Module actors
Expand description
v0.45 actor contracts (the actors-foundations slice).
An actor declaration is a nominal boundary contract (ADR Q1): a closed,
compiler-known authentication Scheme plus an optional sealed identity. A
handler consumes an actor on its by clause; the boundary verifies the
scheme and mints the identity before the body runs (two-phase, fail-closed —
ADR Q5/Q2).
This module holds the compiler-known parts: the closed scheme set, the
prelude actors, the per-protocol default actors, and the admissible-scheme
sets. Foundations admits only the two zero-crypto schemes (None,
Internal); Bearer/Signature are reserved-and-rejected.
Structs§
- Bearer
Seam - v0.47: the data the emitter needs to lower a Bearer verification seam for a
handler — the
bybinder (v0.50:Nonefor the binder-less verify-and- discard form), the signing-secret env name, and the identity type to construct from the JWTsubclaim. Resolved only for a handler whosebyclause names a local Bearer actor; the checker guarantees the secret is present and the identity is a string-constructible local type. - Contract
- A resolved actor contract: its scheme and the identity it yields.
- Signature
Seam - v0.51: the data the emitter needs to lower a Signature verification seam —
the signing-secret env name, the signature header, and an optional
timestamp header + tolerance window for replay defence. Resolved only for a
handler whose
byclause names a local Signature actor. - SumMember
- v0.52: one resolved member of a multi-actor sum — the seam the emitter tries
at that position in the first-wins order.
actor_nameis the variant tag the body matches on.
Enums§
- Claim
Predicate - v0.53: the closed claim-predicate vocabulary for a refinement actor’s
whereclause (actor Admin = User where hasClaim("admin")). Claims are untyped JSON, so the predicate is a closed set —hasClaim/claimEqualscomposed with&&/||/!— checked against the verified JWT claims at the boundary. A general typed-claims expression surface is a later slice. - Identity
- The identity a verified actor yields (ADR Q2). In Foundations this is
()for trivial actors, the built-in sealedCallerIdfor the cross-contextInternalchannel (Q7, folded in), or a context-owned declared type. - Scheme
- The authentication scheme — a closed, compiler-known set (ADR Q1). Sealed now, openable later by widening this enum.
- SumMember
Seam - The verification a sum member contributes.
None(a catch-all such asVisitor) always resolves, so it terminates the order.
Constants§
- CALLER_
ID - The built-in sealed identity type for the cross-context calling principal.
Functions§
- bearer_
seam_ for - Resolve a handler’s Bearer seam, if its
byclause names a local Bearer actor — or a refinement of one (v0.53), following the refinement to its base for the scheme/secret/identity and carrying the authorisation predicate. ReturnsNonefor non-Bearer handlers (prelude actors are never Bearer) — those emit unchanged. - caller_
binder_ for - v0.54: the binder of a cross-context
on call … by c: Callerhandler that captures a liveCallerId(the calling context’s name, Q7).Noneunless the handler binds an identity whose contract isCallerId— i.e. theCallerprelude actor (the only source ofCallerId). A binder-lesson call(or one inheriting theCallerdefault) captures nothing and is unaffected. - claim_
predicate_ to_ js - Lower a claim predicate to a JavaScript boolean expression over
claims_var(the verified claims object,Record<string, unknown>). Used by the emitter for the refinement seam’s 403 check. - default_
actor - The default actor a handler inherits when it omits
by, by protocol (ADR Q5). HTTP has no safe default —byis required there. - parse_
claim_ predicate - Recognise the closed claim-predicate vocabulary in a refinement
whereexpression.Err(span)points at the first sub-expression outside the set (forbynk.actor.refinement_predicate_unsupported). - prelude_
actor - The prelude actors — compiler-known boundary contracts available without a
declaration. They back the per-protocol defaults and let public HTTP routes
write
by v: Visitorwithout ceremony. - scheme_
admissible - Whether
schemeis admissible onprotocol(the admissible-scheme-per- protocol check). HTTP admitsNone(public routes) andBearer(anAuthorizationheader is an HTTP concept); the internal protocols (call/cron/queue) admitInternal.Signatureis still reserved. - signature_
seam_ for - Resolve a handler’s Signature seam, if its
byclause names a local Signature actor. The checker guaranteessecretandheaderare present. - sum_
members_ for - v0.52: resolve a handler’s
byclause into ordered sum members, if it names more than one actor.Nonefor a single-actor handler (those keep the existing seam paths). The checker has already validated peer/scheme/ reachability rules; this lowers the verified members for emission.