271 lines
9.4 KiB
Plaintext
271 lines
9.4 KiB
Plaintext
-- allium: 1
|
|
-- bDS Scripting System
|
|
-- Scope: core (Wave 6 — scripting behaviour and file contracts)
|
|
-- Distilled from: src/main/engine/ScriptEngine.ts, schema.ts
|
|
-- Lua is the normative scripting language for user-authored scripts in the
|
|
-- rewrite. The concrete embedding strategy remains an implementation choice;
|
|
-- only the behavioural contract is normative here.
|
|
|
|
config {
|
|
script_extension: String = "lua"
|
|
macro_timeout: Duration = 10.seconds
|
|
transform_max_toasts_per_script: Integer = 5
|
|
transform_max_toasts_total: Integer = 20
|
|
transform_max_toast_length: Integer = 300
|
|
}
|
|
|
|
enum ScriptStatus {
|
|
draft
|
|
published
|
|
}
|
|
|
|
entity Script {
|
|
slug: String
|
|
title: String
|
|
kind: macro | utility | transform
|
|
entrypoint: String -- named Lua function used as the script entrypoint
|
|
enabled: Boolean
|
|
status: ScriptStatus
|
|
content: String?
|
|
version: Integer
|
|
file_path: String
|
|
created_at: Timestamp
|
|
updated_at: Timestamp
|
|
|
|
-- Derived
|
|
content_location: if status = published: file_path else: content
|
|
|
|
transitions status {
|
|
draft -> published
|
|
published -> draft
|
|
}
|
|
}
|
|
|
|
surface ScriptSurface {
|
|
context script: Script
|
|
|
|
exposes:
|
|
script.slug
|
|
script.title
|
|
script.kind
|
|
script.entrypoint
|
|
script.enabled
|
|
script.status
|
|
script.content when script.content != null
|
|
script.version
|
|
script.file_path
|
|
script.created_at
|
|
script.updated_at
|
|
script.content_location
|
|
}
|
|
|
|
surface ScriptManagementSurface {
|
|
facing _: ScriptOperator
|
|
|
|
provides:
|
|
CreateScriptRequested(title, kind, content, entrypoint)
|
|
CreateAndPublishScriptRequested(title, kind, content, entrypoint)
|
|
UpdateScriptRequested(script, changes)
|
|
PublishScriptRequested(script)
|
|
DeleteScriptRequested(script)
|
|
RunUtilityRequested(script)
|
|
MacroExpansionRequested(script, template_context)
|
|
BlogmarkReceived(data)
|
|
RebuildScriptsFromFilesRequested(project)
|
|
}
|
|
|
|
surface ScriptRuntimeSurface {
|
|
facing _: ScriptRuntime
|
|
|
|
provides:
|
|
ValidateScript(source)
|
|
ExecuteScriptRequested(script, entrypoint, args, progress_sink)
|
|
|
|
@guarantee SandboxedExecution
|
|
-- User-authored Lua executes from a sandboxed runtime state.
|
|
-- Filesystem mutation, process control, package loading, and other
|
|
-- unrestricted host capabilities are unavailable unless explicitly
|
|
-- re-exposed by the host application.
|
|
|
|
@guarantee ExplicitHostCapabilities
|
|
-- Host-provided functions are exposed only through an explicit bds.*
|
|
-- capability table, never through ambient global access.
|
|
|
|
@guarantee MacroTimeout
|
|
-- Macro execution has a short timeout budget of config.macro_timeout.
|
|
|
|
@guarantee ManagedBatchExecution
|
|
-- Utility and transform scripts execute as managed jobs.
|
|
-- The contract does not define a fixed wall-clock limit for those
|
|
-- jobs because batch work can legitimately scale with project size.
|
|
-- Progress reporting, operator cancellation, and host orchestration
|
|
-- govern their lifecycle instead of a fixed timeout.
|
|
|
|
@guarantee ProgressFeedback
|
|
-- Long-running utility and transform scripts may emit progress updates
|
|
-- through explicit host APIs during execution.
|
|
-- Progress reporting is cooperative and flows through the supplied
|
|
-- progress sink rather than ambient global side effects.
|
|
|
|
@guarantee BatchCancellation
|
|
-- Managed utility and transform jobs can be cancelled by the host
|
|
-- operator boundary.
|
|
}
|
|
|
|
invariant UniqueScriptSlug {
|
|
for a in Scripts:
|
|
for b in Scripts:
|
|
a != b implies a.slug != b.slug
|
|
}
|
|
|
|
invariant ScriptFileLayout {
|
|
for s in Scripts where file_path != "":
|
|
s.file_path = format("scripts/{slug}.{extension}", slug: s.slug, extension: config.script_extension)
|
|
}
|
|
-- Script files use standard --- YAML frontmatter
|
|
|
|
rule CreateScript {
|
|
when: CreateScriptRequested(title, kind, content, entrypoint)
|
|
let slug = slugify(title)
|
|
-- Creates a draft script: content stored in DB, no file written yet
|
|
ensures:
|
|
let new_script = Script.created(
|
|
slug: slug,
|
|
title: title,
|
|
kind: kind,
|
|
content: content,
|
|
entrypoint: entrypoint ?? if kind = macro: "render" else: "main",
|
|
status: draft,
|
|
enabled: true,
|
|
version: 1,
|
|
file_path: ""
|
|
)
|
|
new_script.status = draft
|
|
}
|
|
|
|
rule UpdateScript {
|
|
when: UpdateScriptRequested(script, changes)
|
|
ensures: ScriptFieldsUpdated(script, changes)
|
|
ensures: script.updated_at = now
|
|
ensures: script.version = script.version + 1
|
|
}
|
|
|
|
rule ReopenPublishedScript {
|
|
when: UpdateScriptRequested(script, changes)
|
|
requires: script.status = published
|
|
requires: script_changes_affect_published_output(changes)
|
|
ensures: script.status = draft
|
|
}
|
|
|
|
rule CreateAndPublishScript {
|
|
-- Alternative creation path: create + immediately publish (file written)
|
|
-- Some implementations may expose this as a single user action
|
|
when: CreateAndPublishScriptRequested(title, kind, content, entrypoint)
|
|
let slug = slugify(title)
|
|
requires: ValidateScript(content) = valid
|
|
ensures:
|
|
let new_script = Script.created(
|
|
slug: slug,
|
|
title: title,
|
|
kind: kind,
|
|
content: null,
|
|
entrypoint: entrypoint ?? if kind = macro: "render" else: "main",
|
|
status: published,
|
|
enabled: true,
|
|
version: 1,
|
|
file_path: format("scripts/{slug}.{extension}", slug: slug, extension: config.script_extension)
|
|
)
|
|
ScriptFileWritten(new_script)
|
|
}
|
|
|
|
rule PublishScript {
|
|
when: PublishScriptRequested(script)
|
|
requires: script.status = draft
|
|
requires: ValidateScript(script.content) = valid
|
|
-- Lua parsing must succeed before a script can be published
|
|
ensures: script.status = published
|
|
ensures: ScriptFileWritten(script)
|
|
ensures: script.content = null
|
|
}
|
|
|
|
rule DeleteScript {
|
|
when: DeleteScriptRequested(script)
|
|
ensures: not exists script
|
|
ensures: ScriptFileDeleted(script)
|
|
}
|
|
|
|
-- Script execution contracts by kind
|
|
|
|
rule ExecuteMacro {
|
|
when: MacroExpansionRequested(script, template_context)
|
|
requires: script.kind = macro
|
|
requires: script.enabled = true
|
|
requires: script.entrypoint != ""
|
|
-- Macro scripts are invoked during template rendering
|
|
-- via [[slug param1=value1 param2=value2]] syntax in post content
|
|
-- Unknown macro names are resolved against enabled macro scripts by slug.
|
|
-- They receive named parameters plus template_context.env fields that
|
|
-- include isPreview, mainLanguage, languagePrefix, hook, source.kind,
|
|
-- and translations.
|
|
-- They return HTML and run sequentially with config.macro_timeout per
|
|
-- invocation.
|
|
-- Macro failures degrade to empty output for that invocation and do not
|
|
-- abort rendering of the surrounding page.
|
|
ensures: MacroOutputProduced(script, html_output)
|
|
}
|
|
|
|
rule ExecuteUtility {
|
|
when: RunUtilityRequested(script)
|
|
requires: script.kind = utility
|
|
requires: script.enabled = true
|
|
requires: script.entrypoint != ""
|
|
-- Utility scripts commonly perform long-running data manipulation work.
|
|
-- They are manually started by an operator action, run as managed jobs,
|
|
-- may issue host-backed API calls, may emit progress during execution,
|
|
-- and may be cancelled by the operator.
|
|
ensures: UtilityOutputProduced(script, stdout)
|
|
}
|
|
|
|
rule ExecuteTransform {
|
|
when: BlogmarkReceived(data)
|
|
-- Transform scripts run sequentially on blogmark deep link data
|
|
-- Input: title, content, tags, categories, source url
|
|
-- Each transform can modify the data before post creation.
|
|
-- Execution uses the same managed job host API contract as other batch
|
|
-- scripts and may report progress while mass-processing remote or local
|
|
-- content.
|
|
let transforms = Scripts where kind = transform and enabled = true
|
|
for t in ordered_by(transforms, s => s.updated_at, s => s.slug, s => s.id):
|
|
requires: t.entrypoint != ""
|
|
ensures: TransformApplied(t, data)
|
|
|
|
@guarantee TransformTrigger
|
|
-- Transform scripts are triggered automatically by blogmark import.
|
|
-- Each script receives the current post candidate plus a context with
|
|
-- source='blogmark' and the originating URL.
|
|
|
|
@guarantee TransformPipelineContinuation
|
|
-- Transform errors are captured per script and do not roll back the
|
|
-- last valid post state produced by earlier transforms.
|
|
-- The pipeline continues with subsequent enabled transforms.
|
|
|
|
@guarantee TransformToastBudget
|
|
-- Transform scripts may emit toast feedback.
|
|
-- At most config.transform_max_toasts_per_script toasts are accepted
|
|
-- from any one transform, with a total budget of
|
|
-- config.transform_max_toasts_total across the pipeline.
|
|
-- Individual toast messages are truncated to
|
|
-- config.transform_max_toast_length characters.
|
|
|
|
@guidance
|
|
-- bds://new-post deep links from browser bookmarks
|
|
-- Ordering is deterministic: updated_at, then slug, then id
|
|
}
|
|
|
|
rule RebuildScriptsFromFiles {
|
|
when: RebuildScriptsFromFilesRequested(project)
|
|
for file in scan_directory(project.effective_data_dir + "/scripts", "*." + config.script_extension):
|
|
let parsed = parse_script_file(file)
|
|
ensures: Script.created(parsed)
|
|
}
|