Module engine 

Rhai engine construction for the plugin runtime.

build_engine returns a single shared Arc<rhai::Engine> configured per docs/specs/plugin-api.md §Resource ceilings and §Host-registered APIs. Every plugin segment invokes call_fn on this shared engine with its compiled AST; the engine is not recreated per plugin or per render.

Sandboxing posture (plugin-api.md §Requirements → Functional):

• No filesystem or network functions registered → unknown-symbol errors at script parse/runtime for any fs::* / http::* call.
• import and eval symbols disabled → scripts cannot load other files or compile strings at runtime.
• Resource limits cap operations, call depth, expression nesting, and string / array / map size.

Wallclock-timeout enforcement (via on_progress) is the segment wrapper’s job — it owns the per-render Instant — not the engine’s. This module enforces operation-count limits only.

Constants

DEFAULT_RENDER_DEADLINE_MS

Default per-render wallclock budget per plugin-api.md §Resource ceilings.

LOG_LINES_PER_PLUGIN

Maximum log() lines per plugin per process. Higher counts get silently dropped to keep a chatty plugin from flooding stderr.

MAX_ARRAY_SIZE

Max length of any rhai array.

MAX_CALL_LEVELS

Max call depth for user-defined functions.

MAX_EXPR_DEPTH

Max expression nesting (functions, other).

MAX_MAP_SIZE

Max entry count of any rhai map.

MAX_OPERATIONS

Max script operations per plugin invocation.

MAX_STRING_SIZE

Max length of any rhai string.

Functions

build_engine

Build the shared rhai engine used by every plugin segment. Returns an Arc so the consumer’s layout engine can clone cheaply into each segment adapter that wraps a crate::CompiledPlugin. The engine is immutable after this call.

current_plugin_id_snapshot

Snapshot of the current thread’s CURRENT_PLUGIN_ID. Same niche as render_deadline_snapshot.

install_warn_emitter

Install the host’s warn-emitter. The OnceLock keeps the first installation authoritative so consumers like linesmith-core::runtime::plugins::load_plugins can call this from a Once::call_once without worrying about racing tests.

is_deadline_abort

True when err was produced by the per-render wallclock deadline aborting the script (the engine’s on_progress callback). Lets the consumer-side segment wrapper distinguish a host-imposed timeout from a script-issued throw/runtime error without reaching for the host-only marker type directly.

render_deadline_snapshot

Snapshot of the current thread’s RENDER_DEADLINE. Used by the segment wrapper’s debug_assert! leak-check and by tests; the production render path doesn’t need to read the deadline back.

set_current_plugin_id

Tag the active plugin so the host log() function can attribute output for rate-limiting. Pass None to clear after the render.

set_render_deadline

Install a per-render deadline visible to the engine’s on_progress callback. Pass None to clear after the render completes.