Expand description
Shared evaluator context: host policy + sandbox state.
Context is the carrier of all backend-agnostic configuration: the
root AST node, decorator and native-fn registries, module resolvers,
capability grants, and the per-run caches a backend uses to thread
state across eval_root / run_main invocations.
Most fields are pub so that any backend implementing
crate::Evaluator in a different crate can read and update them.
Sandbox-relevant state (capabilities, module_resolvers,
analyzed) is private: reads go through the &-returning getters
and writes through the construction-time with_* / controlled
*_module_resolver entry points, so a host cannot silently widen
a sandbox after handing the context to an evaluator.
Structs§
- Capabilities
- Context-wide sandbox policy the host hands the evaluator. The per-bit
booleans are the capabilities the host grants; per-function
requirements live on
NativeFnGate. A call goes through iff every bit declared on the fn’s gate is also set here — there is no per-name allowlist or global short-circuit, so a successful call proves that every bit on its gate was granted. - Context
- Shared execution environment for one or more evaluations.
- Gated
Native Fn - Internal helper: a registered native function with its capability gate.
pubso backend crates can read both the underlyingfuncand the declaredgatewhen dispatching a call. - Loading
Module Guard - Native
FnGate - Capability requirements declared per native function at registration
time. The gate compares these against the context-wide
Capabilitiesgrant when the function is invoked under sandbox. - Resource
Budget - Evaluator-side resource budget.
Enums§
- Capability
Bit - Canonical assignment of capability bits to stable bit positions.
- Resource
Budget Profile - Evaluator-side resource-budget presets.