Expand description
Capability/policy layer per spec §7.4.
Operators specify what effects are allowed before any execution starts. The runtime walks the program’s declared effects and aborts with a structured violation if the program would exceed the policy. During execution, individual effect calls are also gated through the same policy so that scoped effects (fs paths, budget consumption) are caught at call time.
Structs§
- Policy
- Policy a program is run under. Empty allowlist = pure-only execution.
- Policy
Report - Policy
Violation - Structured policy violation, formatted to match spec §6.7’s JSON shape.
Functions§
- check_
program - Walk the program’s declared effects (gathered from fn signatures) and
verify them against
policy. Run before any execution. - is_
effect_ allowed - Decide whether
eis permitted bygrants(#207).