Skip to main content

lex_runtime/
lib.rs

1//! M5: effect runtime + sandbox. See spec §7.4 and §8.5.
2//!
3//! What's here:
4//! - `policy::Policy` and `policy::check_program` — the static capability
5//!   gate that walks declared effects and rejects programs whose effects
6//!   are out of bounds before any code runs.
7//! - `handler::DefaultHandler` — the host-side effect handler that the VM
8//!   dispatches `EFFECT_CALL` through.
9//!
10//! What's not here yet (deferred):
11//! - WASM-level isolation (`wasmtime` integration). The `--unsafe-no-sandbox`
12//!   flag in the spec is operationally implicit for now: native execution
13//!   only. We ship the policy/dispatch layer, which is the user-visible
14//!   half of §7.4 and what the §7.6 acceptance tests exercise.
15
16pub mod builtins;
17pub mod cli;
18pub mod policy;
19pub mod handler;
20pub mod ws;
21pub mod mcp_client;
22pub mod llm;
23
24pub use builtins::{is_pure_module, try_pure_builtin};
25pub use handler::{CapturedSink, DefaultHandler, IoSink, StdoutSink};
26pub use policy::{check_program, Policy, PolicyReport, PolicyViolation};