Skip to main content

Module capability

Module capability 

Source
Expand description

Capability names and sets: the contract for gating privileged operations.

The kernel defines capability identity, trust levels, and read policy plus the well-known core capability names; libraries decide what each capability authorizes.

Structs§

CapabilityName
The identity of a capability: the token an operation requires to run.
CapabilitySet
A set of granted capabilities, used as the capability state of a Cx.
ReadPolicy
The trust level and capability set governing a read.

Enums§

TrustLevel
The trust level of a source, gating capabilities beyond mere possession.

Functions§

browse_internal_capability
The capability gating internal browse surfaces (browse.internal).
browse_read_capability
The capability gating browse reads (browse.read).
browse_run_tests_capability
The capability gating browse-driven test runs (browse.run-tests).
config_list_impl_capability
The capability gating the configured list implementation (config.list.impl).
config_table_impl_capability
The capability gating the configured table implementation (config.table.impl).
control_capture_capability
The capability gating control-stack capture (control.capture).
control_multishot_capability
The capability gating multi-shot continuations (control.multishot).
control_prompt_capability
The capability gating control prompts (control.prompt).
control_resume_capability
The capability gating continuation resumption (control.resume).
eval_fabric_capability
The capability gating use of the eval fabric (eval.fabric).
eval_remote_capability
The capability gating remote evaluation (eval.remote).
fact_private_capability
The capability gating access to private facts (kernel.fact.private).
list_force_unbounded_capability
The capability gating unbounded list forcing (list.force.unbounded).
logic_consult_file_capability
The capability gating logic file consulting (logic.consult.file).
logic_db_write_capability
The capability gating logic-database writes (logic.db.write).
logic_tool_call_capability
The capability gating logic tool calls (logic.tool-call).
macro_expand_capability
The capability gating macro expansion (macro.expand).
macro_expand_compile_capability
The capability gating compile-phase macro expansion (macro.expand.compile).
macro_expand_eval_capability
The capability gating eval-phase macro expansion (macro.expand.eval).
macro_expand_read_capability
The capability gating read-phase macro expansion (macro.expand.read).
native_dynamic_load_capability
The capability gating native dynamic library loading (loader.native).
read_construct_capability
The capability gating read-time construction (read-construct).
read_eval_capability
The capability gating read-time evaluation (read-eval).
registry_catalog_read_capability
The capability gating registry catalog reads (registry.catalog.read).
table_db_capability
The capability gating database-backed tables (table.db).
table_db_mkdir_capability
The capability gating database table directory creation (table.db.mkdir).
table_db_read_capability
The capability gating database table reads (table.db.read).
table_db_rmdir_capability
The capability gating database table directory removal (table.db.rmdir).
table_db_write_capability
The capability gating database table writes (table.db.write).
table_fs_capability
The capability gating filesystem-backed tables (table.fs).
table_fs_mkdir_capability
The capability gating filesystem table directory creation (table.fs.mkdir).
table_fs_read_capability
The capability gating filesystem table reads (table.fs.read).
table_fs_rmdir_capability
The capability gating filesystem table directory removal (table.fs.rmdir).
table_fs_write_capability
The capability gating filesystem table writes (table.fs.write).
table_remote_capability
The capability gating remote tables (table.remote).