stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
9b58589ba01342d5df7ab3bbfd7370cc970cdd21
git.stella-ops.org/docs/features/unchecked/libraries/runtime-purity-enforcement.md

3.2 KiB
Raw Blame History

Runtime Purity Enforcement

Module

__Libraries

Status

IMPLEMENTED

Description

Runtime purity enforcement beyond static analysis, ensuring deterministic evaluation by blocking ambient state access (system clock, network, filesystem, environment variables) during pure computation phases. Provides PureEvaluationContext with prohibited accessors that throw AmbientAccessViolationException, and injected replacements for deterministic test and evaluation scenarios.

Implementation Details

  • PureEvaluationContext: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- CreateStrict() returns context with all prohibited accessors (no time, no network, no filesystem, no environment); Create(injectedNow, envVars) returns context with injected deterministic providers for time and environment; holds TimeProvider, INetworkAccessor, IFileSystemAccessor, IEnvironmentAccessor properties
  • AmbientAccessViolationException: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- thrown by prohibited accessors when ambient state access is attempted during pure evaluation; carries AccessType string describing which ambient access was blocked
  • ProhibitedTimeProvider: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- TimeProvider subclass; GetUtcNow() and GetLocalNow() throw AmbientAccessViolationException("TimeProvider")
  • ProhibitedNetworkAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- INetworkAccessor implementation; all methods throw AmbientAccessViolationException("NetworkAccessor")
  • ProhibitedFileSystemAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IFileSystemAccessor implementation; all methods throw AmbientAccessViolationException("FileSystemAccessor")
  • ProhibitedEnvironmentAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IEnvironmentAccessor implementation; GetEnvironmentVariable(name) throws AmbientAccessViolationException("EnvironmentAccessor")
  • InjectedTimeProvider: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- TimeProvider subclass; GetUtcNow() returns fixed DateTimeOffset set at construction; deterministic time for evaluation
  • InjectedEnvironmentAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IEnvironmentAccessor implementation; returns values from injected IReadOnlyDictionary<string, string> instead of real environment
  • Source: Feature matrix scan

E2E Test Plan

  • Verify PureEvaluationContext.CreateStrict() blocks time access with AmbientAccessViolationException
  • Test ProhibitedNetworkAccessor throws on any network access during pure evaluation
  • Verify ProhibitedFileSystemAccessor throws on file read/write during pure evaluation
  • Test ProhibitedEnvironmentAccessor throws on environment variable access
  • Verify PureEvaluationContext.Create(injectedNow, envVars) allows deterministic time access
  • Test InjectedTimeProvider returns fixed time value consistently
  • Verify InjectedEnvironmentAccessor returns injected values, not real environment
  • Test DeterministicResolver uses PureEvaluationContext for its EvaluatePure phase