Struct Coder 

pub struct Coder { /* private fields */ }

The coder. Holds the inference backend the orchestrator uses for each run call; the backend is Arc<dyn …> so callers can share one backend across coder + non-coder paths.

Implementations

impl Coder

pub fn new(backend: Arc<dyn InferenceBackend>) -> Self

Build a coder bound to backend.

pub async fn run( &self, workspace: &Path, task: &str, caveats: &Caveats, ) -> Result<CoderRun>

Run one turn against workspace under the authority carried by caveats.

caveats is the peer’s signed, verified attenuated authority — see docs/decisions/agentic_object_capability_security.md and the 35a caveats_for_peer extractor in newt-mesh. Every tool dispatch this method makes (fs_read for the prompt scan, net for the inference call, fs_write for the apply, plus the max_calls budget for inference turns) goes through the enforcement helpers below — no path bypasses the check, even when caveats == Caveats::top(). That symmetry is load-bearing: 35c will tighten authority per peer, and a “skip checks if top” shortcut would silently break that tightening.

On any caveat refusal we return CoderError::CapabilityDenied carrying the axis name and the concrete target the dispatch tried to touch — enough context for the arbiter scorecard to count this as a scrubbed sortie rather than a model failure.

Happy path: build prompt -> infer -> normalize -> apply.

Weak-model fallback: when the model emits a Emission::UnifiedDiff (even under the whole-file directive) and that diff fails to apply — its line numbers / context are too far off even for the fuzzy matcher in newt-tools::apply_patch — we issue exactly ONE re-prompt asking for the COMPLETE file(s) in FILE:/END-FILE form, then apply via the hardened apply_whole_files path. The retry counts as a second inference call against the max_calls budget; if that budget would be exhausted we return the original apply error rather than escalating to a denial.