kobako 0.1.2 → 0.2.0

data/lib/kobako/rpc/server.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+require "msgpack"
+require_relative "../errors"
+require_relative "envelope"
+require_relative "namespace"
+require_relative "handle_table"
+require_relative "dispatcher"
+
+module Kobako
+  module RPC
+    # Kobako::RPC::Server — per-Sandbox host-side RPC coordinator. Maintains
+    # the Namespace / Member registry, owns the HandleTable, and routes
+    # incoming Requests to the resolved Service object
+    # ({SPEC.md B-07..B-21}[link:../../../SPEC.md]).
+    #
+    # Public API:
+    #
+    #   server = Kobako::RPC::Server.new
+    #   namespace = server.define(:MyService)    # => Kobako::RPC::Namespace
+    #   namespace.bind(:KV, kv_object)           # => namespace (chainable)
+    #   server.to_preamble                       # => array for Frame 1
+    #   server.dispatch(request_bytes)           # => msgpack bytes (delegated to Dispatcher)
+    #
+    # Namespaces live at +Kobako::RPC::Namespace+
+    # (lib/kobako/rpc/namespace.rb). The opaque Handle allocator lives at
+    # +Kobako::RPC::HandleTable+
+    # (lib/kobako/rpc/handle_table.rb). Dispatch helpers live at
+    # +Kobako::RPC::Dispatcher+
+    # (lib/kobako/rpc/dispatcher.rb).
+    class Server
+      # Build a fresh Server. +handle_table+ is an internal seam that
+      # injects a pre-configured +HandleTable+; tests pass one whose +next_id+
+      # is pinned near +MAX_ID+ to exercise the B-21 cap-exhaustion path
+      # without 2³¹ allocations. Production callers leave it at the default.
+      def initialize(handle_table: HandleTable.new)
+        @namespaces = {} # : Hash[String, Kobako::RPC::Namespace]
+        @handle_table = handle_table
+        @sealed = false
+      end
+
+      # Declare or retrieve the Namespace named +name+ (idempotent — SPEC.md B-10).
+      # +name+ is a constant-form name as a +Symbol+ or +String+ (must satisfy
+      # +Namespace::NAME_PATTERN+). Returns the +Kobako::RPC::Namespace+ for
+      # that name, creating it if it does not exist. Raises +ArgumentError+
+      # when +name+ is malformed, or when called after the owning Sandbox has
+      # been sealed by +#run+.
+      def define(name)
+        raise ArgumentError, "cannot define after Sandbox#run has been invoked" if @sealed
+
+        name_str = name.to_s
+        unless Namespace::NAME_PATTERN.match?(name_str)
+          raise ArgumentError,
+                "Namespace name must match #{Namespace::NAME_PATTERN.inspect} (got #{name.inspect})"
+        end
+
+        @namespaces[name_str] ||= Namespace.new(name_str)
+      end
+
+      # Resolve a +target+ path of the form +"Namespace::Member"+ to the
+      # bound Host object. +target+ is a two-level path using the +::+
+      # separator. Returns the bound Host object. Raises +KeyError+ when the
+      # namespace or the member is not bound.
+      def lookup(target)
+        namespace, member_name, namespace_name = parse_target(target)
+        raise KeyError, "no namespace named #{namespace_name.inspect}" if namespace.nil?
+        raise KeyError, "no member #{target.inspect} bound on server" unless member_name
+
+        namespace.fetch(member_name)
+      end
+
+      # Returns +true+ when +target+ (a +"Namespace::Member"+ path) resolves
+      # to a bound member, +false+ otherwise.
+      def bound?(target)
+        namespace, member_name, = parse_target(target)
+        !namespace.nil? && !member_name.nil? && !namespace[member_name].nil?
+      end
+
+      # Returns all declared +Kobako::RPC::Namespace+ instances as an +Array+.
+      def namespaces
+        @namespaces.values
+      end
+
+      # Returns the number of declared namespaces as an +Integer+.
+      def size
+        @namespaces.size
+      end
+
+      # Returns +true+ when no namespaces have been declared, +false+ otherwise.
+      def empty?
+        @namespaces.empty?
+      end
+
+      # Structured Frame 1 description. Called by +Sandbox#run+ when assembling
+      # stdin Frame 1 ({SPEC.md B-02}[link:../../../SPEC.md]). Returns an
+      # unencoded preamble array — an +Array+ of two-element +[name, members]+
+      # arrays, one per declared namespace.
+      def to_preamble
+        @namespaces.values.map(&:to_preamble)
+      end
+
+      # Encode the preamble as msgpack bytes for stdin Frame 1 delivery
+      # ({SPEC.md B-02}[link:../../../SPEC.md]). Uses plain MessagePack (no
+      # kobako ext types) because the preamble contains only strings — no
+      # Handles or Fault envelopes. Structure:
+      # +[["Namespace", ["MemberA", "MemberB"]], ...]+. Returns a binary
+      # +String+ of msgpack bytes.
+      def encoded_preamble
+        MessagePack.pack(to_preamble)
+      end
+
+      # Mark the Server as sealed. Called by +Sandbox#run+ on first run.
+      # After sealing, #define raises ArgumentError. Idempotent.
+      def seal!
+        @sealed = true
+        self
+      end
+
+      # Returns +true+ when {#seal!} has been called, +false+ otherwise.
+      def sealed?
+        @sealed
+      end
+
+      # Reset the HandleTable for a new +#run+ boundary. Called by +Sandbox#run+
+      # before each invocation ({SPEC.md B-19}[link:../../../SPEC.md]).
+      def reset_handles!
+        @handle_table.reset!
+      end
+
+      # Dispatch a single RPC request and return the encoded response bytes
+      # ({SPEC.md B-12}[link:../../../SPEC.md]). +request_bytes+ is a
+      # msgpack-encoded Request envelope. Called by the Rust ext from inside
+      # +__kobako_dispatch+. Always returns a binary +String+ — never raises.
+      # Delegates to +Dispatcher.dispatch+ which reifies any failure as a
+      # +Response.error+ envelope so the guest sees the failure as a normal RPC
+      # error rather than a wasm trap.
+      def dispatch(request_bytes)
+        Dispatcher.dispatch(request_bytes, self)
+      end
+
+      # Expose the +HandleTable+ for tests and wire-layer Handle wrapping.
+      attr_reader :handle_table
+
+      private
+
+      # Split +target+ on the +::+ separator and resolve the namespace half.
+      # Returns +[namespace_or_nil, member_str_or_nil, namespace_name_str]+ so
+      # each public method ({#lookup} / {#bound?}) only owns its boundary
+      # semantics (raise vs predicate).
+      def parse_target(target)
+        namespace_name, member_name = target.to_s.split("::", 2)
+        [@namespaces[namespace_name], member_name, namespace_name]
+      end
+    end
+  end
+end

data/lib/kobako/rpc.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Kobako
+  # Kobako::RPC — protocol namespace for host↔guest RPC. Houses the value
+  # objects that travel on the wire (+Handle+, +Request+, +Response+,
+  # +Fault+) and the host-side Server coordinator. See
+  # {SPEC.md Refinement → Internal Concepts}[link:../../SPEC.md] for the
+  # RPC role split.
+  module RPC
+  end
+end

data/lib/kobako/sandbox.rb

@@ -1,73 +1,105 @@
 # frozen_string_literal: true
 
+require_relative "capture"
 require_relative "errors"
-require_relative "registry"
-require_relative "wire"
-require_relative "sandbox/output_buffer"
-require_relative "sandbox/outcome_decoder"
+require_relative "outcome"
+require_relative "rpc/server"
+require_relative "rpc/envelope"
 
 module Kobako
   # Kobako::Sandbox — the user-facing entry point for executing guest mruby
   # scripts inside a wasmtime-hosted Wasm module
   # ({SPEC.md B-01}[link:../../SPEC.md]).
   #
-  # The Sandbox owns the +Kobako::Wasm::Instance+, the per-instance Registry
-  # (which itself owns the per-run HandleTable), and bounded stdout / stderr
-  # capture buffers. The underlying wasmtime Engine and compiled Module are
-  # cached at process scope by the native ext and never surface to Ruby —
-  # constructing many Sandboxes amortises both costs automatically.
+  # The Sandbox owns the +Kobako::Wasm::Instance+, the per-instance RPC Server
+  # (which itself owns the per-run HandleTable), and the per-channel byte
+  # caches for guest stdout / stderr capture. The underlying wasmtime Engine
+  # and compiled Module are cached at process scope by the native ext and
+  # never surface to Ruby — constructing many Sandboxes amortises both costs
+  # automatically.
   #
-  # Buffer overflow policy ({SPEC.md B-04}[link:../../SPEC.md]): once an
-  # append would push the cumulative byte count past the per-channel
-  # `*_limit`, the OutputBuffer truncates — it stores a prefix that fits
-  # under the cap and appends a +[truncated]+ marker on the next read.
-  # Truncation does NOT raise. The marker constant lives on
-  # +Kobako::Sandbox::OutputBuffer::OUTPUT_TRUNCATION_MARKER+.
+  # Output capture policy ({SPEC.md B-04}[link:../../SPEC.md]): the
+  # per-channel cap (+stdout_limit+ / +stderr_limit+) is enforced inside the
+  # WASI pipe — the host buffer stops growing at the cap, subsequent guest
+  # writes on that channel fail or are dropped, and +#run+ still returns
+  # normally. +#stdout+ / +#stderr+ return the captured prefix as a UTF-8
+  # String; the byte content never carries a truncation sentinel.
+  # +#stdout_truncated?+ / +#stderr_truncated?+ are the only way to observe
+  # that the cap was hit.
   class Sandbox
     # Default per-channel capture ceiling: 1 MiB
-    # ({SPEC.md B-01 footnote}[link:../../SPEC.md]).
+    # ({SPEC.md B-01}[link:../../SPEC.md]).
     DEFAULT_OUTPUT_LIMIT = 1 << 20
 
+    # Default wall-clock timeout for a single +#run+: 60 seconds
+    # ({SPEC.md B-01}[link:../../SPEC.md]).
+    DEFAULT_TIMEOUT_SECONDS = 60.0
+
+    # Default cap on guest linear memory growth: 5 MiB
+    # ({SPEC.md B-01}[link:../../SPEC.md]).
+    DEFAULT_MEMORY_LIMIT = 5 << 20
+
     attr_reader :wasm_path, :instance,
-                :stdout_buffer, :stderr_buffer,
-                :stdout_limit, :stderr_limit, :services
+                :stdout_limit, :stderr_limit,
+                :timeout, :memory_limit, :services
 
-    # Returns the complete byte content guest wrote to stdout during the most
-    # recent +#run+ as a UTF-8 String, or an empty String before any +#run+
-    # call. {SPEC.md B-04}[link:../../SPEC.md]: may contain a +[truncated]+
-    # marker when the cap was hit.
+    # Returns the bytes the guest wrote to stdout during the most recent
+    # +#run+ as a UTF-8 String, clipped at +stdout_limit+. Empty before any
+    # +#run+ call. {SPEC.md B-04}[link:../../SPEC.md] — the byte content
+    # never contains a truncation sentinel; use +#stdout_truncated?+ to
+    # observe overflow.
     def stdout
-      @stdout_buffer.to_s
+      @stdout_capture.bytes
     end
 
-    # Returns the complete byte content guest wrote to stderr during the most
-    # recent +#run+ as a UTF-8 String, or an empty String before any +#run+
-    # call. {SPEC.md B-04}[link:../../SPEC.md]: may contain a +[truncated]+
-    # marker when the cap was hit.
+    # Returns the bytes the guest wrote to stderr during the most recent
+    # +#run+ as a UTF-8 String, clipped at +stderr_limit+. Empty before any
+    # +#run+ call. Mirror of +#stdout+.
     def stderr
-      @stderr_buffer.to_s
+      @stderr_capture.bytes
+    end
+
+    # Returns +true+ iff stdout capture during the most recent +#run+
+    # exceeded +stdout_limit+ ({SPEC.md B-04}[link:../../SPEC.md]). Resets
+    # to +false+ at the start of the next +#run+ ({SPEC.md
+    # B-03}[link:../../SPEC.md]).
+    def stdout_truncated?
+      @stdout_capture.truncated?
+    end
+
+    # Returns +true+ iff stderr capture during the most recent +#run+
+    # exceeded +stderr_limit+. Mirror of +#stdout_truncated?+.
+    def stderr_truncated?
+      @stderr_capture.truncated?
     end
 
     # Build a fresh Sandbox.
     #
     # +wasm_path+ is the absolute path to the Guest Binary; defaults to the
     # gem-bundled +data/kobako.wasm+. +stdout_limit+ and +stderr_limit+ cap
-    # the per-run byte ceiling for each capture channel (default 1 MiB).
-    def initialize(wasm_path: nil, stdout_limit: nil, stderr_limit: nil)
+    # the per-run byte ceiling for each capture channel (default 1 MiB;
+    # +nil+ disables the cap). +timeout+ is the wall-clock cap on a single
+    # +#run+ in seconds ({SPEC.md B-01}[link:../../SPEC.md]; default 60.0,
+    # +nil+ disables); +memory_limit+ caps guest linear memory growth in
+    # bytes ({SPEC.md B-01, E-20}[link:../../SPEC.md]; default 5 MiB,
+    # +nil+ disables).
+    def initialize(wasm_path: nil, stdout_limit: nil, stderr_limit: nil,
+                   timeout: DEFAULT_TIMEOUT_SECONDS,
+                   memory_limit: DEFAULT_MEMORY_LIMIT)
       @wasm_path = wasm_path || Kobako::Wasm.default_path
       @stdout_limit = stdout_limit || DEFAULT_OUTPUT_LIMIT
       @stderr_limit = stderr_limit || DEFAULT_OUTPUT_LIMIT
-      @instance = Kobako::Wasm::Instance.from_path(@wasm_path)
-      @stdout_buffer = OutputBuffer.new(@stdout_limit)
-      @stderr_buffer = OutputBuffer.new(@stderr_limit)
-      @services = Kobako::Registry.new
-      @instance.set_registry(@services)
+      @timeout = normalize_timeout(timeout)
+      @memory_limit = normalize_memory_limit(memory_limit)
+      @services = Kobako::RPC::Server.new
+      @instance = Kobako::Wasm::Instance.from_path(@wasm_path, @timeout, @memory_limit, @stdout_limit, @stderr_limit)
+      @instance.server = @services
+      clear_captures!
     end
 
-    # Declare or retrieve the Service Group named +name+ on this Sandbox
+    # Declare or retrieve the Namespace named +name+ on this Sandbox
     # ({SPEC.md B-07, B-09, B-10}[link:../../SPEC.md]). +name+ must be a
-    # Symbol or String in constant form. Returns the
-    # +Kobako::Registry::ServiceGroup+.
+    # Symbol or String in constant form. Returns the +Kobako::RPC::Namespace+.
     #
     # Raises +ArgumentError+ when called after +#run+, or when +name+ does
     # not match the constant-name pattern.
@@ -82,7 +114,7 @@ module Kobako
     #
     # Source delivery uses the WASI stdin two-frame protocol
     # ({SPEC.md ABI Signatures}[link:../../SPEC.md]): Frame 1 carries the
-    # msgpack-encoded preamble (Service Group registry snapshot) and Frame 2
+    # msgpack-encoded preamble (Namespace / Member registry snapshot) and Frame 2
     # carries the user script UTF-8 bytes. Each frame is prefixed by a
     # 4-byte big-endian u32 length.
     #
@@ -94,53 +126,101 @@ module Kobako
 
       @services.seal!
       reset_run_state!
-      preamble = @services.guest_preamble
-      @instance.setup_wasi_pipes(@stdout_limit, @stderr_limit, preamble, source.b)
 
-      invoke_guest_run
-      drain_wasi_output
-      outcome_bytes = read_outcome_bytes
-      OutcomeDecoder.decode(outcome_bytes)
+      run_guest(@services.encoded_preamble, source.b)
+      read_captures!
+      take_result!
     end
 
     private
 
+    # Coerce +timeout+ into the Float seconds the ext expects, or +nil+ to
+    # mean the cap is disabled ({SPEC.md B-01}[link:../../SPEC.md]). Any
+    # finite non-positive value is rejected — a zero or negative timeout
+    # would either fire instantly or never, both of which would surprise
+    # callers more than an early +ArgumentError+.
+    def normalize_timeout(timeout)
+      return nil if timeout.nil?
+      raise ArgumentError, "timeout must be Numeric or nil, got #{timeout.class}" unless timeout.is_a?(Numeric)
+
+      seconds = timeout.to_f
+      raise ArgumentError, "timeout must be > 0 (got #{timeout})" unless seconds.positive? && seconds.finite?
+
+      seconds
+    end
+
+    # Coerce +memory_limit+ into the byte cap the ext expects, or +nil+ to
+    # mean unbounded ({SPEC.md B-01, E-20}[link:../../SPEC.md]). Must be a
+    # positive Integer when set; +Float+ or zero/negative values are
+    # rejected.
+    def normalize_memory_limit(memory_limit)
+      return nil if memory_limit.nil?
+      unless memory_limit.is_a?(Integer) && memory_limit.positive?
+        raise ArgumentError, "memory_limit must be a positive Integer or nil, got #{memory_limit.inspect}"
+      end
+
+      memory_limit
+    end
+
     # Per-run state reset ({SPEC.md B-03}[link:../../SPEC.md]). Capture
-    # buffers and the HandleTable counter are zeroed before the guest runs.
+    # buffers, truncation predicates, and the HandleTable counter are
+    # zeroed before the guest runs.
     def reset_run_state!
       @services.reset_handles!
-      @stdout_buffer.clear
-      @stderr_buffer.clear
+      clear_captures!
     end
 
-    # Drain the WASI stdout/stderr pipes populated during the most recent
-    # guest execution into the bounded OutputBuffers
-    # ({SPEC.md B-04}[link:../../SPEC.md]). Must be called after
-    # `invoke_guest_run` and before the next reset.
-    def drain_wasi_output
-      stdout_bytes = @instance.take_stdout
-      stderr_bytes = @instance.take_stderr
-      @stdout_buffer << stdout_bytes unless stdout_bytes.empty?
-      @stderr_buffer << stderr_bytes unless stderr_bytes.empty?
+    # Reset both per-channel captures to the pre-run sentinel
+    # ({SPEC.md B-05}[link:../../SPEC.md]). Shared by +#initialize+
+    # (first-run setup) and +#reset_run_state!+ (between-run reset) so
+    # both paths agree on what "empty capture" means.
+    def clear_captures!
+      @stdout_capture = Capture::EMPTY
+      @stderr_capture = Capture::EMPTY
     end
 
-    # Invoke `__kobako_run`. Wraps wasmtime / wire errors in TrapError.
-    # Source was already delivered via the stdin two-frame protocol in
-    # `setup_wasi_pipes` before this call
-    # ({SPEC.md ABI Signatures}[link:../../SPEC.md]).
-    def invoke_guest_run
-      @instance.run
+    # Read the per-channel capture pairs (+[bytes, truncated]+) from the
+    # ext after a guest run completes and wrap each as a +Capture+ value
+    # object. The ext clips +bytes+ to the configured cap and sets
+    # +truncated+ when the guest produced strictly more than +cap+ bytes
+    # ({SPEC.md B-04}[link:../../SPEC.md]). Mirror of {#clear_captures!}
+    # at the post-run boundary.
+    def read_captures!
+      out_bytes, out_truncated = @instance.stdout
+      err_bytes, err_truncated = @instance.stderr
+      @stdout_capture = Capture.from_ext(out_bytes, out_truncated)
+      @stderr_capture = Capture.from_ext(err_bytes, err_truncated)
+    end
+
+    # Drive +Instance#run+ with the two stdin frames (preamble + source).
+    # Wraps wasmtime / wire errors in TrapError so the Sandbox layer maps
+    # cleanly to the three-class taxonomy. The configured-cap paths
+    # (SPEC.md E-19 / E-20) are routed to the named TrapError subclasses
+    # so callers that want to surface a specific reason can rescue them;
+    # everything else falls through to the base TrapError.
+    def run_guest(preamble, source)
+      @instance.run(preamble, source)
+    rescue Kobako::Wasm::TimeoutError => e
+      raise TimeoutError, "guest exceeded timeout: #{e.message}"
+    rescue Kobako::Wasm::MemoryLimitError => e
+      raise MemoryLimitError, "guest exceeded memory_limit: #{e.message}"
     rescue Kobako::Wasm::Error => e
       raise TrapError, "guest __kobako_run trapped: #{e.message}"
     end
 
-    # Pull the OUTCOME_BUFFER bytes out of guest memory. The +len=0+ case
-    # is forwarded to {OutcomeDecoder} as an empty String so a single
-    # boundary attributes every wire-violation outcome
+    # Take OUTCOME_BUFFER bytes from guest memory via +Instance#outcome!+
+    # and decode them into the Sandbox-level result — the unwrapped mruby
+    # return value, or a raised three-layer
+    # ({SPEC.md "Error Scenarios"}[link:../../SPEC.md]) exception. A zero-
+    # length outcome is delivered to +Kobako::Outcome+ as an empty String
+    # so a single boundary attributes every wire-violation outcome
     # ({SPEC.md ABI Signatures}[link:../../SPEC.md]).
-    def read_outcome_bytes
-      ptr, len = Kobako::Wasm.unpack_outcome_ptr_len(@instance.take_outcome)
-      @instance.read_memory(ptr, len)
+    #
+    # The bang reflects the destructive ext call beneath: the underlying
+    # +__kobako_take_outcome+ export invalidates the buffer pointer, so this
+    # method must be called at most once per +#run+.
+    def take_result!
+      Outcome.decode(@instance.outcome!)
     rescue Kobako::Wasm::Error => e
       raise TrapError, "failed to read OUTCOME_BUFFER: #{e.message}"
     end

data/lib/kobako/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Kobako
-  VERSION = "0.1.2"
+  VERSION = "0.2.0"
 end

data/lib/kobako/wasm.rb

@@ -5,10 +5,9 @@ module Kobako
   # (see ext/kobako/src/wasm.rs). This module is the foundational binding
   # layer for Sandbox (#14), the run path (#16) and RPC dispatch (#18).
   #
-  # The classes themselves (Engine / Module / Store / Instance) and the
-  # error hierarchy (Error / ModuleNotBuiltError) are defined from Rust at
-  # ext load time; this file only adds the pure-Ruby helpers that have no
-  # reason to live in Rust.
+  # The classes themselves (Instance) and the error hierarchy (Error /
+  # ModuleNotBuiltError) are defined from Rust at ext load time; this file
+  # only adds the pure-Ruby helpers that have no reason to live in Rust.
   module Wasm
     # Absolute path to the gem-bundled `data/kobako.wasm` artifact. Computed
     # from this file's location so it works for both `bundle exec` (running
@@ -16,20 +15,11 @@ module Kobako
     #
     # Returns a String regardless of whether the file currently exists —
     # call sites that need the file to be present should pass this through
-    # `Kobako::Wasm::Module.from_file`, which raises `ModuleNotBuiltError`
+    # +Kobako::Wasm::Instance.from_path+, which raises +ModuleNotBuiltError+
     # with a clear remediation message.
     def self.default_path
-      File.expand_path("../../data/kobako.wasm", __dir__)
-    end
-
-    # Unpack the +(ptr << 32) | len+ u64 produced by the Rust ext's
-    # +__kobako_take_outcome+ export. Returns +[ptr, len]+ as 32-bit
-    # unsigned integers. Pure-Ruby helper kept near the ABI surface so
-    # Sandbox does not have to carry bit-level wire layout.
-    def self.unpack_outcome_ptr_len(packed)
-      ptr = (packed >> 32) & 0xffff_ffff
-      len = packed & 0xffff_ffff
-      [ptr, len]
+      dir = __dir__ or raise Error, "Kobako::Wasm.default_path requires __dir__"
+      File.expand_path("../../data/kobako.wasm", dir)
     end
   end
 end

data/lib/kobako.rb

@@ -3,5 +3,7 @@
 require_relative "kobako/version"
 require "kobako/kobako"
 require_relative "kobako/errors"
+require_relative "kobako/rpc"
+require_relative "kobako/rpc/server"
 require_relative "kobako/wasm"
 require_relative "kobako/sandbox"

data/sig/kobako/capture.rbs

@@ -0,0 +1,13 @@
+module Kobako
+  class Capture
+    EMPTY: Capture
+
+    attr_reader bytes: String
+
+    def initialize: (bytes: String, truncated: bool) -> void
+
+    def truncated?: () -> bool
+
+    def self.from_ext: (String bytes, bool truncated) -> Capture
+  end
+end

data/sig/kobako/codec/decoder.rbs

@@ -0,0 +1,11 @@
+module Kobako
+  module Codec
+    module Decoder
+      def self.decode: (String bytes) -> untyped
+
+      private
+
+      def self.validate_utf8!: (untyped value) -> void
+    end
+  end
+end

data/sig/kobako/codec/encoder.rbs

@@ -0,0 +1,7 @@
+module Kobako
+  module Codec
+    module Encoder
+      def self.encode: (untyped value) -> String
+    end
+  end
+end

data/sig/kobako/codec/error.rbs

@@ -0,0 +1,18 @@
+module Kobako
+  module Codec
+    class Error < StandardError
+    end
+
+    class Truncated < Error
+    end
+
+    class InvalidType < Error
+    end
+
+    class InvalidEncoding < Error
+    end
+
+    class UnsupportedType < Error
+    end
+  end
+end

data/sig/kobako/codec/factory.rbs

@@ -0,0 +1,31 @@
+module Kobako
+  module Codec
+    class Factory
+      include Singleton
+      extend Forwardable
+      extend SingleForwardable
+
+      EXT_SYMBOL: Integer
+      EXT_HANDLE: Integer
+      EXT_ERRENV: Integer
+
+      def dump: (untyped value) -> String
+      def load: (String bytes) -> untyped
+
+      def self.dump: (untyped value) -> String
+      def self.load: (String bytes) -> untyped
+
+      private
+
+      def initialize: () -> void
+      def register_symbol: () -> void
+      def pack_symbol: (Symbol symbol) -> String
+      def unpack_symbol: (String payload) -> Symbol
+      def register_handle: () -> void
+      def register_fault: () -> void
+      def unpack_handle: (String payload) -> Kobako::RPC::Handle
+      def pack_fault: (Kobako::RPC::Fault fault) -> String
+      def unpack_fault: (String payload) -> Kobako::RPC::Fault
+    end
+  end
+end

data/sig/kobako/codec/utils.rbs

@@ -0,0 +1,9 @@
+module Kobako
+  module Codec
+    module Utils
+      def self?.assert_utf8!: (String string, String label) -> void
+
+      def self?.wire_boundary: [T] () { () -> T } -> T
+    end
+  end
+end

data/sig/kobako/errors.rbs

@@ -0,0 +1,52 @@
+module Kobako
+  class Error < StandardError
+  end
+
+  class TrapError < Error
+  end
+
+  class TimeoutError < TrapError
+  end
+
+  class MemoryLimitError < TrapError
+  end
+
+  class SandboxError < Error
+    attr_reader origin: String?
+    attr_reader klass: String?
+    attr_reader backtrace_lines: Array[String]?
+    attr_reader details: untyped
+
+    def initialize: (
+      String message,
+      ?origin: String?,
+      ?klass: String?,
+      ?backtrace_lines: Array[String]?,
+      ?details: untyped
+    ) -> void
+  end
+
+  class ServiceError < Error
+    attr_reader origin: String?
+    attr_reader klass: String?
+    attr_reader backtrace_lines: Array[String]?
+    attr_reader details: untyped
+
+    def initialize: (
+      String message,
+      ?origin: String?,
+      ?klass: String?,
+      ?backtrace_lines: Array[String]?,
+      ?details: untyped
+    ) -> void
+
+    class Disconnected < ServiceError
+    end
+  end
+
+  class HandleTableError < SandboxError
+  end
+
+  class HandleTableExhausted < HandleTableError
+  end
+end