Expand description
Capability names and sets: the contract for gating privileged operations.
The kernel defines capability identity, trust levels, and read policy plus the well-known core capability names; libraries decide what each capability authorizes.
Structs§
- Capability
Name - The identity of a capability: the token an operation requires to run.
- Capability
Set - A set of granted capabilities, used as the capability state of a
Cx. - Read
Policy - The trust level and capability set governing a read.
Enums§
- Trust
Level - The trust level of a source, gating capabilities beyond mere possession.
Functions§
- browse_
internal_ capability - The capability gating internal browse surfaces (
browse.internal). - browse_
read_ capability - The capability gating browse reads (
browse.read). - browse_
run_ tests_ capability - The capability gating browse-driven test runs (
browse.run-tests). - config_
list_ impl_ capability - The capability gating the configured list implementation (
config.list.impl). - config_
table_ impl_ capability - The capability gating the configured table implementation (
config.table.impl). - control_
capture_ capability - The capability gating control-stack capture (
control.capture). - control_
multishot_ capability - The capability gating multi-shot continuations (
control.multishot). - control_
prompt_ capability - The capability gating control prompts (
control.prompt). - control_
resume_ capability - The capability gating continuation resumption (
control.resume). - eval_
fabric_ capability - The capability gating use of the eval fabric (
eval.fabric). - eval_
remote_ capability - The capability gating remote evaluation (
eval.remote). - fact_
private_ capability - The capability gating access to private facts (
kernel.fact.private). - list_
force_ unbounded_ capability - The capability gating unbounded list forcing (
list.force.unbounded). - logic_
consult_ file_ capability - The capability gating logic file consulting (
logic.consult.file). - logic_
db_ write_ capability - The capability gating logic-database writes (
logic.db.write). - logic_
tool_ call_ capability - The capability gating logic tool calls (
logic.tool-call). - macro_
expand_ capability - The capability gating macro expansion (
macro.expand). - macro_
expand_ compile_ capability - The capability gating compile-phase macro expansion (
macro.expand.compile). - macro_
expand_ eval_ capability - The capability gating eval-phase macro expansion (
macro.expand.eval). - macro_
expand_ read_ capability - The capability gating read-phase macro expansion (
macro.expand.read). - native_
dynamic_ load_ capability - The capability gating native dynamic library loading (
loader.native). - read_
construct_ capability - The capability gating read-time construction (
read-construct). - read_
eval_ capability - The capability gating read-time evaluation (
read-eval). - registry_
catalog_ read_ capability - The capability gating registry catalog reads (
registry.catalog.read). - table_
db_ capability - The capability gating database-backed tables (
table.db). - table_
db_ mkdir_ capability - The capability gating database table directory creation (
table.db.mkdir). - table_
db_ read_ capability - The capability gating database table reads (
table.db.read). - table_
db_ rmdir_ capability - The capability gating database table directory removal (
table.db.rmdir). - table_
db_ write_ capability - The capability gating database table writes (
table.db.write). - table_
fs_ capability - The capability gating filesystem-backed tables (
table.fs). - table_
fs_ mkdir_ capability - The capability gating filesystem table directory creation (
table.fs.mkdir). - table_
fs_ read_ capability - The capability gating filesystem table reads (
table.fs.read). - table_
fs_ rmdir_ capability - The capability gating filesystem table directory removal (
table.fs.rmdir). - table_
fs_ write_ capability - The capability gating filesystem table writes (
table.fs.write). - table_
remote_ capability - The capability gating remote tables (
table.remote).