Interface: HandlerEntitlements

Defined in: packages/core/src/introspection/ToolContract.ts:141

Handler entitlements derived from static analysis.

Tracks I/O capabilities that the handler accesses, forming a security contract. If a read-only tool suddenly imports fs.writeFileSync, the entitlement contract breaks.

Properties

codeEvaluation

ts
readonly codeEvaluation: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:151

Whether any handler uses dynamic code evaluation (eval, Function, vm)

crypto

ts
readonly crypto: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:149

Whether any handler references crypto/signing APIs

filesystem

ts
readonly filesystem: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:143

Whether any handler references filesystem APIs

network

ts
readonly network: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:145

Whether any handler references network/fetch APIs

raw

ts
readonly raw: readonly string[];

Defined in: packages/core/src/introspection/ToolContract.ts:153

Raw entitlement identifiers for granular diff

subprocess

ts
readonly subprocess: boolean;

Defined in: packages/core/src/introspection/ToolContract.ts:147

Whether any handler references child_process/exec APIs