Crate candor_classify 

candor-classify — the curated effect classifier (crate+path -> effect), extracted to a STABLE crate so both the nightly rustc_private lint AND a stable backend share ONE source of truth (no drift). Pure string logic; no rustc internals. The effect vocabulary lives in candor-report.

Modules

policy

The canonical CANDOR_POLICY DSL parser (SPEC §6.2), shared by the nightly gate and candor-query. The canonical CANDOR_POLICY DSL parser (candor-spec SPEC §6.2).

Constants

CALIBRATED_CRATES

The exact third-party crates classify has effect rules for, and the crate-name PREFIXES it recognizes. This is the single source of truth for “what candor knows”: it is emitted beside the JSON report (<prefix>.calibrated.json) so the Claude Code receipt’s coverage check reads candor’s real coverage instead of a hand-copied list. Keep in lockstep with classify below — the db_crates_are_calibrated and calibrated_crates_are_live tests (in this crate’s tests module) enforce both directions.

CALIBRATED_PREFIXES

CALIBRATION_PROBE_TAILS

Representative path tails (each appended to a crate name) that the calibrated_crates_are_live liveness test probes: at least one must match for every CALIBRATED_CRATES entry, else the entry is dead. Exported as ONE source of truth because the nightly lint crate (src/lib.rs) runs the SAME liveness test — when the two probe lists were duplicated they drifted, and a rule keyed on a distinctive tail (pnet ::datalink::channel, ignore ::WalkBuilder::build_parallel, notify ::RecommendedWatcher::new) added to only one list silently broke the other crate’s cargo test.

DB_CRATES

Database client crates whose execution verbs are I/O (see the DB branch in classify). Module-level so db_crates_are_calibrated can enforce DB_CRATES ⊆ CALIBRATED_CRATES.

PATH_CALIBRATED_CRATES

Crates classify matches by PATH prefix rather than crate-name equality (their effectful modules are recognised, e.g. tokio::net::/async_std::fs::/mio::net::), so they’re absent from CALIBRATED_CRATES (which the liveness test probes by crate name). The coverage check must still treat them as covered — otherwise it would mislabel the most common async crates as blind spots.

Functions

cap_from_name

capstd_cap

Map a cap-std capability type to the effect it authorises. Holding one of these (e.g. &Dir) is the real, unforgeable right to perform that effect — so candor treats it as a declared capability, exactly like its own &Fs token.

classify

Classify a resolved callee by the crate it belongs to and its full path.

classify_extra

Project-supplied rules, consulted only when the built-in classify returns None.