feat(verisimdb): Add TypeLL VQL-UT pre-flight check and safety metadata

hyperpolymath · claude · hyperpolymath · commit 1c78af9d0924 · 2026-03-20T22:34:24.000Z
VQL execute handler now validates queries against TypeLL before execution.
VqlExecuteResponse extended with safety_level, query_path, and
proof_obligations fields. Non-blocking — proceeds without TypeLL if
unreachable. Enables PanLL and ECHIDNA to consume type safety metadata.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/verisimdb/rust-core/verisim-api/src/vql.rs b/verisimdb/rust-core/verisim-api/src/vql.rs
@@ -52,6 +52,15 @@ pub struct VqlExecuteResponse {
     /// Optional message (e.g., for INSERT/DELETE confirmations).
     #[serde(skip_serializing_if = "Option::is_none")]
     pub message: Option<String>,
+    /// VQL-UT safety level achieved (0-9), if TypeLL validation was performed.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub safety_level: Option<u8>,
+    /// VQL-UT query path used: "VQL (Slipstream)", "VQL-DT", or "VQL-UT".
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub query_path: Option<String>,
+    /// Proof obligations generated by TypeLL (for ECHIDNA dispatch).
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub proof_obligations: Option<Vec<String>>,
 }
 
 /// Execute a VQL query string against the database.
@@ -78,7 +87,11 @@ pub async fn vql_execute_handler(
         return Err(ApiError::BadRequest("Empty query after parsing".to_string()));
     }
 
-    let result = match tokens[0].to_uppercase().as_str() {
+    // Pre-flight: validate with TypeLL VQL-UT checker if available.
+    // This is non-blocking — if TypeLL is unreachable, we proceed without it.
+    let typell_report = validate_with_typell(query).await;
+
+    let mut result = match tokens[0].to_uppercase().as_str() {
         "SELECT" => execute_select(&state, &tokens, query).await,
         "SEARCH" => execute_search(&state, &tokens).await,
         "INSERT" => execute_insert(&state, query).await,
@@ -92,9 +105,19 @@ pub async fn vql_execute_handler(
         ))),
     }?;
 
+    // Attach TypeLL safety metadata to the response
+    if let Some((level, path, obligations)) = typell_report {
+        result.safety_level = Some(level);
+        result.query_path = Some(path);
+        if !obligations.is_empty() {
+            result.proof_obligations = Some(obligations);
+        }
+    }
+
     info!(
         statement_type = %result.statement_type,
         row_count = result.row_count,
+        safety_level = ?result.safety_level,
         "VQL query executed"
     );
 
@@ -103,6 +126,91 @@ pub async fn vql_execute_handler(
 
 /// Tokenize a VQL query into whitespace-separated tokens, respecting
 /// quoted strings (single and double quotes).
+/// Validate a VQL query against TypeLL's VQL-UT 10-level type checker.
+///
+/// Calls the TypeLL server (default: localhost:7800) to verify the query's
+/// type safety level. Returns (safety_level, query_path, proof_obligations)
+/// if TypeLL is reachable, or None if it's unavailable.
+///
+/// This is a non-blocking, best-effort validation — query execution proceeds
+/// regardless. The safety metadata is attached to the response for downstream
+/// consumers (PanLL, ECHIDNA) to act on.
+async fn validate_with_typell(query: &str) -> Option<(u8, String, Vec<String>)> {
+    let typell_url = std::env::var("TYPELL_URL")
+        .unwrap_or_else(|_| "http://localhost:7800".to_string());
+
+    let check_body = serde_json::json!({
+        "expression": query,
+        "context": "{\"language\":\"vql\",\"dialect\":\"vql-ut\",\"features\":[\"dependent\",\"linear\",\"proof-carrying\"]}"
+    });
+
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(3))
+        .build()
+        .ok()?;
+
+    let resp = client
+        .post(format!("{}/api/v1/check", typell_url))
+        .json(&check_body)
+        .send()
+        .await
+        .ok()?;
+
+    if !resp.status().is_success() {
+        return None;
+    }
+
+    let body: serde_json::Value = resp.json().await.ok()?;
+
+    // Extract VQL-UT level from features (e.g., "vql-ut-l4")
+    let level = body
+        .get("features")
+        .and_then(|f| f.as_array())
+        .and_then(|arr| {
+            arr.iter().find_map(|v| {
+                let s = v.as_str()?;
+                if let Some(stripped) = s.strip_prefix("vql-ut-l") {
+                    stripped.parse::<u8>().ok()
+                } else {
+                    None
+                }
+            })
+        })
+        .unwrap_or(0);
+
+    // Extract query path from features (e.g., "path:VQL-UT")
+    let path = body
+        .get("features")
+        .and_then(|f| f.as_array())
+        .and_then(|arr| {
+            arr.iter().find_map(|v| {
+                let s = v.as_str()?;
+                s.strip_prefix("path:").map(|p| p.to_string())
+            })
+        })
+        .unwrap_or_else(|| "VQL (Slipstream)".to_string());
+
+    // Extract proof obligations
+    let obligations: Vec<String> = body
+        .get("proof_obligations")
+        .and_then(|p| p.as_array())
+        .map(|arr| {
+            arr.iter()
+                .filter_map(|v| v.as_str().map(|s| s.to_string()))
+                .collect()
+        })
+        .unwrap_or_default();
+
+    info!(
+        safety_level = level,
+        query_path = %path,
+        obligations = obligations.len(),
+        "TypeLL VQL-UT pre-flight check complete"
+    );
+
+    Some((level, path, obligations))
+}
+
 fn tokenize(input: &str) -> Vec<String> {
     let mut tokens = Vec::new();
     let mut current = String::new();
@@ -198,6 +306,9 @@ async fn execute_select(
             data: serde_json::to_value(vec![response])
                 .map_err(|e| ApiError::Serialization(e.to_string()))?,
             message: None,
+            safety_level: None,
+            query_path: None,
+            proof_obligations: None,
         })
     } else {
         // List octads
@@ -217,6 +328,9 @@ async fn execute_select(
             data: serde_json::to_value(responses)
                 .map_err(|e| ApiError::Serialization(e.to_string()))?,
             message: None,
+            safety_level: None,
+            query_path: None,
+            proof_obligations: None,
         })
     }
 }
@@ -291,6 +405,9 @@ async fn execute_search(
                 row_count: count,
                 data: json!(results),
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         "VECTOR" => {
@@ -333,6 +450,9 @@ async fn execute_search(
                 row_count: count,
                 data: json!(results),
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         "RELATED" => {
@@ -367,6 +487,9 @@ async fn execute_search(
                 data: serde_json::to_value(responses)
                     .map_err(|e| ApiError::Serialization(e.to_string()))?,
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         other => Err(ApiError::BadRequest(format!(
@@ -449,6 +572,9 @@ async fn execute_insert(
         data: serde_json::to_value(vec![&response])
             .map_err(|e| ApiError::Serialization(e.to_string()))?,
         message: Some(format!("Inserted octad '{}'", response.id)),
+        safety_level: None,
+        query_path: None,
+        proof_obligations: None,
     })
 }
 
@@ -516,6 +642,9 @@ async fn execute_delete(
         row_count: 1,
         data: json!(null),
         message: Some(format!("Deleted octad '{}'", id)),
+        safety_level: None,
+        query_path: None,
+        proof_obligations: None,
     })
 }
 
@@ -571,6 +700,9 @@ async fn execute_show(
                     "degraded_reason": reason,
                 }),
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         "DRIFT" => {
@@ -599,6 +731,9 @@ async fn execute_show(
                 row_count: count,
                 data: json!(results),
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         "NORMALIZER" => {
@@ -610,6 +745,9 @@ async fn execute_show(
                 data: serde_json::to_value(status)
                     .map_err(|e| ApiError::Serialization(e.to_string()))?,
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         "OCTADS" => {
@@ -630,6 +768,9 @@ async fn execute_show(
                 data: serde_json::to_value(responses)
                     .map_err(|e| ApiError::Serialization(e.to_string()))?,
                 message: None,
+                safety_level: None,
+                query_path: None,
+                proof_obligations: None,
             })
         }
         other => Err(ApiError::BadRequest(format!(
@@ -666,6 +807,9 @@ async fn execute_count(
         row_count: 1,
         data: json!({ "count": count }),
         message: None,
+        safety_level: None,
+        query_path: None,
+        proof_obligations: None,
     })
 }
 
@@ -771,6 +915,9 @@ async fn execute_explain(
             "plan": plan,
         }),
         message: None,
+        safety_level: None,
+        query_path: None,
+        proof_obligations: None,
     })
 }
 
