RunanywhereAI
diff --git a/‎scripts/detect-mode.sh‎
Lines changed: 36 additions & 0 deletions b/‎scripts/detect-mode.sh‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎scripts/sync-checksums.sh‎
Lines changed: 126 additions & 0 deletions b/‎scripts/sync-checksums.sh‎
Lines changed: 126 additions & 0 deletions
diff --git a/‎scripts/validate-artifact.sh‎
Lines changed: 139 additions & 0 deletions b/‎scripts/validate-artifact.sh‎
Lines changed: 139 additions & 0 deletions
diff --git a/‎sdk/runanywhere-flutter/scripts/package-sdk.sh‎
Lines changed: 94 additions & 0 deletions b/‎sdk/runanywhere-flutter/scripts/package-sdk.sh‎
Lines changed: 94 additions & 0 deletions
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# =============================================================================
+# detect-mode.sh
+# =============================================================================
+# Sets RAC_BUILD_MODE to "local" or "ci" based on the environment, unless the
+# caller already set it. Other build scripts can `source` this to share the
+# same detection logic:
+#
+#   source "$(dirname "$0")/../../../scripts/detect-mode.sh"
+#
+# Contract:
+#   RAC_BUILD_MODE=ci    ← running in GitHub Actions (or any CI environment
+#                           that sets $CI=true)
+#   RAC_BUILD_MODE=local ← developer machine
+#
+# Behavior that should differ between modes:
+#   local: tolerant of missing deps, uses cache, prints hints
+#   ci:    strict toolchain checks, no cache warmup, fail fast
+#
+# Callers can force a mode by setting RAC_BUILD_MODE before sourcing this.
+# =============================================================================
+
+if [ -n "${RAC_BUILD_MODE:-}" ]; then
+    # Respect explicit override
+    :
+elif [ "${CI:-}" = "true" ] || [ -n "${GITHUB_ACTIONS:-}" ]; then
+    RAC_BUILD_MODE="ci"
+else
+    RAC_BUILD_MODE="local"
+fi
+
+export RAC_BUILD_MODE
+
+if [ "${VERBOSE:-}" = "1" ]; then
+    echo "RAC_BUILD_MODE=${RAC_BUILD_MODE}"
+fi
@@ -0,0 +1,126 @@
+#!/usr/bin/env bash
+# =============================================================================
+# sync-checksums.sh
+# =============================================================================
+# Updates the SHA-256 checksum lines in Package.swift's remote binaryTarget
+# entries to match freshly-built XCFramework zips. Run after the native
+# iOS/macOS builds have produced the zips and before cutting a release tag.
+#
+# Usage:
+#   scripts/sync-checksums.sh ZIP_DIR
+#
+# Example:
+#   scripts/sync-checksums.sh sdk/runanywhere-commons/dist
+#   scripts/sync-checksums.sh release-artifacts/native-ios-macos
+#
+# Looks for files of the form:
+#   {name}-v{version}.zip
+# where {name} is one of:
+#   RACommons, RABackendLLAMACPP, RABackendONNX, RABackendMetalRT,
+#   onnxruntime-ios, onnxruntime-macos
+#
+# and updates the corresponding `checksum: "..."` line in Package.swift.
+# =============================================================================
+
+set -euo pipefail
+
+if [ $# -ne 1 ]; then
+    echo "usage: $0 ZIP_DIR" >&2
+    exit 1
+fi
+
+ZIP_DIR="$1"
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+PACKAGE_SWIFT="${REPO_ROOT}/Package.swift"
+
+if [ ! -f "$PACKAGE_SWIFT" ]; then
+    echo "ERROR: Package.swift not found at $PACKAGE_SWIFT" >&2
+    exit 1
+fi
+
+if [ ! -d "$ZIP_DIR" ]; then
+    echo "ERROR: zip dir not found: $ZIP_DIR" >&2
+    exit 1
+fi
+
+# swiftpm binary target name → local-filename-prefix pairs. Names match the
+# `.binaryTarget(name: "X", ...)` entries in Package.swift.
+declare_mapping() {
+    # Printed form: BINARY_NAME|ZIP_PREFIX
+    echo "RACommonsBinary|RACommons"
+    echo "RABackendLlamaCPPBinary|RABackendLLAMACPP"
+    echo "RABackendONNXBinary|RABackendONNX"
+    echo "RABackendMetalRTBinary|RABackendMetalRT"
+    echo "ONNXRuntimeiOSBinary|onnxruntime-ios"
+    echo "ONNXRuntimemacOSBinary|onnxruntime-macos"
+}
+
+sha256_of() {
+    # macOS: shasum. Linux: sha256sum. Both emit `<hex>  <file>` on stdout.
+    if command -v shasum >/dev/null 2>&1; then
+        shasum -a 256 "$1" | awk '{print $1}'
+    else
+        sha256sum "$1" | awk '{print $1}'
+    fi
+}
+
+update_checksum_line() {
+    # Updates the `checksum: "..."` line that belongs to the `name: "$1"`
+    # binaryTarget in Package.swift. Relies on the checksum appearing within
+    # a few lines after the name line.
+    local binary_name="$1"
+    local new_sum="$2"
+    python3 - "$binary_name" "$new_sum" "$PACKAGE_SWIFT" <<'PY'
+import re, sys
+
+binary_name, new_sum, path = sys.argv[1], sys.argv[2], sys.argv[3]
+with open(path) as f:
+    src = f.read()
+
+# Find the `name: "X"` line and the first `checksum: "..."` within 6 lines.
+pattern = re.compile(
+    r'(name:\s*"' + re.escape(binary_name) + r'".*?checksum:\s*")([0-9a-f]{64})(")',
+    re.DOTALL,
+)
+
+m = pattern.search(src)
+if not m:
+    print(f"  skip: no remote binary target named '{binary_name}' found in Package.swift",
+          file=sys.stderr)
+    sys.exit(0)
+
+old_sum = m.group(2)
+if old_sum == new_sum:
+    print(f"  unchanged: {binary_name} ({old_sum[:12]}...)")
+    sys.exit(0)
+
+src = src[:m.start(2)] + new_sum + src[m.end(2):]
+with open(path, "w") as f:
+    f.write(src)
+print(f"  bumped:    {binary_name} {old_sum[:12]}... → {new_sum[:12]}...")
+PY
+}
+
+echo ">> Syncing Package.swift checksums from $ZIP_DIR"
+
+missing=0
+updated=0
+
+while IFS='|' read -r binary_name zip_prefix; do
+    # Match files like RACommons-v0.20.0.zip, RACommons-v0.20.0-beta.zip, etc.
+    zip_file=$(ls "$ZIP_DIR"/${zip_prefix}-v*.zip 2>/dev/null | head -1 || true)
+    if [ -z "$zip_file" ]; then
+        echo "  missing:   no ${zip_prefix}-v*.zip in $ZIP_DIR"
+        missing=$((missing + 1))
+        continue
+    fi
+    sum=$(sha256_of "$zip_file")
+    update_checksum_line "$binary_name" "$sum"
+    updated=$((updated + 1))
+done < <(declare_mapping)
+
+echo ""
+echo ">> Done. $updated processed, $missing missing."
+echo ""
+echo ">> Verify with:"
+echo "    git diff -- Package.swift"
@@ -0,0 +1,139 @@
+#!/usr/bin/env bash
+# =============================================================================
+# validate-artifact.sh
+# =============================================================================
+# Same-shape artifact validator for local + CI. Given a path to one of our
+# published artifact files, does the minimum sanity-checks to catch
+# "built it but it's broken" before we publish:
+#
+#   .zip         → unzip list non-empty, contains expected files
+#   .xcframework (as .zip) → Info.plist present + declares arch slices
+#   .so          → ELF, machine arch matches filename convention
+#   .aar         → unzip lists classes.jar + jni/{abi}/*.so
+#   .wasm        → starts with WebAssembly magic bytes (0x00 'asm')
+#   .tgz (npm)   → `tar -tzf` lists package/package.json
+#   .jar         → zip-listable, has META-INF/MANIFEST.MF
+#
+# Usage:
+#   scripts/validate-artifact.sh PATH [PATH ...]
+#
+# Exit status: 0 if every path passed, 1 on first failure.
+# =============================================================================
+
+set -euo pipefail
+
+if [ $# -eq 0 ]; then
+    echo "usage: $0 FILE [FILE ...]" >&2
+    exit 1
+fi
+
+fail() { echo "  ✗ $1" >&2; exit 1; }
+ok()   { echo "  ✓ $1"; }
+
+validate_one() {
+    local path="$1"
+
+    if [ ! -f "$path" ]; then
+        fail "not a regular file: $path"
+    fi
+
+    local size
+    size=$(stat -f%z "$path" 2>/dev/null || stat -c%s "$path")
+    if [ "$size" -lt 64 ]; then
+        fail "suspiciously small ($size bytes): $path"
+    fi
+
+    echo ">> $path  ($size bytes)"
+
+    case "$path" in
+        *.sha256)
+            # .sha256 is its own checksum file; sanity check it's single-line, 64 hex + space + filename
+            local line
+            line=$(head -1 "$path")
+            if ! echo "$line" | grep -Eq '^[0-9a-f]{64} '; then
+                fail "bad .sha256 format in $path: $line"
+            fi
+            ok ".sha256 looks well-formed"
+            ;;
+        *.wasm)
+            # Magic: 0x00 'asm' (0x00 0x61 0x73 0x6d)
+            local magic
+            magic=$(head -c 4 "$path" | xxd -p | head -1)
+            if [ "$magic" != "0061736d" ]; then
+                fail "not a WebAssembly module (bad magic '$magic'): $path"
+            fi
+            ok "WebAssembly magic bytes OK"
+            ;;
+        *.so)
+            if ! head -c 4 "$path" | grep -q $'\x7fELF' 2>/dev/null; then
+                fail "not an ELF shared library: $path"
+            fi
+            ok "ELF shared library OK"
+            if command -v readelf >/dev/null 2>&1; then
+                local arch
+                arch=$(readelf -h "$path" 2>/dev/null | awk -F'Machine:' 'NF>1 {print $2}' | xargs)
+                [ -n "$arch" ] && echo "    machine: $arch"
+            fi
+            ;;
+        *.aar)
+            if ! unzip -l "$path" >/dev/null 2>&1; then
+                fail "cannot unzip $path"
+            fi
+            if ! unzip -l "$path" | grep -q '^.* classes.jar$'; then
+                fail "AAR missing classes.jar: $path"
+            fi
+            ok "AAR contains classes.jar"
+            if unzip -l "$path" | grep -q 'jni/[^/]*/.*\.so$'; then
+                local count
+                count=$(unzip -l "$path" | grep -c 'jni/[^/]*/.*\.so$' || true)
+                ok "AAR contains $count jni/*.so entries"
+            else
+                echo "    note: no JNI .so files bundled (AAR may link against external natives)"
+            fi
+            ;;
+        *.jar)
+            if ! unzip -l "$path" >/dev/null 2>&1; then
+                fail "cannot unzip $path"
+            fi
+            if ! unzip -l "$path" | grep -q 'META-INF/MANIFEST.MF$'; then
+                fail "JAR missing META-INF/MANIFEST.MF: $path"
+            fi
+            ok "JAR has valid manifest"
+            ;;
+        *.tgz|*.tar.gz)
+            if ! tar -tzf "$path" >/dev/null 2>&1; then
+                fail "cannot list tarball $path"
+            fi
+            if tar -tzf "$path" | grep -q '^package/package.json$'; then
+                ok "npm tarball contains package/package.json"
+            else
+                ok "tarball listable ($(tar -tzf "$path" | wc -l | xargs) entries)"
+            fi
+            ;;
+        *.zip)
+            if ! unzip -l "$path" >/dev/null 2>&1; then
+                fail "cannot unzip $path"
+            fi
+            # XCFramework ZIPs contain an Info.plist at top of the framework root
+            if unzip -l "$path" | grep -q '\.xcframework/Info\.plist$'; then
+                ok "XCFramework ZIP: Info.plist present"
+                # Count arch slices (each subdir with an Info.plist sibling is a slice)
+                local slices
+                slices=$(unzip -l "$path" | grep -c '\.xcframework/[^/]*/Info\.plist$' || true)
+                [ "$slices" -gt 0 ] && echo "    arch slices declared: $slices"
+            else
+                ok "ZIP listable ($(unzip -l "$path" | tail -1 | awk '{print $2}') entries)"
+            fi
+            ;;
+        *)
+            ok "unknown extension — size check only"
+            ;;
+    esac
+}
+
+for path in "$@"; do
+    validate_one "$path"
+done
+
+echo ""
+echo "All $# artifact(s) passed validation."
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+# =============================================================================
+# sdk/runanywhere-flutter/scripts/package-sdk.sh
+# =============================================================================
+# Unified SDK packaging contract for the Flutter SDK. Consumes pre-built
+# iOS XCFrameworks + Android .so files, stages them into each flutter
+# package's plugin-native directories, then validates the package with
+# `flutter pub publish --dry-run`.
+#
+# No tarball is produced — Flutter pub.dev packages are consumed by git-ref
+# or by publishing, not by file URL. `--dry-run` verifies the package shape
+# is valid.
+#
+# USAGE:
+#   package-sdk.sh [--mode local|ci] [--natives-from PATH]
+#
+# OPTIONS:
+#   --mode local|ci      Build mode (default: auto-detect from $CI)
+#   --natives-from PATH  Directory with iOS xcframeworks + Android .so files.
+#                        Expected: PATH/{ios,android}/<stuff> OR PATH/*.zip/*.tar.gz
+# =============================================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/../../.." && pwd)"
+FLUTTER_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+
+source "${REPO_ROOT}/scripts/detect-mode.sh"
+
+NATIVES_FROM=""
+
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --mode) RAC_BUILD_MODE="$2"; shift 2 ;;
+        --natives-from) NATIVES_FROM="$2"; shift 2 ;;
+        --help|-h) head -22 "$0" | tail -18; exit 0 ;;
+        *) echo "unknown option: $1" >&2; exit 1 ;;
+    esac
+done
+
+echo ">> Flutter SDK packaging (mode=${RAC_BUILD_MODE})"
+
+if [ -n "$NATIVES_FROM" ]; then
+    [ -d "$NATIVES_FROM" ] || { echo "ERROR: --natives-from not found: $NATIVES_FROM" >&2; exit 1; }
+    # Each Flutter plugin package has its own ios/ and android/ subdirs. Stage
+    # matching natives into each. This is intentionally a best-effort copy —
+    # the binary_config.gradle files inside each package are responsible for
+    # wiring them up correctly at build time.
+    echo ">> Staging natives from $NATIVES_FROM into each flutter package"
+    for pkg_dir in "$FLUTTER_ROOT/packages"/*/; do
+        pkg=$(basename "$pkg_dir")
+        # Android: copy per-ABI .so files
+        android_jni="$pkg_dir/android/src/main/jniLibs"
+        for abi in arm64-v8a armeabi-v7a x86_64 x86; do
+            if [ -d "$NATIVES_FROM/$abi" ]; then
+                mkdir -p "$android_jni/$abi"
+                cp -f "$NATIVES_FROM/$abi"/*.so "$android_jni/$abi/" 2>/dev/null || true
+            fi
+        done
+        # iOS: copy xcframeworks if present
+        if ls "$NATIVES_FROM"/*.xcframework >/dev/null 2>&1; then
+            mkdir -p "$pkg_dir/ios/Frameworks"
+            cp -R "$NATIVES_FROM"/*.xcframework "$pkg_dir/ios/Frameworks/" 2>/dev/null || true
+        fi
+    done
+fi
+
+# Bootstrap with melos if available
+cd "$FLUTTER_ROOT"
+if command -v melos >/dev/null 2>&1; then
+    echo ">> melos bootstrap"
+    melos bootstrap || echo "::warning::melos bootstrap failed — continuing"
+fi
+
+# Validate each package with flutter pub publish --dry-run
+for pkg_dir in "$FLUTTER_ROOT/packages"/*/; do
+    pkg=$(basename "$pkg_dir")
+    if [ ! -f "$pkg_dir/pubspec.yaml" ]; then
+        continue
+    fi
+    echo ""
+    echo ">> Validating $pkg"
+    (
+        cd "$pkg_dir"
+        flutter pub get || echo "::warning::pub get failed for $pkg"
+        flutter pub publish --dry-run || echo "::warning::pub publish dry-run failed for $pkg"
+    )
+done
+
+echo ""
+echo ">> Flutter SDK packages validated. No tarball emitted — consumers"
+echo "   reference each package via git-URL in their pubspec.yaml, or pub.dev"
+echo "   publishes those (we don't publish to pub.dev in this release flow)."