Skip to content
Physics Invariants

deps(security): cryptography >= 46.0.7 (GHSA-p423-j2cm-9vmq) (#227) #364

Sign in to view logs

deps(security): cryptography >= 46.0.7 (GHSA-p423-j2cm-9vmq) (#227)

deps(security): cryptography >= 46.0.7 (GHSA-p423-j2cm-9vmq) (#227) #364

Workflow file for this run

.github/workflows/physics-invariants.yml at 3cf2010
name: Physics Invariants
on:
push:
pull_request:
permissions:
contents: read
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: 'true'
jobs:
physics-invariants:
name: physics-invariants
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: '3.11'
- name: Membrane check (geosync must not import coherence_bridge)
run: |
set -euo pipefail
python scripts/guards/membrane_ast_guard.py
- name: Runtime membrane check (coherence_bridge absent from isolated geosync path)
run: |
set -euo pipefail
python scripts/guards/runtime_membrane_guard.py
- name: Invariant check (semantic gamma formula guard)
run: |
set -euo pipefail
python - <<'PY'
import ast
import pathlib
def uses_hurst(node: ast.AST) -> bool:
return any(isinstance(n, ast.Name) and n.id.lower() == 'hurst' for n in ast.walk(node))
def is_const_one(node: ast.AST) -> bool:
return isinstance(node, ast.Constant) and isinstance(node.value, (int, float)) and float(node.value) == 1.0
bad = []
for path in pathlib.Path('geosync').rglob('*.py'):
tree = ast.parse(path.read_text(encoding='utf-8'))
for n in ast.walk(tree):
if isinstance(n, ast.BinOp) and isinstance(n.op, ast.Sub):
if is_const_one(n.right) and uses_hurst(n.left):
bad.append(f"{path}:{getattr(n, 'lineno', '?')} suspicious hurst-1 expression")
if bad:
raise SystemExit("Invalid gamma-pattern semantics detected:\n" + "\n".join(bad))
print('gamma semantic invariant scan passed')
PY