kobako 0.1.2 → 0.2.0

data/lib/kobako/registry.rb

@@ -1,160 +0,0 @@
-# frozen_string_literal: true
-
-require "msgpack"
-require_relative "errors"
-require_relative "wire"
-require_relative "registry/service_group"
-require_relative "registry/handle_table"
-require_relative "registry/dispatcher"
-
-module Kobako
-  # Kobako::Registry — per-Sandbox container of Service Groups and Handle
-  # state. Manages capability injection and guest-initiated RPC dispatch
-  # ({SPEC.md B-07..B-21}[link:../../SPEC.md]).
-  #
-  # Public API:
-  #
-  #   registry = Kobako::Registry.new
-  #   group = registry.define(:MyService)    # => ServiceGroup
-  #   group.bind(:KV, kv_object)             # => group (chainable)
-  #   registry.to_preamble                   # => array for Frame 1
-  #   registry.dispatch(request_bytes)       # => msgpack bytes (delegated to Dispatcher)
-  #
-  # Service Groups are defined in +Kobako::Registry::ServiceGroup+
-  # (lib/kobako/registry/service_group.rb). The opaque Handle allocator lives
-  # in +Kobako::Registry::HandleTable+ (lib/kobako/registry/handle_table.rb).
-  # Dispatch helpers live in +Kobako::Registry::Dispatcher+
-  # (lib/kobako/registry/dispatcher.rb).
-  class Registry
-    # Ruby constant-name pattern shared by Group and Member names
-    # ({SPEC.md B-07/B-08 Notes}[link:../../SPEC.md]). Referenced by both
-    # +#define+ here and +ServiceGroup#bind+ — single source of truth so
-    # the validation rule cannot drift between the two boundaries.
-    NAME_PATTERN = /\A[A-Z]\w*\z/
-
-    # Build a fresh Registry. +handle_table+ is an internal seam that
-    # injects a pre-configured +HandleTable+; tests pass one whose +next_id+
-    # is pinned near +MAX_ID+ to exercise the B-21 cap-exhaustion path
-    # without 2³¹ allocations. Production callers leave it at the default.
-    def initialize(handle_table: HandleTable.new)
-      @groups = {}
-      @handle_table = handle_table
-      @sealed = false
-    end
-
-    # Declare or retrieve the Group named +name+ (idempotent — SPEC.md B-10).
-    # +name+ is a constant-form name as a +Symbol+ or +String+ (must satisfy
-    # +NAME_PATTERN+). Returns the +Kobako::Registry::ServiceGroup+ for that
-    # name, creating it if it does not exist. Raises +ArgumentError+ when
-    # +name+ is malformed, or when called after the owning Sandbox has been
-    # sealed by +#run+.
-    def define(name)
-      raise ArgumentError, "cannot define after Sandbox#run has been invoked" if @sealed
-
-      name_str = name.to_s
-      unless NAME_PATTERN.match?(name_str)
-        raise ArgumentError,
-              "GroupName must match #{NAME_PATTERN.inspect} (got #{name.inspect})"
-      end
-
-      @groups[name_str] ||= ServiceGroup.new(name_str)
-    end
-
-    # Resolve a +target+ path of the form +"GroupName::MemberName"+ to the
-    # bound Host object. +target+ is a two-level path using the +::+
-    # separator. Returns the bound Host object. Raises +KeyError+ when the
-    # group or the member is not bound.
-    def lookup(target)
-      group, member_name, group_name = resolve_pair(target)
-      raise KeyError, "no service group named #{group_name.inspect}" if group.nil?
-      raise KeyError, "no member #{target.inspect} bound in registry" unless member_name
-
-      group.fetch(member_name)
-    end
-
-    # Returns +true+ when +target+ (a +"GroupName::MemberName"+ path) resolves
-    # to a bound member, +false+ otherwise.
-    def bound?(target)
-      group, member_name, = resolve_pair(target)
-      !group.nil? && !member_name.nil? && !group[member_name].nil?
-    end
-
-    # Returns all declared +Kobako::Registry::ServiceGroup+ instances as an
-    # +Array+.
-    def groups
-      @groups.values
-    end
-
-    # Returns the number of declared groups as an +Integer+.
-    def size
-      @groups.size
-    end
-
-    # Returns +true+ when no groups have been declared, +false+ otherwise.
-    def empty?
-      @groups.empty?
-    end
-
-    # Structured Frame 1 description. Called by +Sandbox#run+ when assembling
-    # stdin Frame 1 ({SPEC.md B-02}[link:../../SPEC.md]). Returns an
-    # unencoded preamble array — an +Array+ of two-element +[name, members]+
-    # arrays, one per declared group.
-    def to_preamble
-      @groups.values.map(&:to_preamble)
-    end
-
-    # Encode the preamble as msgpack bytes for stdin Frame 1 delivery
-    # ({SPEC.md B-02}[link:../../SPEC.md]). Uses plain MessagePack (no
-    # kobako ext types) because the preamble contains only strings — no
-    # Handles or Exception envelopes. Structure:
-    # +[["GroupName", ["MemberA", "MemberB"]], ...]+. Returns a binary
-    # +String+ of msgpack bytes.
-    def guest_preamble
-      MessagePack.pack(to_preamble)
-    end
-
-    # Mark the Registry as sealed. Called by `Sandbox#run` on first run.
-    # After sealing, #define raises ArgumentError. Idempotent.
-    def seal!
-      @sealed = true
-      self
-    end
-
-    # Returns +true+ when {#seal!} has been called, +false+ otherwise.
-    def sealed?
-      @sealed
-    end
-
-    # Reset the HandleTable for a new +#run+ boundary. Called by +Sandbox#run+
-    # before each invocation ({SPEC.md B-19}[link:../../SPEC.md]).
-    def reset_handles!
-      @handle_table.reset!
-    end
-
-    # Dispatch a single RPC request and return the encoded response bytes
-    # ({SPEC.md B-12}[link:../../SPEC.md]). +request_bytes+ is a
-    # msgpack-encoded Request envelope. Called by the Rust ext from inside
-    # +__kobako_rpc_call+. Always returns a binary +String+ — never raises.
-    # Delegates to +Dispatcher.dispatch+ which reifies any failure as a
-    # +Response.err+ envelope so the guest sees the failure as a normal RPC
-    # error rather than a wasm trap.
-    def dispatch(request_bytes)
-      Dispatcher.dispatch(request_bytes, self)
-    end
-
-    # Expose the +Kobako::Registry::HandleTable+ for tests and wire-layer
-    # Handle wrapping.
-    attr_reader :handle_table
-
-    private
-
-    # Split +target+ on the +::+ separator and resolve the group half.
-    # Returns +[group_or_nil, member_str_or_nil, group_name_str]+ so each
-    # public method ({#lookup} / {#bound?}) only owns its boundary
-    # semantics (raise vs predicate).
-    def resolve_pair(target)
-      group_name, member_name = target.to_s.split("::", 2)
-      [@groups[group_name], member_name, group_name]
-    end
-  end
-end

data/lib/kobako/sandbox/outcome_decoder.rb

@@ -1,100 +0,0 @@
-# frozen_string_literal: true
-
-module Kobako
-  class Sandbox
-    # Pure-function decoder for the OUTCOME_BUFFER bytes returned by
-    # +__kobako_run+. Maps a tagged msgpack envelope to either the unwrapped
-    # mruby return value or a raised three-layer
-    # ({SPEC.md "Error Scenarios"}[link:../../../SPEC.md]) exception.
-    #
-    #   * tag 0x01, decode OK                 → return Result.value
-    #   * tag 0x01, decode fails              → SandboxError (E-09)
-    #   * tag 0x02, origin="service"          → ServiceError (E-13)
-    #   * tag 0x02, origin="sandbox"/missing  → SandboxError (E-04..E-07)
-    #   * tag 0x02, decode fails              → SandboxError (E-08)
-    #   * unknown tag                         → TrapError    (E-03)
-    module OutcomeDecoder
-      module_function
-
-      def decode(bytes)
-        tag, body = split_outcome_tag(bytes)
-        case tag
-        when Kobako::Wire::Envelope::OUTCOME_TAG_RESULT
-          decode_result(body)
-        when Kobako::Wire::Envelope::OUTCOME_TAG_PANIC
-          decode_panic(body)
-        else
-          raise trap_for_tag(tag)
-        end
-      end
-
-      # TrapError for unknown or absent tag
-      # ({SPEC.md ABI Signatures}[link:../../../SPEC.md]: len=0 and unknown-tag
-      # both walk the trap path).
-      def trap_for_tag(tag)
-        return TrapError.new("guest exited without writing an outcome (len=0)") if tag.nil?
-
-        TrapError.new(format("unknown outcome tag 0x%<tag>02x", tag: tag))
-      end
-
-      def split_outcome_tag(bytes)
-        bytes = bytes.b
-        [bytes.getbyte(0), bytes.byteslice(1, bytes.bytesize - 1)]
-      end
-
-      # Decode failure on a known Result tag is a SandboxError (E-09): the
-      # framing was fine, but the wrapped value is unrepresentable.
-      def decode_result(body)
-        Kobako::Wire::Envelope.decode_result(body).value
-      rescue Kobako::Wire::Codec::Error => e
-        raise wire_violation_error("result envelope decode failed: #{e.message}")
-      end
-
-      # Decode failure on a known Panic tag is a SandboxError (E-08). Either
-      # path raises — on success the decoded Panic is mapped to its three-
-      # layer exception via +build_panic_error+ and raised; on wire-decode
-      # failure the rescue path raises the wire-violation +SandboxError+.
-      # Symmetric with +decode_result+ — both have signature
-      # "decode body and return value, or raise".
-      def decode_panic(body)
-        raise build_panic_error(Kobako::Wire::Envelope.decode_panic(body))
-      rescue Kobako::Wire::Codec::Error => e
-        raise wire_violation_error("panic envelope decode failed: #{e.message}")
-      end
-
-      # Map a decoded Panic envelope into the corresponding three-layer
-      # Ruby exception. +origin == "service"+ → ServiceError (with the
-      # +::Disconnected+ subclass selected when the panic carries the
-      # disconnected sentinel —
-      # {SPEC "Error Classes"}[link:../../../SPEC.md]); everything else
-      # → SandboxError.
-      def build_panic_error(panic)
-        panic_target_class(panic).new(
-          panic.message,
-          origin: panic.origin,
-          klass: panic.klass,
-          backtrace_lines: panic.backtrace,
-          details: panic.details
-        )
-      end
-
-      # {SPEC "Error Classes"}[link:../../../SPEC.md]: when
-      # +origin="service"+ and the panic +class+ field names
-      # +ServiceError::Disconnected+, surface that subclass so callers can
-      # rescue the disconnected path specifically (E-14).
-      def panic_target_class(panic)
-        return SandboxError unless panic.origin == Kobako::Wire::Envelope::Panic::ORIGIN_SERVICE
-
-        panic.klass == "Kobako::ServiceError::Disconnected" ? ServiceError::Disconnected : ServiceError
-      end
-
-      def wire_violation_error(message)
-        SandboxError.new(
-          message,
-          origin: Kobako::Wire::Envelope::Panic::ORIGIN_SANDBOX,
-          klass: "Kobako::WireError"
-        )
-      end
-    end
-  end
-end

data/lib/kobako/sandbox/output_buffer.rb

@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-module Kobako
-  class Sandbox
-    # In-memory bounded byte buffer for one of the guest's output channels.
-    # Tracks accumulated bytes (binary-encoded) and enforces the per-channel
-    # cap by truncating-with-marker ({SPEC.md B-04}[link:../../../SPEC.md]).
-    #
-    # When the accumulated byte count would exceed the limit, the buffer keeps
-    # as many leading bytes as fit and seals itself. Subsequent appends are
-    # discarded. On the next read, +OUTPUT_TRUNCATION_MARKER+ is appended to
-    # signal the overflow to the caller.
-    class OutputBuffer
-      # Marker appended to a buffer that hit its capture limit
-      # ({SPEC.md B-04}[link:../../../SPEC.md]).
-      OUTPUT_TRUNCATION_MARKER = "[truncated]"
-
-      attr_reader :limit
-
-      def initialize(limit)
-        raise ArgumentError, "limit must be a positive Integer" unless limit.is_a?(Integer) && limit.positive?
-
-        @limit = limit
-        @bytes = String.new(encoding: Encoding::ASCII_8BIT)
-        @truncated = false
-      end
-
-      # Append +bytes+ to the buffer. If the append would push the
-      # cumulative byte count past the limit, the buffer keeps as many
-      # leading bytes as fit and seals itself; subsequent appends are
-      # discarded. {SPEC.md B-04}[link:../../../SPEC.md] — truncation is a
-      # non-error outcome.
-      def <<(bytes)
-        return self if @truncated
-
-        appended = bytes.to_s.b
-        room = @limit - @bytes.bytesize
-        if appended.bytesize <= room
-          @bytes << appended
-        else
-          @bytes << appended.byteslice(0, room) if room.positive?
-          @truncated = true
-        end
-        self
-      end
-
-      # Returns +true+ when the buffer was sealed by an overflow.
-      def truncated?
-        @truncated
-      end
-
-      # Returns the number of bytes currently stored.
-      def bytesize
-        @bytes.bytesize
-      end
-
-      # Returns +true+ when the buffer is empty.
-      def empty?
-        @bytes.empty?
-      end
-
-      # Returns the accumulated bytes as a UTF-8 String, with the
-      # +[truncated]+ marker appended when the buffer overflowed.
-      def to_s
-        copy = @bytes.dup
-        copy << OUTPUT_TRUNCATION_MARKER.b if @truncated
-        copy.force_encoding(Encoding::UTF_8)
-        copy.valid_encoding? ? copy : copy.dup.force_encoding(Encoding::ASCII_8BIT)
-      end
-
-      # Reset the buffer to empty. Used at the per-+#run+ boundary.
-      def clear
-        @bytes.clear
-        @truncated = false
-        self
-      end
-    end
-  end
-end

data/lib/kobako/wire/codec/decoder.rb

@@ -1,87 +0,0 @@
-# frozen_string_literal: true
-
-require "msgpack"
-
-require_relative "error"
-require_relative "../handle"
-require_relative "../exception"
-require_relative "factory"
-
-module Kobako
-  module Wire
-    module Codec
-      # Module-level entry point for the host side of the kobako wire
-      # (SPEC.md → Wire Codec → Type Mapping).
-      #
-      # Translates msgpack gem exceptions into the kobako error taxonomy
-      # ({Truncated}, {InvalidType}, {InvalidEncoding}, {UnsupportedType}) so
-      # callers can pattern-match on the SPEC's wire-violation categories
-      # without leaking the gem's internal exception classes.
-      #
-      # Public API is a single function — {.decode}. The decoder is
-      # stateless; the +MessagePack::Unpacker+ instance is built per call
-      # because callers always decode exactly one wire value at a time.
-      module Decoder
-        # The msgpack gem raises these for type/format violations; +ArgumentError+
-        # also comes from our ext-type validators (Handle id range, Exception
-        # type whitelist). All surface as {InvalidType}.
-        INVALID_TYPE_ERRORS = [
-          ::MessagePack::UnknownExtTypeError,
-          ::MessagePack::MalformedFormatError,
-          ::MessagePack::StackError,
-          ::ArgumentError
-        ].freeze
-        private_constant :INVALID_TYPE_ERRORS
-
-        # +UnpackError+ is the gem's umbrella class for short-read / incomplete-buffer
-        # faults; +EOFError+ covers underflow at the buffer edge. Both map to {Truncated}.
-        TRUNCATED_ERRORS = [::MessagePack::UnpackError, ::EOFError].freeze
-        private_constant :TRUNCATED_ERRORS
-
-        # Decode +bytes+ into one Ruby value and validate transitively
-        # against the SPEC type mapping. Raises {Truncated}, {InvalidType},
-        # or {InvalidEncoding} on wire violations.
-        def self.decode(bytes)
-          value = Factory.instance.load(bytes.b)
-          validate_utf8!(value)
-          value
-        rescue *INVALID_TYPE_ERRORS => e
-          raise InvalidType, e.message
-        rescue *TRUNCATED_ERRORS => e
-          raise Truncated, e.message
-        rescue ::EncodingError => e
-          raise InvalidEncoding, e.message
-        end
-
-        # SPEC pins +str+ family payloads to UTF-8 (Wire Codec → str/bin
-        # Encoding Rules). The msgpack gem returns UTF-8-tagged Strings for
-        # str family but does not validate the bytes; +bin+ family decodes
-        # to ASCII-8BIT. Walk the tree once and reject invalid UTF-8 in any
-        # str-typed leaf. {Exception} payloads are validated transitively:
-        # +Factory.unpack_exception+ feeds the inner ext-0x02 bytes back
-        # through this Decoder, so their +str+ fields are already covered
-        # by the time control returns here.
-        def self.validate_utf8!(value)
-          case value
-          when String then validate_string_utf8!(value)
-          when Array  then value.each { |v| validate_utf8!(v) }
-          when Hash   then value.each_pair { |k, v| validate_pair_utf8!(k, v) }
-          end
-        end
-        private_class_method :validate_utf8!
-
-        def self.validate_string_utf8!(value)
-          return unless value.encoding == Encoding::UTF_8
-          raise InvalidEncoding, "str payload is not valid UTF-8" unless value.valid_encoding?
-        end
-        private_class_method :validate_string_utf8!
-
-        def self.validate_pair_utf8!(key, value)
-          validate_utf8!(key)
-          validate_utf8!(value)
-        end
-        private_class_method :validate_pair_utf8!
-      end
-    end
-  end
-end

data/lib/kobako/wire/codec/encoder.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require "msgpack"
-
-require_relative "error"
-require_relative "../handle"
-require_relative "../exception"
-require_relative "factory"
-
-module Kobako
-  module Wire
-    module Codec
-      # Module-level entry point for the host side of the kobako wire
-      # (SPEC.md → Wire Codec → Type Mapping).
-      #
-      # The codec backbone is the official +msgpack+ gem: integers, floats,
-      # strings, arrays, and maps go through the gem's narrowest-encoding
-      # logic; the three kobako-specific ext types (0x00 Symbol, 0x01
-      # Capability Handle, 0x02 Exception envelope) are registered on
-      # +Factory+ via {Kobako::Wire::Codec::Factory.instance}.
-      #
-      # Public API is a single function — {.encode}. The codec is stateless;
-      # there is no buffer accumulator and no streaming write API. Callers
-      # that need to concatenate multiple encodings build the bytes
-      # themselves (see {Envelope.encode_outcome} for the canonical example).
-      module Encoder
-        # Encode +value+ to wire bytes (binary-encoded String).
-        # Wire violations surface as +UnsupportedType+: SPEC's 12-entry type
-        # mapping is a closed set, and anything outside it is rejected by
-        # the msgpack gem itself (arbitrary objects raise +NoMethodError+
-        # from missing +to_msgpack+, integers outside i64..u64 raise
-        # +RangeError+).
-        def self.encode(value)
-          Factory.instance.dump(value)
-        rescue ::RangeError, ::NoMethodError => e
-          raise UnsupportedType, e.message
-        end
-      end
-    end
-  end
-end

data/lib/kobako/wire/codec/error.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Kobako
-  module Wire
-    module Codec
-      # Base class for all wire-codec faults raised by the pure-Ruby host codec.
-      #
-      # The wire codec implements the binary contract pinned in SPEC.md
-      # (Wire Codec → Type Mapping). Every wire violation surfaces as a
-      # subclass of {Error} so callers can pattern-match on the specific
-      # fault while still rescuing all codec faults via this base class.
-      #
-      # Higher layers (e.g. the Sandbox dispatch loop) translate these into
-      # the public {Kobako::SandboxError} / {Kobako::TrapError} taxonomy.
-      class Error < StandardError; end
-
-      # Input ended before the type prefix or payload was fully consumed.
-      class Truncated < Error; end
-
-      # The type byte at the current position is not in the 12-entry kobako
-      # type mapping (e.g. an unknown ext code, or a reserved msgpack tag).
-      class InvalidType < Error; end
-
-      # A msgpack `str` payload was not valid UTF-8, or an ext 0x00 Symbol
-      # payload was not valid UTF-8 — both are wire violations per SPEC.
-      class InvalidEncoding < Error; end
-
-      # The encoder was handed a Ruby object whose type has no wire
-      # representation (e.g. Range, Time). Higher layers may catch this
-      # and re-route the value through Handle allocation, but at the
-      # codec level it is a hard error.
-      class UnsupportedType < Error; end
-    end
-  end
-end

data/lib/kobako/wire/codec/factory.rb

@@ -1,136 +0,0 @@
-# frozen_string_literal: true
-
-require "msgpack"
-
-require_relative "error"
-require_relative "../handle"
-require_relative "../exception"
-
-module Kobako
-  module Wire
-    module Codec
-      # Cached +MessagePack::Factory+ that owns the kobako wire ext-type
-      # registration (SPEC.md → Wire Codec → Ext Types).
-      #
-      # The factory is the single place in the host gem that touches msgpack
-      # API — both {Encoder} and {Decoder} delegate through it, so the three
-      # kobako ext codes (0x00 Symbol, 0x01 Capability Handle, 0x02 Exception
-      # envelope) are configured exactly once at module load.
-      module Factory
-        # MessagePack ext type code reserved for Symbol
-        # (SPEC.md → Wire Codec → Ext Types → ext 0x00). Module-private —
-        # mirrors +codec::EXT_SYMBOL+ on the Rust side.
-        EXT_SYMBOL = 0x00
-        # MessagePack ext type code reserved for Capability Handle
-        # (SPEC.md → Wire Codec → Ext Types → ext 0x01). Module-private —
-        # mirrors +codec::EXT_HANDLE+ on the Rust side.
-        EXT_HANDLE = 0x01
-        # MessagePack ext type code reserved for Exception envelope
-        # (SPEC.md → Wire Codec → Ext Types → ext 0x02). Module-private —
-        # mirrors +codec::EXT_ERRENV+ on the Rust side.
-        EXT_ERRENV = 0x02
-        private_constant :EXT_SYMBOL, :EXT_HANDLE, :EXT_ERRENV
-
-        # Returns the lazily-built process-wide +MessagePack::Factory+.
-        def self.instance
-          @instance ||= build
-        end
-
-        # Build a fresh factory. Exposed for tests that need an isolated
-        # instance; production code should call {.instance}.
-        def self.build
-          factory = MessagePack::Factory.new
-          register_symbol_type(factory)
-          register_handle_type(factory)
-          register_exception_type(factory)
-          factory
-        end
-
-        def self.register_symbol_type(factory)
-          factory.register_type(
-            EXT_SYMBOL, Symbol,
-            packer: lambda(&:name),
-            unpacker: ->(payload) { decode_symbol(payload) }
-          )
-        end
-        private_class_method :register_symbol_type
-
-        # Validate the ext-0x00 payload as UTF-8 and intern. Raises
-        # {InvalidEncoding} on invalid bytes — SPEC forbids the
-        # binary-encoding fallback that msgpack-gem's default unpacker
-        # would otherwise apply.
-        def self.decode_symbol(payload)
-          name = payload.b.force_encoding(Encoding::UTF_8)
-          raise InvalidEncoding, "ext 0x00 payload is not valid UTF-8" unless name.valid_encoding?
-
-          name.to_sym
-        end
-        private_class_method :decode_symbol
-
-        def self.register_handle_type(factory)
-          factory.register_type(
-            EXT_HANDLE, Handle,
-            packer: ->(handle) { [handle.id].pack("N") },
-            unpacker: ->(payload) { decode_handle(payload) }
-          )
-        end
-        private_class_method :register_handle_type
-
-        def self.register_exception_type(factory)
-          factory.register_type(
-            EXT_ERRENV, Exception,
-            packer: ->(exc) { pack_exception(exc) },
-            unpacker: ->(payload) { unpack_exception(payload) }
-          )
-        end
-        private_class_method :register_exception_type
-
-        # Peel off the fixext-4 frame, hand the bytes to +Handle.new+, and
-        # translate the +ArgumentError+ raised by Handle's invariants into
-        # a wire-layer +InvalidType+ via {Codec.translate_value_object_error}.
-        # The Value Object owns the id-range contract; this method only
-        # owns the frame shape.
-        def self.decode_handle(payload)
-          bytes = payload.b
-          raise InvalidType, "ext 0x01 payload must be 4 bytes, got #{bytes.bytesize}" unless bytes.bytesize == 4
-
-          Codec.translate_value_object_error { Handle.new(bytes.unpack1("N")) }
-        end
-        private_class_method :decode_handle
-
-        # Encode the inner ext-0x02 map via {Encoder} (not +factory.dump+) so
-        # the embedded payload flows through the same boundary as a top-level
-        # encode — nested kobako values (Handle, nested Exception) reach the
-        # registered ext-type packers via the cached {.instance}.
-        def self.pack_exception(exc)
-          Encoder.encode("type" => exc.type, "message" => exc.message, "details" => exc.details)
-        end
-        private_class_method :pack_exception
-
-        # Peel the embedded msgpack map and hand it to +Exception.new+;
-        # translate the value-object's +ArgumentError+ into +InvalidType+
-        # at the wire boundary. Inner decode goes through {Decoder} (not
-        # +factory.load+) so the embedded +str+ payloads flow through the
-        # same UTF-8 validation as a top-level decode.
-        #
-        # This establishes a runtime cycle Factory → Decoder → Factory:
-        # the cached +.instance+ feeds +Decoder.decode+, which re-enters
-        # this method when a nested ext 0x02 appears inside +details+. The
-        # recursion is bounded by msgpack nesting depth — identical to
-        # nested Array / Hash payloads — so no extra guard is needed.
-        # Do not switch back to +factory.load+ to "simplify": that path
-        # bypasses UTF-8 validation and re-opens the Decoder's special
-        # case for Exception (removed in M5).
-        def self.unpack_exception(payload)
-          map = Decoder.decode(payload)
-          raise InvalidType, "ext 0x02 payload must be a map" unless map.is_a?(Hash)
-
-          Codec.translate_value_object_error do
-            Exception.new(type: map["type"], message: map["message"], details: map["details"])
-          end
-        end
-        private_class_method :unpack_exception
-      end
-    end
-  end
-end

data/lib/kobako/wire/codec.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "codec/error"
-
-module Kobako
-  module Wire
-    # Host-side MessagePack codec for the kobako wire contract — the
-    # byte-level layer (SPEC.md → Wire Codec). The envelope layer
-    # (Kobako::Wire::Envelope) sits on top of this and pins the four
-    # logical message shapes (Request / Response / Result / Panic).
-    #
-    # Backed by the official +msgpack+ gem via {Factory}; {Encoder} and
-    # {Decoder} are thin wrappers that register the three kobako-specific
-    # ext types (0x00 Symbol, 0x01 Capability Handle, 0x02 Exception
-    # envelope) on a single +MessagePack::Factory+ instance. The Rust side
-    # mirrors this layer as the +codec+ module in the +kobako-wasm+ crate;
-    # the ext-code constants live as module-private values on {Factory}
-    # alongside +codec::EXT_SYMBOL+ / +codec::EXT_HANDLE+ /
-    # +codec::EXT_ERRENV+ on that side.
-    module Codec
-      # Wire-boundary translator: every wire Value Object (Handle /
-      # Exception / Request / Response / Panic / Outcome) raises
-      # +ArgumentError+ when an invariant is violated at construction.
-      # The wire boundary surfaces those violations to callers as
-      # +InvalidType+ so the public taxonomy stays +Codec::Error+ and
-      # never leaks +ArgumentError+ from the Ruby standard library.
-      #
-      # Wrap any block that constructs a wire Value Object from decoded
-      # bytes with this helper to keep the five decode sites (Request /
-      # Response / Panic / Handle ext / Exception ext) uniform. Do not
-      # use it for general-purpose validation outside the wire boundary
-      # — host-layer +ArgumentError+ values should propagate unchanged.
-      def self.translate_value_object_error
-        yield
-      rescue ::ArgumentError => e
-        raise InvalidType, e.message
-      end
-    end
-  end
-end
-
-require_relative "codec/factory"
-require_relative "codec/encoder"
-require_relative "codec/decoder"