Skip to content

fix(sight): sync FFI header + drift guard + example#667

Merged
chengshuyi merged 3 commits into
alibaba:mainfrom
jfeng18:feat/ffi-header-sync
Jun 8, 2026
Merged

fix(sight): sync FFI header + drift guard + example#667
chengshuyi merged 3 commits into
alibaba:mainfrom
jfeng18:feat/ffi-header-sync

Conversation

@jfeng18

@jfeng18 jfeng18 commented May 31, 2026

Copy link
Copy Markdown
Contributor

What

The hand-maintained C declarations in cbindgen.toml's after_includes block had drifted from the actual FFI surface in src/ffi.rs:

  • declared the deleted agentsight_config_add_domain_rule
  • missing the newer agentsight_config_add_https / agentsight_config_add_http
  • examples/agentsight_example.c still called the deleted symbol (would not link)

Root cause: cbindgen 0.27 does not recognize Rust 2024's #[unsafe(no_mangle)] attribute and silently skips every exported function, so the toml has item_types = ["structs"] and the function list is pasted manually — with no mechanical check.

Changes (3 commits)

  1. chore(sight): sync FFI header with current ffi.rs — re-syncs the toml after_includes block to match the actual 16 FFI exports; rewrites the NOTE to separate the two independent workarounds (item_types=["structs"] is required even after a cbindgen upgrade, to keep unrelated pub consts out of the public header).
  2. feat(sight): add drift guard for FFI headerbuild.rs extracts every pub [unsafe] extern "C" fn agentsight_* from src/ffi.rs and every <type> agentsight_*( declaration from the generated header, then panics with the symmetric difference (missing-in-header / stale-in-header) when the two NAME sets disagree. No .github/workflows change needed. Also adds a crate-local .gitignore for the generated include/.
  3. fix(sight): update FFI example for current API — replaces the deleted agentsight_config_add_domain_rule call with agentsight_config_add_https and adds -I./include to the docstring gcc command.

What is intentionally NOT changed

  • src/ffi.rs — actual exports unchanged; this PR only realigns the header.
  • cbindgen version — kept at 0.27; bumping is a separate effort, with TODOs in cbindgen.toml enumerating the cleanup steps for when it lands.
  • include/agentsight.h — still generated, not tracked.
  • .github/workflows/ — drift detection runs in build.rs, not CI YAML.

Testing

  • Forward: cargo build clean.
  • Reverse (3 modes): drift guard correctly panics with a precise missing / stale list for (a) deleted declaration, (b) renamed function (count preserved — the count-only iteration would have silently passed), (c) duplicate-with-drop (count preserved). All three reverse cases tried in-tree before commit; restored after.
  • Release: cargo build --release clean; gcc -I./include -L./target/release -lagentsight links the example; nm shows all 13 example-used FFI symbols resolved against libagentsight.so (including the new agentsight_config_add_https).
  • ECS sanity (kernel 6.6.102): example runs for 5s under root, loads BPF objects via libbpf without crash, exits cleanly on timeout. No segv / panic / abort.

Known limits (called out in code + commit)

The drift guard checks NAMES only — signature drift (return type, parameter types/order/count) is not detected automatically. Both the panic message and the cbindgen.toml note say this verbatim, so a green guard cannot be misread as a full ABI assertion.

Independent of #661#666.

@jfeng18 jfeng18 requested a review from chengshuyi as a code owner May 31, 2026 15:12
@github-actions github-actions Bot added the component:sight src/agentsight/ label May 31, 2026
@jfeng18 jfeng18 mentioned this pull request Jun 1, 2026
Closed
4 tasks
@jfeng18 jfeng18 force-pushed the feat/ffi-header-sync branch from a454256 to 366a7b9 Compare June 3, 2026 11:19
jfeng18 and others added 3 commits June 6, 2026 18:16
@jfeng18 @claude
chore(sight): sync FFI header with current ffi.rs
051b93d 
cbindgen 0.27 does not recognize Rust 2024's `#[unsafe(no_mangle)]` and
silently skips every exported function, so cbindgen.toml's `after_includes`
block hand-maintains the C declarations. That block had drifted from
src/ffi.rs: declared the deleted `agentsight_config_add_domain_rule` and
was missing `agentsight_config_add_https` / `agentsight_config_add_http`.

Re-sync the declarations to match the actual 16 FFI exports and rewrite
the NOTE to (a) separate the two independent workarounds in play
(`item_types=["structs"]` is required for a clean public header, even
once cbindgen learns the new attribute), and (b) flag that any drift
guard built on top will catch NAME divergence only — signature drift
(return type, parameter types/order) still has to be kept in lockstep
by hand.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@jfeng18 @claude
feat(sight): add drift guard for FFI header
66b00d5 
The hand-maintained C declarations in cbindgen.toml have no automatic
check against src/ffi.rs, which is how the header silently fell out of
sync in the first place. Add a build-time guard that extracts every
`pub [unsafe] extern "C" fn agentsight_*` from ffi.rs, every
`<type> agentsight_*(` line from the generated header, and panics with
the symmetric difference (missing-in-header / stale-in-header) when the
two name sets disagree. Runs in build.rs so no .github/workflows change
is needed.

Reverse-tested three drift modes that the guard must catch — deleted
declaration (count delta), renamed function (count preserved), and
duplicate-with-drop (count preserved): all panic with precise lists.
The previous count-only guard would have silently passed the latter two.

The guard panic message and the cbindgen.toml note both explicitly say
NAMES only — signature drift (return type / parameter types / order) is
not detected and must still be maintained by hand.

Also adds a crate-local .gitignore for the generated include/ so a
`git add .` from the repo root cannot accidentally stage it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@jfeng18 @claude
fix(sight): update FFI example for current API
7187515 
`agentsight_config_add_domain_rule` was removed from the FFI surface
(split into `add_https` for SSL probe attachment and `add_http` for
plain-HTTP capture); the example was still calling the deleted symbol
and would not link. Switch to `add_https` (the same semantics as the
old domain rule) and add the missing `-I./include` to the docstring
gcc command so copy-paste compiles.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@jfeng18 jfeng18 force-pushed the feat/ffi-header-sync branch from 366a7b9 to 7187515 Compare June 6, 2026 10:22
@jfeng18

jfeng18 commented Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

FFI header sync fix (161 lines). Ensures cbindgen output stays consistent with Rust API changes.

@chengshuyi chengshuyi merged commit 39eb003 into alibaba:main Jun 8, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chengshuyi chengshuyi chengshuyi approved these changes

Assignees

No one assigned

Labels

component:sight src/agentsight/

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jfeng18 @chengshuyi