Expand description
Capability descriptors that constrain runtime behavior without owning graph shape.
§Fragment: capability-structure-vs-boundary
Workflow shape and node capability are intentionally modeled in separate crates. The workflow model answers “what ports exist and how are they connected?”, while this module answers “what is a node allowed to receive, emit, or ask the runtime to do?” Keeping those concerns apart prevents the graph model from quietly becoming a security or isolation policy surface.
§Fragment: capability-port-claims
Port capabilities are duplicated as claims instead of reusing workflow port declarations directly because they serve a different purpose. Workflow ports describe topology; capability ports describe permitted runtime behavior. The duplication is intentional even though later validation must keep the two in sync.
§Fragment: capability-workflow-cross-validation
Cross-validation lives here rather than in the workflow crate because a
mismatch is still fundamentally a capability problem: the workflow only
promises that a port exists, while this module decides whether a node’s
declared permissions line up with that topology. The validator therefore
consumes a WorkflowDefinition as read-only structure and keeps the
capability error vocabulary as the single place callers inspect.
§Fragment: capability-effect-taxonomy
The current EffectCapability enum is intentionally modest and concrete.
It names host effects the runtime can plausibly mediate today without
pretending that native nodes are sandboxed. For native execution these
capabilities are advisory metadata; for future WASM or process-backed nodes
they become part of a real enforcement boundary. Observability concerns such
as logging, tracing, and metadata collection are deliberately excluded unless
a node asks the host to write to an external sink; routine runtime telemetry
belongs to the metadata layer.
Structs§
- Node
Capabilities - Validated capability descriptor for one node.
- Port
Capability - A named claim that a node may use a port in one direction.
Enums§
- Capability
Validation Error - Validation error for node capability descriptors.
- Effect
Capability - External effect a node may request from the runtime boundary.
- Port
Capability Direction - Direction of message flow a node claims for a port.
Functions§
- validate_
workflow_ capabilities - Validate that node capability descriptors align with one workflow topology.