refactor(crates): rename published libraries to the scry-sai-* namespace

.github/workflows/ci.yml

@@ -75,20 +75,20 @@ jobs:
         run: cargo clippy --package scry-host-tests --all-targets -- -D warnings
       # FEAT-002: the pure meld<->scry boundary crate also lints on the
       # cargo path (it compiles natively as well as to wasm32-wasip2).
-      - name: cargo clippy --package scry-provenance
-        run: cargo clippy --package scry-provenance --all-targets -- -D warnings
+      - name: cargo clippy --package scry-sai-provenance
+        run: cargo clippy --package scry-sai-provenance --all-targets -- -D warnings
       # FEAT-009: the pure security-label (taint) lattice crate also
       # lints on the cargo path (it compiles natively as well as to
       # wasm32-wasip2, where wasm-lattice's WIT label-* exports delegate
       # to it).
-      - name: cargo clippy --package scry-taint
-        run: cargo clippy --package scry-taint --all-targets -- -D warnings
+      - name: cargo clippy --package scry-sai-taint
+        run: cargo clippy --package scry-sai-taint --all-targets -- -D warnings
       # FEAT-010: the pure octagon relational-domain crate also lints on
       # the cargo path (it compiles natively as well as to
       # wasm32-wasip2, where wasm-lattice's WIT octagon-* exports
       # delegate to it).
-      - name: cargo clippy --package scry-octagon
-        run: cargo clippy --package scry-octagon --all-targets -- -D warnings
+      - name: cargo clippy --package scry-sai-octagon
+        run: cargo clippy --package scry-sai-octagon --all-targets -- -D warnings
 
   test:
     name: Test
@@ -128,28 +128,28 @@ jobs:
         # override needed in CI; the env var is supported for local
         # iteration where bazel-bin may be elsewhere.
         run: cargo test --package scry-host-tests -- --nocapture
-      - name: cargo test --package scry-provenance
+      - name: cargo test --package scry-sai-provenance
         # FEAT-002: inline encode/decode/project unit tests for the
         # meld<->scry boundary crate (the same source the analyzer
         # links into the wasm component). The provenance round-trip is
         # additionally exercised through scry-host-tests/tests/provenance.rs.
-        run: cargo test --package scry-provenance -- --nocapture
+        run: cargo test --package scry-sai-provenance -- --nocapture
       # FEAT-009: the security-label lattice kill-criterion — the label
       # lattice obeys its algebraic laws and forward propagation never
       # moves down the lattice (exhaustive over the height-1 lattice).
       # The same crate links into the wasm component; the host harness
       # (tests/taint.rs) re-exercises it on the cargo path.
-      - name: cargo test --package scry-taint
-        run: cargo test --package scry-taint -- --nocapture
+      - name: cargo test --package scry-sai-taint
+        run: cargo test --package scry-sai-taint -- --nocapture
       # FEAT-010: the octagon relational-domain kill-criterion — the DBM
       # operations are sound w.r.t. the concretization γ (closure
       # preserves γ; join over-approximates the union; meet =
       # intersection). The same crate links into the wasm component; the
       # host harness (tests/octagon.rs) re-exercises it on the cargo
       # path. The Rocq interval-soundness proof
       # (proofs/rocq/Soundness.v) is gated by the dedicated Rocq job.
-      - name: cargo test --package scry-octagon
-        run: cargo test --package scry-octagon -- --nocapture
+      - name: cargo test --package scry-sai-octagon
+        run: cargo test --package scry-sai-octagon -- --nocapture
       # FEAT-011: the full-stack Rocq soundness proofs (Soundness /
       # Region / CallGraph / Reachability) are gated by the dedicated
       # Rocq Formal Proofs job (bazel test //proofs/rocq/...).

.github/workflows/publish-to-crates-io.yml

@@ -1,8 +1,8 @@
 # Publishes the scry pure-library crates to crates.io on every `v*` tag push,
 # in parallel with release.yml (signed wasm component + SBOMs + MC/DC evidence).
 #
-# Publishes only the reusable libraries — scry-interval, scry-taint,
-# scry-octagon, scry-provenance, scry-analyze-core. The Wasm-component crates
+# Publishes only the reusable libraries — scry-sai-interval, scry-sai-taint,
+# scry-sai-octagon, scry-sai-provenance, scry-sai-core. The Wasm-component crates
 # (wasm-lattice, scry-analyzer) and the test / MC-DC harnesses are
 # `publish = false` and ship as signed `.wasm` release assets instead (the
 # witness precedent: publish the libs, ship the component).
@@ -85,8 +85,8 @@ jobs:
       # NOTE: there is intentionally NO pre-flight `./publish verify` step in CI.
       # Both `cargo publish --dry-run` AND `cargo package` resolve the path-dep
       # version requirements against the crates.io index when preparing the
-      # upload, so the dependent (scry-analyze-core) fails with "failed to
-      # select a version for scry-interval = ^1.9.x" on the FIRST publish of any
+      # upload, so the dependent (scry-sai-core) fails with "failed to
+      # select a version for scry-sai-interval = ^1.9.x" on the FIRST publish of any
       # new version (the deps aren't on the registry yet). Compile errors are
       # already caught by the CI test/build job (path deps, no chicken-and-egg);
       # `./publish publish` validates each crate's metadata as cargo's own

CHANGELOG.md

@@ -15,18 +15,22 @@ Versioning: [SemVer 2.0](https://semver.org/spec/v2.0.0.html).
   alongside `release.yml`, driven by `scripts/publish.rs` — a leaf-first
   dependency-ordered publisher with a 10-attempt / 40s retry loop to ride out
   crates.io index propagation, using the org-wide `CRATES_IO_TOKEN`.
-- **Published set** (the genuine reusable work body): `scry-interval`,
-  `scry-taint`, `scry-octagon`, `scry-provenance` (leaves) → `scry-analyze-core`.
+- **Published set** (the genuine reusable work body), under the **`scry-sai-*`
+  namespace** (SAI = Sound Abstract Interpretation): `scry-sai-interval`,
+  `scry-sai-taint`, `scry-sai-octagon`, `scry-sai-provenance` (leaves) →
+  `scry-sai-core`. The crates.io **package** name is `scry-sai-*`; the Rust
+  crate (`[lib] name`, e.g. `scry_interval`) and the on-disk directory
+  (`crates/scry-interval/`) keep their existing names — the witness DEC-034
+  trick — so `use scry_interval` and the Bazel target paths are unchanged.
   Internal path deps now carry `version` so `cargo publish` rewrites them to the
   crates.io coordinate.
-- **Not published** (`publish = false`): the Wasm-component crates
-  `wasm-lattice` and `scry-analyzer` — they are `cdylib` components whose WIT
-  bindings are generated by the Bazel `rust_wasm_component_bindgen` rule (no
-  cargo source) and only build for `wasm32-wasip2`, so a host `cargo publish`
-  cannot build them and a `cargo add` consumer could not use a cdylib component.
-  They continue to ship as signed `.wasm` release assets (the witness
-  precedent: publish the libraries, ship the component). The `scry-host-tests`
-  and `scry-mcdc` harnesses remain unpublished as before.
+- **Wasm-component crates** (`wasm-lattice`, `scry-analyzer`) are being migrated
+  to the `scry-sai-*` namespace + self-contained `wit_bindgen::generate!`
+  bindings so they build and publish under plain `cargo` as well as Bazel — in a
+  follow-up PR (it touches the `//:scry` composition and needs full CI
+  re-validation). Until then they remain `publish = false` and ship as signed
+  `.wasm` release assets. The `scry-host-tests` and `scry-mcdc` harnesses remain
+  unpublished.
 
 ### Changed
 

crates/scry-analyze-core/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "scry-analyze-core"
+name = "scry-sai-core"
 description = "Pure, bindgen-free analyzer core for scry (FEAT-014 / DD-012): the wasmparser + fixpoint + transfer logic and its plain-Rust result types, extracted from scry-analyzer so the analyzer's real decisions can be instrumented for witness MC/DC and the component becomes a thin canonical-ABI wrapper."
 version.workspace = true
 edition.workspace = true
@@ -21,6 +21,7 @@ authors.workspace = true
 # scry-octagon / scry-provenance deps) and rewire the component as a thin
 # Guest wrapper that converts between these types and the WIT bindings.
 [lib]
+name = "scry_analyze_core"
 path = "src/lib.rs"
 
 [dependencies]
@@ -30,7 +31,7 @@ path = "src/lib.rs"
 # Path deps carry `version` so `cargo publish` rewrites them to the crates.io
 # coordinate (crates.io rejects path-only deps). The version equals the
 # workspace version and must be bumped in lockstep with it.
-scry-interval = { path = "../scry-interval", version = "1.9.0" }
+scry-sai-interval = { path = "../scry-interval", version = "1.9.0" }
 
 # Step 2 (DD-012): the analyze body + helpers moved here. wasmparser parses
 # the input Wasm Core Model module; sha2 digests the module bytes for
@@ -42,14 +43,14 @@ sha2 = { workspace = true }
 
 # Security-label (taint) lattice for the noninterference analysis (FEAT-009)
 # and the pure meld<->scry provenance boundary crate (FEAT-002 / DD-002).
-scry-taint = { path = "../scry-taint", version = "1.9.0" }
-scry-provenance = { path = "../scry-provenance", version = "1.9.0" }
+scry-sai-taint = { path = "../scry-taint", version = "1.9.0" }
+scry-sai-provenance = { path = "../scry-provenance", version = "1.9.0" }
 
 # Octagon relational domain (FEAT-016 slice-2b-ii): carried alongside the
 # intervals through the structured-CFG fixpoint so a loop counter bounded by a
 # VARIABLE relation (`i < n`) stays bounded where the interval domain alone
 # widens it to ⊤. Same pure `#![no_std]` dual-compile crate as scry-interval.
-scry-octagon = { path = "../scry-octagon", version = "1.9.0" }
+scry-sai-octagon = { path = "../scry-octagon", version = "1.9.0" }
 
 [dev-dependencies]
 # Test-only (the crate is otherwise dep-light + no_std): assemble the .wat

crates/scry-analyzer/Cargo.toml

@@ -26,4 +26,4 @@ crate-type = ["cdylib"]
 # rules_wasm_component-injected scry_analyzer_component_bindings crate).
 # Bazel wires the matching //crates/scry-analyze-core rust_library target;
 # this path entry keeps the cargo metadata coherent.
-scry-analyze-core = { path = "../scry-analyze-core" }
+scry-sai-core = { path = "../scry-analyze-core" }

crates/scry-host-tests/Cargo.toml

@@ -44,7 +44,7 @@ jsonschema = { workspace = true }
 # source the wasm32-wasip2 analyzer links — so the encode/decode/project
 # contract is falsifiable on the cargo path even while the live
 # component round-trip stays blocked by the wac/wasmtime-45 limitation.
-scry-provenance = { path = "../scry-provenance" }
+scry-sai-provenance = { path = "../scry-provenance" }
 # Used by the provenance test to build a real Wasm module with a
 # `component-provenance` custom section and walk it back out with the
 # exact API the analyzer's pre-pass uses (Parser + CustomSection).
@@ -53,9 +53,9 @@ wasmparser = { workspace = true }
 # FEAT-009: native falsification of the shipped security-label lattice
 # (the same scry-taint crate wasm-lattice's WIT `label-*` exports
 # delegate to) in tests/taint.rs.
-scry-taint = { path = "../scry-taint" }
+scry-sai-taint = { path = "../scry-taint" }
 
 # FEAT-010: native falsification of the shipped octagon relational
 # domain (the same scry-octagon crate wasm-lattice's WIT `octagon-*`
 # exports delegate to) in tests/octagon.rs.
-scry-octagon = { path = "../scry-octagon" }
+scry-sai-octagon = { path = "../scry-octagon" }

crates/scry-interval/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "scry-interval"
+name = "scry-sai-interval"
 description = "Pure interval + region-memory abstract domain for scry (FEAT-001/FEAT-005; extracted for the self-contained analyzer, FEAT-013)."
 version.workspace = true
 edition.workspace = true
@@ -15,6 +15,7 @@ authors.workspace = true
 # ones whose soundness is mechanized in proofs/rocq/Soundness.v +
 # Region.v.
 [lib]
+name = "scry_interval"
 path = "src/lib.rs"
 
 [dependencies]

crates/scry-mcdc/Cargo.toml

@@ -23,7 +23,7 @@ publish = false
 crate-type = ["cdylib"]
 
 [dependencies]
-scry-analyze-core = { path = "../scry-analyze-core" }
+scry-sai-core = { path = "../scry-analyze-core" }
 
 [profile.release]
 opt-level = 1

crates/scry-octagon/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "scry-octagon"
+name = "scry-sai-octagon"
 description = "Pure octagon relational abstract domain (DBM; ±x±y ≤ c) for scry (FEAT-010, Miné HOSC 2006 / AC-011)."
 version.workspace = true
 edition.workspace = true
@@ -16,6 +16,7 @@ authors.workspace = true
 # blocked by the wac-compose / wasmtime-45 limitation. Mirrors
 # scry-taint / scry-provenance.
 [lib]
+name = "scry_octagon"
 path = "src/lib.rs"
 
 [dependencies]

crates/scry-provenance/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "scry-provenance"
+name = "scry-sai-provenance"
 description = "Encode/decode + projection for meld's `component-provenance` custom section (DD-002, FEAT-002)."
 version.workspace = true
 edition.workspace = true
@@ -14,6 +14,7 @@ authors.workspace = true
 # native cargo path even while the live component `analyze()` round-trip
 # stays blocked by the wac-compose / wasmtime-45 limitation.
 [lib]
+name = "scry_provenance"
 path = "src/lib.rs"
 
 [dependencies]

crates/scry-taint/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "scry-taint"
+name = "scry-sai-taint"
 description = "Pure security-label lattice (low ⊑ high) for scry's taint / noninterference domain (FEAT-009, AC-007)."
 version.workspace = true
 edition.workspace = true
@@ -15,6 +15,7 @@ authors.workspace = true
 # component `analyze()` round-trip stays blocked by the wac-compose /
 # wasmtime-45 limitation. Mirrors scry-provenance.
 [lib]
+name = "scry_taint"
 path = "src/lib.rs"
 
 [dependencies]