Skip to content

feat(ILO-392): sub-world masking (read-only, net-only, no-net)#657

Open
danieljohnmorris wants to merge 5 commits into
mainfrom
feature/world-sub-masking
Open

feat(ILO-392): sub-world masking (read-only, net-only, no-net)#657
danieljohnmorris wants to merge 5 commits into
mainfrom
feature/world-sub-masking

Conversation

@danieljohnmorris
Copy link
Copy Markdown
Collaborator

@danieljohnmorris danieljohnmorris commented May 22, 2026

Summary

  • Adds three new World-deriving builtins for capability downscoping (ILO-392):
    • read-only w:W > W — strips net, write, run; keeps read
    • net-only w:W > W — strips read, write, run; keeps net
    • no-net w:W > W — strips net only; read/write/run kept (takes existing World, unlike zero-arg world-no-net)
  • Extends Ty::World in the verifier to track write_known and run_known alongside the existing net_known
  • Extends ILO-T044 static enforcement to reject wr/wra/wro/wrl calls when a write_known=Some(false) World is in scope, and run calls when run_known=Some(false)
  • Documents the new builtins in SPEC.md (Capability World section + builtin table)
  • 23 regression tests in tests/regression_world_sub_masking.rs

Extends ILO-68 (#622) and ILO-391 (#652).

Test plan

  • cargo test --test regression_world_sub_masking — 23 tests pass
  • cargo test --test regression_world_static — 12 existing tests still pass
  • cargo test --test regression_world_builtin — 9 existing tests still pass
  • cargo build — clean compile, no errors

🤖 Generated with Claude Code

@danieljohnmorris danieljohnmorris added the mini Created by mini PC autonomous workflow label May 22, 2026
@danieljohnmorris
Copy link
Copy Markdown
Collaborator Author

danieljohnmorris commented May 22, 2026

needs manual rebase (conflicts in: src/verify.rs)

@danieljohnmorris
Copy link
Copy Markdown
Collaborator Author

danieljohnmorris commented May 22, 2026

needs manual — rebase conflict in non-doc file(s)

@danieljohnmorris danieljohnmorris force-pushed the feature/world-sub-masking branch 2 times, most recently from 5d7a889 to 5a1dcf5 Compare May 22, 2026 11:06
@danieljohnmorris danieljohnmorris added the mac-reviewing Currently being merge-prepped by mac-side agent label May 22, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 22, 2026
edited
Loading

❌ 1 Tests Failed:

Tests completed Failed Passed Skipped
3566 1 3565 0
View the full list of 1 ❄️ flaky test(s) 
ilo::cli_trace::trace_demo_bindings_contain_expected_vars

Flake rate in main: 100.00% (Passed 0 times, Failed 10 times)

Stack Traces | 0.012s run time 
thread 'trace_demo_bindings_contain_expected_vars' (40398) panicked at tests/cli_trace.rs:69:5:
expected exit 0
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

To view more test analytics, go to the Test Analytics Dashboard
📋 Got 3 mins? Take this short survey to help us improve Test Analytics.

@danieljohnmorris danieljohnmorris force-pushed the feature/world-sub-masking branch from a6f5738 to 7465636 Compare May 22, 2026 17:29
Daniel Morris and others added 3 commits May 22, 2026 18:31
@claude
feat(ILO-68): World/capability parameter at the language level (MVP)
d95066c 
Add the `world` builtin and `W` type token so functions can declare
side-effect surfaces in their signatures (Zig/Zero capability-passing
pattern).

Changes:
- `Builtin::WorldCap` / `world` builtin: zero-arg, returns `Value::World`
  constructed from the runtime's active `Caps` (CLI --allow-* flags)
- `Value::World { net, read, write, run: bool }` — opaque capability token
- `Token::WorldType` (`W`) — mirrors `L`, `R`, `M`, `O`, `S` tokens
- `parse_type_body`: `W` → `Type::Named("World")` (no new AST variant)
- `convert_type_with_aliases`: `Named("World")` → `Ty::World`
- `Ty::World` in verifier with field access (`.net/.read/.write/.run`)
  all returning `Ty::Bool`; `compatible()` handles World↔Named("World")
- Parser: zero-arg call paths for `world` (mirrors `now`, `env-all`)
- VM: `NanVal::from_value(Value::World)` → heap record with 4 bool fields
- `examples/capability-world.ilo` — demo: pure fn, world-aware fn, main
- `tests/regression_world_builtin.rs` — 9 regression tests
- SPEC.md: `W` type in types table, new § Capability World, `world` builtin row
- ai.txt: `W` type entry in TYPES: block

Deferred (follow-ups): static enforcement at call sites, sub-world
masking (`w.read_only()`), multi-world composition, ILO-59 rebase.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat(ILO-391): static World capability enforcement — world-no-net + I…
d6b604e 
…LO-T044

Add verifier-level static enforcement for the World capability system
introduced in ILO-68. When a net builtin is called in a scope that
contains a World statically known to deny net access, the verifier
rejects it at compile time.

Changes:
- `Builtin::WorldNoNet` / `world-no-net` zero-arg builtin: constructs
  a `Value::World { net: false, ... }` with net denied; read/write/run
  caps are inherited from the active CLI `Caps` policy
- `Ty::World { net_known: Option<bool> }`: extends the World type to
  carry a statically-known net cap value (`None`=dynamic, `Some(false)`
  =denied, `Some(true)`=future use); `world` returns `net_known: None`,
  `world-no-net` returns `net_known: Some(false)`
- ILO-T044 verifier check: before type-checking any net builtin
  (`get`, `pst`, `put`, `pat`, `del`, `hed`, `opt`, `getx`, `pstx`,
  `get-many`, `get-to`, `pst-to`), scan scope for any variable of type
  `World { net_known: Some(false) }` and emit ILO-T044 if found
- Parser: `world-no-net` registered as a zero-arg builtin in all three
  zero-arg call sites (mirrors `world`, `env-all`, `rdin` precedent)
- Diagnostic registry: ILO-T044 entry with `--explain` text
- SPEC.md / ai.txt: capability-world section updated to document static
  enforcement, `world-no-net`, and ILO-T044
- `tests/regression_world_static.rs`: 12 tests covering construction,
  field access, enforcement (get/pst/put/del/hed), and valid patterns
  (no denied World, dynamic World, W param)
- `examples/world-static-enforce.ilo`: end-to-end example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat(ILO-392): sub-world masking — read-only, net-only, no-net builtins
834e962 
Add three World-deriving builtins for capability downscoping:
- `read-only w:W > W` — net=false, write=false, run=false; read kept
- `net-only w:W > W`  — read=false, write=false, run=false; net kept
- `no-net w:W > W`    — net=false; read/write/run kept

Extends ILO-T044 static enforcement (ILO-391) to fire for write builtins
(wr/wra/wro/wrl) when a World with write_known=Some(false) is in scope, and
for `run` when run_known=Some(false). 23 regression tests added.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@danieljohnmorris danieljohnmorris force-pushed the feature/world-sub-masking branch from 7465636 to 834e962 Compare May 22, 2026 17:41
@danieljohnmorris
Copy link
Copy Markdown
Collaborator Author

danieljohnmorris commented May 22, 2026

mac reviewing — CI watcher in flight on the latest force-push (effect_set fix)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

mac-reviewing Currently being merge-prepped by mac-side agent mini Created by mini PC autonomous workflow

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danieljohnmorris