Expand description
Subprocess-based bundle verification for panic=abort safety.
Since the workspace uses panic = "abort" in dev and release profiles,
catch_unwind does not work. Instead, we verify mutated bundles by
writing them to a temp file and invoking assay evidence verify as a
subprocess. This provides:
- Panic isolation (abort in child does not crash the harness)
- Hard timeout enforcement via process kill
- Signal-fault resilience (SIGSEGV, etc.)
Structs§
- Subprocess
Result - Outcome of a subprocess verification.
Functions§
- subprocess_
verify - Verify a bundle by writing it to a temp file and invoking
assay evidence verify.