve it back to the Ruby object before
+      # the dispatch reaches +public_send+. A Handle whose entry is the
+      # +:disconnected+ sentinel (E-14) raises DisconnectedTargetError so
+      # the dispatcher emits a Response.error with type="disconnected".
+      def resolve_arg(value, handle_table)
+        case value
+        when Kobako::RPC::Handle
+          require_live_object!(value.id, handle_table)
+        else
+          value
+        end
+      end
+
+      # Resolve a Request target to the Ruby object the Server (or
+      # HandleTable) holds. String targets go through the Server;
+      # Handle targets (ext 0x01) go through the HandleTable.
+      #
+      # Target type is already validated by +RPC.decode_request+
+      # before this method is reached, so no else-branch is needed here —
+      # the wire layer is the system boundary that enforces the invariant.
+      def resolve_target(target, server, handle_table)
+        case target
+        when String
+          resolve_path(target, server)
+        when Kobako::RPC::Handle
+          resolve_handle(target, handle_table)
+        end
+      end
+
+      def resolve_path(path, server)
+        server.lookup(path)
+      rescue KeyError => e
+        raise UndefinedTargetError, e.message
+      end
+
+      def resolve_handle(handle, handle_table)
+        require_live_object!(handle.id, handle_table)
+      end
+
+      # Resolve +id+ through the HandleTable, distinguishing the
+      # +:disconnected+ sentinel (E-14) from an unknown id (E-13).
+      def require_live_object!(id, handle_table)
+        object = handle_table.fetch(id)
+        raise DisconnectedTargetError, "Handle id #{id} is disconnected" if object == :disconnected
+
+        object
+      rescue Kobako::HandleTableError => e
+        raise UndefinedTargetError, e.message
+      end
+
+      # Encode +value+ as a +Response.ok+ envelope. When the value is not
+      # wire-representable per {SPEC.md B-13}[link:../../../SPEC.md]'s type
+      # mapping, the +UnsupportedType+ rescue routes it through the
+      # HandleTable via {#wrap_as_handle} and re-encodes with the Capability
+      # Handle in place ({SPEC.md B-14}[link:../../../SPEC.md]). The happy
+      # path encodes exactly once.
+      def encode_ok(value, server)
+        response = Kobako::RPC::Response.ok(value)
+        Kobako::RPC.encode_response(response)
+      rescue Kobako::Codec::UnsupportedType
+        encode_ok(wrap_as_handle(value, server), server)
+      end
+
+      # Allocate +value+ in the Server's HandleTable and return a +Handle+
+      # that the wire codec can carry ({SPEC.md B-14}[link:../../../SPEC.md]).
+      # Used as the fallback path of {#encode_ok} when +value+ has no wire
+      # representation.
+      def wrap_as_handle(value, server)
+        Kobako::RPC::Handle.new(server.handle_table.alloc(value))
+      end
+
+      def encode_error(type, message)
+        fault = Kobako::RPC::Fault.new(type: type, message: message)
+        response = Kobako::RPC::Response.error(fault)
+        Kobako::RPC.encode_response(response)
+      end
+    end
+  end
+end

data/lib/kobako/rpc/envelope.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require_relative "handle"
+require_relative "fault"
+require_relative "../codec"
+
+module Kobako
+  # See lib/kobako/rpc.rb for the umbrella module doc; this file owns the
+  # Request / Response value objects and their encode/decode helpers.
+  module RPC
+    # ---------------- Response status bytes (SPEC.md Response Shape) ---
+
+    # Response variant marker for the success branch.
+    STATUS_OK    = 0
+    # Response variant marker for the fault branch.
+    STATUS_ERROR = 1
+
+    # Value object for a single guest-initiated RPC Request
+    # ({SPEC.md Wire Codec → Request}[link:../../../SPEC.md]).
+    #
+    # 4-element msgpack array: +[target, method, args, kwargs]+. +target+
+    # is either a +String+ (+"Namespace::Member"+) or a {Handle}. SPEC pins
+    # +kwargs+ map keys to ext 0x00 Symbol; enforced at construction so the
+    # Value Object is the single source of truth.
+    Request = Data.define(:target, :method_name, :args, :kwargs) do
+      # steep:ignore:start
+      def initialize(target:, method:, args: [], kwargs: {})
+        unless target.is_a?(String) || target.is_a?(Kobako::RPC::Handle)
+          raise ArgumentError, "Request target must be String or Kobako::RPC::Handle, got #{target.class}"
+        end
+        raise ArgumentError, "Request method must be String" unless method.is_a?(String)
+        raise ArgumentError, "Request args must be Array"    unless args.is_a?(Array)
+
+        validate_kwargs!(kwargs)
+        super(target: target, method_name: method, args: args, kwargs: kwargs)
+      end
+
+      private
+
+      def validate_kwargs!(kwargs)
+        raise ArgumentError, "Request kwargs must be Hash" unless kwargs.is_a?(Hash)
+
+        kwargs.each_key do |k|
+          raise ArgumentError, "Request kwargs keys must be Symbol, got #{k.class}" unless k.is_a?(Symbol)
+        end
+      end
+      # steep:ignore:end
+    end
+
+    # Encode a {Request} to msgpack bytes. The Value Object's own
+    # invariants are the contract; this method does not re-check the shape.
+    def self.encode_request(request)
+      Codec::Encoder.encode([request.target, request.method_name, request.args, request.kwargs])
+    end
+
+    def self.decode_request(bytes)
+      arr = Codec::Decoder.decode(bytes)
+      unless arr.is_a?(Array) && arr.length == 4
+        raise Codec::InvalidType, "Request must be a 4-element array, got #{arr.inspect}"
+      end
+
+      target, method_name, args, kwargs = arr
+      Codec::Utils.wire_boundary do
+        Request.new(target: target, method: method_name, args: args, kwargs: kwargs)
+      end
+    end
+
+    # Value object for a single host-side RPC Response
+    # ({SPEC.md Wire Codec → Response}[link:../../../SPEC.md]).
+    #
+    # 2-element msgpack array: +[status, value-or-fault]+. +status+ is 0
+    # (success) or 1 (fault). For success the second element is the return
+    # value; for fault it is a {Fault} (ext 0x02 envelope).
+    Response = Data.define(:status, :payload) do
+      # steep:ignore:start
+      def self.ok(value)
+        new(status: STATUS_OK, payload: value)
+      end
+
+      def self.error(fault)
+        unless fault.is_a?(Kobako::RPC::Fault)
+          raise ArgumentError, "Response.error requires Kobako::RPC::Fault, got #{fault.class}"
+        end
+
+        new(status: STATUS_ERROR, payload: fault)
+      end
+
+      def initialize(status:, payload:)
+        unless [STATUS_OK, STATUS_ERROR].include?(status)
+          raise ArgumentError, "Response status must be 0 or 1, got #{status.inspect}"
+        end
+        if status == STATUS_ERROR && !payload.is_a?(Kobako::RPC::Fault)
+          raise ArgumentError, "Response status=1 payload must be Kobako::RPC::Fault"
+        end
+
+        super
+      end
+
+      def ok?    = status == STATUS_OK
+      def error? = status == STATUS_ERROR
+      # steep:ignore:end
+    end
+
+    def self.encode_response(response)
+      Codec::Encoder.encode([response.status, response.payload])
+    end
+
+    def self.decode_response(bytes)
+      arr = Codec::Decoder.decode(bytes)
+      unless arr.is_a?(Array) && arr.length == 2
+        raise Codec::InvalidType, "Response must be a 2-element array, got #{arr.inspect}"
+      end
+
+      status, payload = arr
+      Codec::Utils.wire_boundary { Response.new(status: status, payload: payload) }
+    end
+  end
+end

data/lib/kobako/{wire/exception.rb → rpc/fault.rb}

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Kobako
-  module Wire
+  module RPC
     # Wire-level value object for an ext-0x02 Exception envelope.
     #
     # SPEC pins the payload (Wire Codec → Ext Types → ext 0x02) to a
@@ -17,12 +17,13 @@ module Kobako
     # Built on +Data.define+ so equality, hash, and immutability are
     # inherited from the value-object machinery; only the field invariants
     # ride on top.
-    Exception = Data.define(:type, :message, :details) do
+    Fault = Data.define(:type, :message, :details) do
       # +VALID_TYPES+ is attached to the Exception class below this block.
       # Reach it through +self.class::VALID_TYPES+ — Data.define's block
       # scope resolves bare constants against the enclosing +Wire+ module,
       # so a bare +VALID_TYPES+ would raise +NameError+. Same pattern as
-      # +Wire::Handle+.
+      # +RPC::Handle+.
+      # steep:ignore:start
       def initialize(type:, message:, details: nil)
         valid_types = self.class::VALID_TYPES
         raise ArgumentError, "type must be String"    unless type.is_a?(String)
@@ -31,8 +32,9 @@ module Kobako
 
         super
       end
+      # steep:ignore:end
     end
 
-    Exception::VALID_TYPES = %w[runtime argument disconnected undefined].freeze
+    Fault::VALID_TYPES = %w[runtime argument disconnected undefined].freeze
   end
 end

data/lib/kobako/{wire → rpc}/handle.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Kobako
-  module Wire
+  module RPC
     # Wire-level value object for an ext-0x01 Capability Handle.
     #
     # SPEC pins the binary layout to fixext 4 with a 4-byte big-endian u32
@@ -10,7 +10,7 @@ module Kobako
     #
     # This is intentionally a thin value object built on +Data.define+ so
     # equality, hash, and immutability are inherited. The runtime-facing
-    # +Kobako::Handle+ class lives at a higher layer and may add behaviour
+    # +Kobako::RPC::Handle+ class lives at a higher layer and may add behaviour
     # (HandleTable bookkeeping, reset semantics). The codec only needs to
     # carry the opaque integer ID across the wire.
     Handle = Data.define(:id) do
@@ -20,6 +20,7 @@ module Kobako
       # +MIN_ID+ would raise +NameError+. Use +self.class::CONST+ to
       # reach the constants attached to the Handle class itself. Do not
       # "simplify" this back to bare +MIN_ID+/+MAX_ID+.
+      # steep:ignore:start
       def initialize(id:)
         min = self.class::MIN_ID
         max = self.class::MAX_ID
@@ -28,6 +29,7 @@ module Kobako
 
         super
       end
+      # steep:ignore:end
     end
 
     Handle::MIN_ID = 1

data/lib/kobako/{registry → rpc}/handle_table.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require_relative "../wire/handle"
+require_relative "handle"
 
 module Kobako
-  class Registry
+  module RPC
     # Host-side mapping from opaque integer Handle IDs to Ruby objects
-    # (capability proxies). One table is owned per Kobako::Registry instance
-    # (and therefore per Kobako::Sandbox instance). See
+    # (capability proxies). One table is owned per +Kobako::RPC::Server+
+    # instance (and therefore per +Kobako::Sandbox+ instance). See
     # {SPEC.md B-15}[link:../../../SPEC.md].
     #
     # Lifecycle invariants ({SPEC.md}[link:../../../SPEC.md]):
@@ -26,22 +26,22 @@ module Kobako
     class HandleTable
       # Build a fresh, empty HandleTable. +next_id+ is an internal seam that
       # sets the starting value of the monotonic counter (defaults to 1 per
-      # B-15); tests pass a value near +Wire::Handle::MAX_ID+ to exercise
+      # B-15); tests pass a value near +RPC::Handle::MAX_ID+ to exercise
       # the cap-exhaustion path without 2³¹ allocations.
       def initialize(next_id: 1)
-        @entries = {}
+        @entries = {} # : Hash[Integer, untyped]
         @next_id = next_id
       end
 
       # Bind +object+ in the table and return its newly-allocated Handle ID.
       # +object+ is any host-side Ruby object to bind. Returns a freshly-
-      # allocated Handle ID in +[1, Wire::Handle::MAX_ID]+. Raises
+      # allocated Handle ID in +[1, RPC::Handle::MAX_ID]+. Raises
       # +Kobako::HandleTableExhausted+ if the next ID would exceed the cap.
-      # The cap is anchored on +Wire::Handle+ — the wire codec and the
+      # The cap is anchored on +RPC::Handle+ — the wire codec and the
       # allocator share the same invariant ({SPEC.md B-21}[link:../../../SPEC.md]).
       def alloc(object)
         id = @next_id
-        cap = Wire::Handle::MAX_ID
+        cap = RPC::Handle::MAX_ID
         raise HandleTableExhausted, "HandleTable exhausted: id #{id} exceeds MAX_ID #{cap}" if id > cap
 
         @entries[id] = object

data/lib/kobako/{registry/service_group.rb → rpc/namespace.rb}

@@ -1,23 +1,31 @@
 # frozen_string_literal: true
 
 module Kobako
-  class Registry
-    # A named namespace of Service Members for one Sandbox ({SPEC.md B-07..B-11}[link:../../../SPEC.md]).
-    class ServiceGroup
+  module RPC
+    # A named grouping of Members for one Sandbox
+    # ({SPEC.md B-07..B-11}[link:../../../SPEC.md]). Returned by
+    # +Sandbox#define+. Each instance owns a flat name→object table of
+    # Members; member binding is validated against {NAME_PATTERN}.
+    class Namespace
+      # Ruby constant-name pattern shared by Namespace and Member names
+      # ({SPEC.md B-07/B-08 Notes}[link:../../../SPEC.md]).
+      NAME_PATTERN = /\A[A-Z]\w*\z/
+
       attr_reader :name, :members
 
-      # Build a new ServiceGroup. +name+ is an already-validated Group name
-      # (must satisfy +NAME_PATTERN+; validation is the caller's responsibility).
+      # Build a new Namespace. +name+ is an already-validated Namespace
+      # name (must satisfy {NAME_PATTERN}; validation is the caller's
+      # responsibility).
       def initialize(name)
         @name = name
         @members = {}
       end
 
-      # Bind +object+ under +member+ inside this group. +member+ is a
+      # Bind +object+ under +member+ inside this Namespace. +member+ is a
       # constant-form name as a +Symbol+ or +String+. +object+ is any Ruby
       # object that responds to the methods guest code will invoke. Returns
       # +self+ for chaining. Raises +ArgumentError+ when +member+ does not
-      # match the constant pattern, or a member of the same name is already
+      # match the constant pattern, or a Member of the same name is already
       # bound ({SPEC.md B-11}[link:../../../SPEC.md]).
       def bind(member, object)
         member_str = validate_member_name!(member)
@@ -32,12 +40,13 @@ module Kobako
         @members[member.to_s]
       end
 
-      # Strict variant of {#[]}; raises +KeyError+ when no member is
+      # Strict variant of {#[]}; raises +KeyError+ when no Member is
       # registered under +member+.
       def fetch(member)
         member_str = member.to_s
         unless @members.key?(member_str)
-          raise KeyError, "no member named #{member_str.inspect} in group #{@name.inspect}"
+          raise KeyError,
+                "no member named #{member_str.inspect} in namespace #{@name.inspect}"
         end
 
         @members[member_str]
@@ -53,9 +62,9 @@ module Kobako
 
       def validate_member_name!(member)
         member_str = member.to_s
-        unless Registry::NAME_PATTERN.match?(member_str)
+        unless NAME_PATTERN.match?(member_str)
           raise ArgumentError,
-                "MemberName must match #{Registry::NAME_PATTERN.inspect} (got #{member.inspect})"
+                "MemberName must match #{NAME_PATTERN.inspect} (got #{member.inspect})"
         end
 
         member_str