Module trust 

Trust lattice: effect-narrowing as subtyping over a small fixed dimension set (filesystem, network, exec).

This is the type-level half of the lex-os trust model (see the lex-os design doc §7). The key idea AgentSpec only described in a prose “trust block”, Lex makes a type property:

• Trust dimensions form a product lattice.
• Manifest inheritance is subtyping over that lattice: a child grant may only narrow (be ≤) its parent. Widening is a type error, caught by construction rather than a hoped-for runtime check (Grant::narrow).
• The same grant that drives this static check also tells the supervisor what OS sandbox to derive — the effects a function uses (EffectSet) are checked against the grant with Grant::permits_effects, so code that calls a net effect will not satisfy a network: none grant.

The module is deliberately self-contained: it adds a lattice primitive that is useful to any Lex program reasoning about capabilities, not just the agent runtime, and it does not change the behaviour of the existing checker.

Structs

Grant

A capability grant: one Level per Dimension. This is the trust manifest’s core payload. As a product of totally-ordered dimensions it forms a lattice under componentwise ordering, with Grant::bottom (deny everything) and Grant::top (the most dangerous config — sudo + open internet, design doc §3) as the extremes.

GrantId

Content address of a Grant — a hex-encoded SHA-256 of its canonical form.

Enums

Dimension

The three trust dimensions an effect can touch. Kept deliberately small and fixed (design doc §7.2): every consequential effect a box can have on the world reduces to filesystem reach, network reach, or the ability to spawn arbitrary executables.

Level

Trust level along a single dimension. Levels are totally ordered from None (no authority) upward; the numeric discriminant is the order, so <=/max/min on the rank give the lattice operations.

TrustError

Why a requested grant was refused. The runtime contract is refuse, don’t downgrade (design doc §7.5): when a child manifest asks for more than its parent allows we return this error rather than silently clamping.

Functions

effect_requirement

Map a Lex effect name to the trust dimension it touches and the minimum Level required to use it. Effects not listed are pure or otherwise outside the trust model and need no grant.

host_matches

Match a target host against one allowlist entry. Entries may carry a :port suffix (ignored for host matching) and a leading *. wildcard matching any subdomain — *.example.com matches api.example.com and example.com. Host comparison is case-insensitive.

is_net_effect

Is this a network-egress effect (one whose blast radius is reaching a host on the network)? Kept aligned with the Network-dimension entries in effect_requirement.