Seeking high-level review of ~binary-analysis Nix API

I have a tentative resholve update that introduces a Nix API for doing very-rudimentary binary analysis to judge how likely package executables are to be able to exec commands present in their arguments (previously mentioned in this comment on RFC 75).

I couldn’t find much precedent to model it after, so I’m seeking feedback on some high-level questions and concerns.

I prepared a gist laying out:

  • what resholve is, if you aren’t familiar
  • the problem this feature helps address
  • the general approach to the problem
  • the implementation, with a focus on the component I’m seeking feedback on
  • a list of questions I already have

Happy to discuss wherever (here, on Matrix, on gist, etc.)