Expand description
Canonical capability data types, deduplicated into a zero-dependency leaf crate.
These pure-data types were historically defined in relon-eval-api
(CapabilityBit, NativeFnGate, Capabilities) and mirrored
field-for-field in relon-analyzer to avoid a dependency cycle (the
analyzer sits below the evaluator API in the dep graph, so it could
not reach back into it). Hosting them here lets both crates depend
on a single definition and re-export it at their historical public
paths, so every relon_eval_api::CapabilityBit /
relon_analyzer::cap::NativeFnGate reference keeps resolving while the
mirror is gone.
The enforcement machinery (CapabilityGate, GatedNativeFn,
NativeFnCaps) deliberately stays in relon-eval-api: it references
eval-api types and is not pure data. Only the bit/grant/requirement
data lives here.
Structs§
- Capabilities
- Context-wide sandbox policy the host hands the evaluator. The per-bit
booleans are the capabilities the host grants; per-function
requirements live on
NativeFnGate. A call goes through iff every bit declared on the fn’s gate is also set here — there is no per-name allowlist or global short-circuit, so a successful call proves that every bit on its gate was granted. - Native
FnGate - Capability requirements declared per native function at registration
time. The gate compares these against the context-wide
Capabilitiesgrant when the function is invoked under sandbox. - Resource
Budget - Evaluator-side resource budget.
Enums§
- Capability
Bit - Canonical assignment of capability bits to stable bit positions.
- Resource
Budget Profile - Evaluator-side resource-budget presets.