Interface: HandlerEntitlements

Defined in: packages/core/src/introspection/ToolContract.ts:140

Handler entitlements derived from static analysis.

Tracks I/O capabilities that the handler accesses, forming a security contract. If a read-only tool suddenly imports fs.writeFileSync, the entitlement contract breaks.

Properties

codeEvaluation

readonly codeEvaluation: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:150

Whether any handler uses dynamic code evaluation (eval, Function, vm)

crypto

readonly crypto: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:148

Whether any handler references crypto/signing APIs

filesystem

readonly filesystem: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:142

Whether any handler references filesystem APIs

network

readonly network: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:144

Whether any handler references network/fetch APIs

raw

readonly raw: readonly string[];

Defined in: packages/core/src/introspection/ToolContract.ts:152

Raw entitlement identifiers for granular diff

subprocess

readonly subprocess: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:146

Whether any handler references child_process/exec APIs

Core

Other

Prompt

StateSync

Other

Sandbox

Client

Core

Domain Models

FSM

Governance

Observability

Presenter

Prompt

Sandbox

Serialization

Server

StateSync

Interface: HandlerEntitlements

Properties

codeEvaluation

crypto

filesystem

network

raw

subprocess

Interface: HandlerEntitlements ​

Properties ​

codeEvaluation ​

crypto ​

filesystem ​

network ​

raw ​

subprocess ​

Interface: HandlerEntitlements

Properties

codeEvaluation

crypto

filesystem

network

raw

subprocess