Consider making digest even more amenable to static analysis

[lread]

trafficstars

Currently...

The digest library generates its API at load time.

Clj-kondo will discover digest API vars when comments are not being skipped via this little trick:

https://github.com/clj-commons/digest/blob/bec1e0e6b887bdb408674f0025357cc49b02b434/src/clj_commons/digest.clj#L104-L108

But...

This did not work for cljdoc linting with clj-kondo because it disables checking comments.

Perhaps...

We could make digest even more clj-kondo friendly.

Idea 1 - Move declare

Move declare outside of comment block. But this could get out of synch with digest API, I suppose.

Idea 2 - Create a hook

Create a custom clj-kondo hook for digest. But since the API depends on querying available security providers, we might have the same issue as with idea 1?

Idea 3 - Generate API source

Instead of creating digest's API at load time, statically generate digest API source code.

Idea 4 - Just hand-code it

Instead of generating digest API automatically, do it by hand. I mean, do the available providers change with new versions of Java? And if they do, should the digest API be automatically changing? Probably not.

Proposal

Without a deep understanding, idea 3 seems like a reasonable choice to me. The API would be generated under a specific JVM (if that's important). It is similar to idea 4 but perhaps a bit less prone to human error. Thoughts?