`pol`

permissions, ACL policy evaluation, cap sets for sandboxing (composes with sbx + cry).

Load with: use pol

Quick example

use pol

result = polme([1, 2, 3], "value")
prn(result)

Functions

Capability sets (string lists, e.g. __sys_* names)

polme(xs, x)

Performs the operation. Takes xs, x.

polsu(held, need)

Performs the operation. Takes held, need.

polca(a, b)

Performs the operation. Takes a, b.

Roles: map role_name → list of cap strings; expand many roles

polro(rmap, role)

Performs the operation. Takes rmap, role.

polro(rmap, roles)

Performs the operation. Takes rmap, roles.

Wildcard ACL: rows {a, ac, r}; "" full match; "pre" prefix match on s

polwi(pat, s)

Performs the operation. Takes pat, s.

polro(row, actor, action, res)

Performs the operation. Takes row, actor, action, res.

polac(allow, deny, actor, action, res)

Performs the operation. Takes allow, deny, actor, action, res.

polac(doc, actor, action, res)

Performs the operation. Takes doc, actor, action, res.

Ordered rules: first matching row wins; row {caps, eff} with eff tru|fls

polru(rules, ctx)

Runs. Takes rules, ctx.

Tamper-evident policy blob (HMAC); compare with polseal === mac

polca(parts)

Performs the operation. Takes parts.

polse(key, parts)

Sets a value. Takes key, parts.

polse(key, parts, mac)

Sets a value. Takes key, parts, mac.

polca(a, b)

Performs the operation. Takes a, b.

polca(a, b)

Performs the operation. Takes a, b.

polca(a, b)

Performs the operation. Takes a, b.

Notes

Policy engine - define and evaluate access control rules.

Quick example

Functions

Capability sets (string lists, e.g. __sys_* names)

Roles: map role_name → list of cap strings; expand many roles

Wildcard ACL: rows {a, ac, r}; "*" full match; "pre*" prefix match on s

Ordered rules: first matching row wins; row {caps, eff} with eff tru|fls

Tamper-evident policy blob (HMAC); compare with polseal === mac

Notes

Wildcard ACL: rows {a, ac, r}; "" full match; "pre" prefix match on s