feat: reinject dylib into node/golang processes

[not-matthias]

No description provided.

[codspeed-hq]

Merging this PR will not alter performance

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 7 untouched benchmarks

---

_{Comparing sip-resign-exec-redirect (aca0831) with main (c6112f1)}

[greptile-apps]

Greptile Summary

This PR adds macOS SIP (System Integrity Protection) re-injection of DYLD_INSERT_LIBRARIES into the Node.js and Go wrapper scripts, and bumps the samply git dependency to a new revision that presumably adds the SAMPLY_DYLD_INSERT_LIBRARIES fallback variable used here.

• go.sh and node.sh: both now re-export DYLD_INSERT_LIBRARIES from SAMPLY_DYLD_INSERT_LIBRARIES before spawning the real interpreter, restoring samply's profiling dylib after SIP strips the DYLD_* namespace across system-binary exec boundaries.
• node.sh: also promotes to set -euo pipefail (adding -u) and guards the existing CODSPEED_DEBUG reference with a :- default to stay safe under strict mode.
• Cargo.toml / Cargo.lock: bumps the pinned samply rev and adjusts transitive dependencies (socket2 0.6→0.5, itertools 0.14→0.13).

Confidence Score: 5/5

Safe to merge — the change is a targeted macOS SIP workaround with no effect on Linux paths.

Both shell scripts correctly gate the re-injection behind a non-empty check on SAMPLY_DYLD_INSERT_LIBRARIES, which is only populated by samply on macOS, so Linux execution is completely unaffected. The set -u promotion in node.sh is paired with required :- guards on every previously-bare variable reference. The samply rev bump in Cargo.toml is pinned to a commit hash, consistent with the repo's dependency policy.

No files require special attention.

Important Files Changed

Filename	Overview
src/executor/helpers/introspected_nodejs/node.sh	Adds SIP bypass for DYLD_INSERT_LIBRARIES, promotes to set -euo pipefail with appropriate :- guards; logic is correct.
src/executor/helpers/introspected_golang/go.sh	Adds identical SIP bypass block after the walltime-only guard; re-injection fires before all exec paths (test/run/passthrough).
Cargo.toml	Bumps samply git dep to rev ec97a70c; pinned by rev (not branch), complies with policy.
Cargo.lock	Lock file regenerated; all samply sub-crates follow the new rev, socket2 and itertools downgraded as transitive deps.

Sequence Diagram

sequenceDiagram
    participant S as samply (profiler)
    participant SH as node.sh / go.sh
    participant RT as Real interpreter<br/>(node / go)

    S->>SH: "exec via PATH shim<br/>DYLD_INSERT_LIBRARIES=libsamply.dylib<br/>SAMPLY_DYLD_INSERT_LIBRARIES=libsamply.dylib"

    Note over SH: macOS SIP strips DYLD_*<br/>from environment on exec

    SH->>SH: "if SAMPLY_DYLD_INSERT_LIBRARIES set<br/>export DYLD_INSERT_LIBRARIES=$SAMPLY_DYLD_INSERT_LIBRARIES"

    SH->>RT: exec with restored DYLD_INSERT_LIBRARIES
    Note over RT: libsamply.dylib injected ✓<br/>profiling active

Loading

_{Reviews (3): Last reviewed commit: "ref(node): enable set -u to match go.sh" | Re-trigger Greptile}