fix(checksums): update MoonBit and componentize-py rolling checksums

[avrabe]

Summary

• Updates rules_moonbit git_override to 436bd87 (freshly updated checksums for all MoonBit /latest/ URLs)
• Updates all componentize-py /canary/ checksums in checksums/tools/componentize-py.json (all 5 platforms)
• Both tools use rolling URLs that change when new versions are published, invalidating pinned checksums

Root cause

MoonBit and componentize-py both publish to rolling URLs (/latest/ and /canary/). When they ship new releases, the binary at the URL changes but the pinned checksums in this repo become stale, breaking all CI.

Test plan

• All CI jobs pass (previously all 14 jobs failed due to checksum mismatches)
• After merge, @dependabot rebase the 3 open PRs (rust/checksum(deps): bump tempfile from 3.24.0 to 3.26.0 in /tools/checksum_updater #385, rust/wasm-checksum(deps): bump chrono from 0.4.43 to 0.4.44 in /tools/checksum_updater_wasm #386, rust/checksum(deps): bump chrono from 0.4.43 to 0.4.44 in /tools/checksum_updater #387)

🤖 Generated with Claude Code

[temper-pulseengine]

AI Code Review for PR #388

This configuration file defines a set of tools and dependencies used in a project that involves building WebAssembly components, optimizing them with Binaryen, and managing various cryptographic operations. The file uses Bazel rules to define repositories, download tool binaries, and manage Rust crates.

Here's a breakdown of the key components:

1. Tool Repositories:

   • wac_src, wasm_tools_src, wasmsign2_src, wit_bindgen_src, and wrpc_src are Git repositories that contain the source code for various tools.
   • These repositories are used to build and manage the binaries of these tools.

2. Tool Downloads:

   • The file includes download rules for several tools such as componentize-py, wasmsign2_cli_wasm, loom_wasm, and wasm_tools_component_toolchain_local.
   • Each tool has a specific version, SHA-256 checksum, and URL suffix that are used to verify the integrity of the downloaded files.

3. Rust Crates:

   • The file defines Rust crates using the rules_rust package.
   • It specifies the Cargo lockfile and manifests for various crates such as componentize-py, wasmsign2, ssh_keygen, and wasm_embed_aot.
   • These crates are used to build and manage the binaries of these Rust tools.

4. Checksums:

   • The file includes checksums for each tool binary, ensuring that the downloaded files match expected hashes.
   • This helps in verifying the integrity of the downloaded files and ensures that the correct versions of the tools are used.

5. Platform Support:

   • The file specifies the supported platforms for each tool, allowing Bazel to download the appropriate binaries based on the target platform.

6. Dev Dependency Tools:

   • The moonbit tool is defined as a dev dependency using dev_dependency = True.
   • This means that the moonbit tool will only be used during development and not in production builds.

Overall, this configuration file provides a comprehensive setup for building WebAssembly components, optimizing them with Binaryen, and managing cryptographic operations using Rust crates.

---

Reviewed by qwen2.5-coder:3b (local Ollama). Advisory only — may miss issues or report false positives.

Commands

Command	Description
/ask <question>	Discuss this review — ask questions or disagree with findings
/review-pr	Re-run the review from scratch
/review-pr <focus>	Re-run with specific instructions (e.g. /review-pr focus on error handling)

[temper-pulseengine]

AI Code Review for PR #388

This configuration file is a comprehensive set of rules and dependencies for building and deploying WebAssembly (Wasm) components using Bazel, a build tool. It includes various tools, libraries, and repositories that are essential for developing and running WebAssembly applications.

Here's a breakdown of the key components:

1. Bazel Rules: The file defines several custom Bazel rules such as wasm_component_download, wasm_embed_aot_crates, and crate to handle downloading Wasm components, compiling them with AOT (ahead-of-time) optimization, and managing Rust crates.

2. Checksums: The checksums/tools directory contains JSON files that specify the SHA-256 checksums for various tools and libraries. These checksums are used by Bazel to verify the integrity of downloaded files.

3. Tool Repositories: The file uses git_repository rules to manage external tool repositories such as wac_src, wasmsign2_src, and wit_bindgen_src. This allows for easy access to these tools from within the Bazel workspace.

4. Wasm Tool Repositories: Similar to tool repositories, but specifically for Wasm-related tools like wasm_tools_src and wrpc_src.

5. Crate Management: The file uses crate rules to manage Rust crates required for building WebAssembly components. It specifies the Cargo lockfile and manifests for each crate.

6. Platform Support: The configuration includes platform support information, specifying which platforms (e.g., macOS, Linux, Windows) are supported by various tools and libraries.

7. Componentize-Py: A specific tool is mentioned, componentize-py, which is used for componentizing Python code into WebAssembly components. This tool is managed using the crate rule.

8. Wasm Embed AOT Crates: These crates are used to embed ahead-of-time compiled Wasm modules within Rust binaries.

9. SHA-256 Hashes: The SHA-256 hashes are crucial for verifying the integrity of downloaded files, ensuring that the correct versions and platforms are used.

This configuration file is designed to be flexible and adaptable, allowing developers to easily integrate new tools and libraries into their Bazel-based WebAssembly development workflow.

---

Reviewed by qwen2.5-coder:3b (local Ollama). Advisory only — may miss issues or report false positives.

Commands

Command	Description
/ask <question>	Discuss this review — ask questions or disagree with findings
/review-pr	Re-run the review from scratch
/review-pr <focus>	Re-run with specific instructions (e.g. /review-pr focus on error handling)