stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d6521923fe75a8e4e9443a60d5211136049d51ba
git.stella-ops.org/docs/features/checked/libraries/runtime-purity-enforcement.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

3.3 KiB
Raw Blame History

Runtime Purity Enforcement

Module

__Libraries

Status

VERIFIED

Description

Runtime purity enforcement beyond static analysis, ensuring deterministic evaluation by blocking ambient state access (system clock, network, filesystem, environment variables) during pure computation phases. Provides PureEvaluationContext with prohibited accessors that throw AmbientAccessViolationException, and injected replacements for deterministic test and evaluation scenarios.

Implementation Details

  • PureEvaluationContext: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- CreateStrict() returns context with all prohibited accessors (no time, no network, no filesystem, no environment); Create(injectedNow, envVars) returns context with injected deterministic providers for time and environment; holds TimeProvider, INetworkAccessor, IFileSystemAccessor, IEnvironmentAccessor properties
  • AmbientAccessViolationException: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- thrown by prohibited accessors when ambient state access is attempted during pure evaluation; carries AccessType string describing which ambient access was blocked
  • ProhibitedTimeProvider: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- TimeProvider subclass; GetUtcNow() and GetLocalNow() throw AmbientAccessViolationException("TimeProvider")
  • ProhibitedNetworkAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- INetworkAccessor implementation; all methods throw AmbientAccessViolationException("NetworkAccessor")
  • ProhibitedFileSystemAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IFileSystemAccessor implementation; all methods throw AmbientAccessViolationException("FileSystemAccessor")
  • ProhibitedEnvironmentAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IEnvironmentAccessor implementation; GetEnvironmentVariable(name) throws AmbientAccessViolationException("EnvironmentAccessor")
  • InjectedTimeProvider: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- TimeProvider subclass; GetUtcNow() returns fixed DateTimeOffset set at construction; deterministic time for evaluation
  • InjectedEnvironmentAccessor: src/__Libraries/StellaOps.Resolver/Purity/RuntimePurity.cs -- IEnvironmentAccessor implementation; returns values from injected IReadOnlyDictionary<string, string> instead of real environment
  • Source: Feature matrix scan

E2E Test Plan

  • Verify PureEvaluationContext.CreateStrict() blocks time access with AmbientAccessViolationException
  • Test ProhibitedNetworkAccessor throws on any network access during pure evaluation
  • Verify ProhibitedFileSystemAccessor throws on file read/write during pure evaluation
  • Test ProhibitedEnvironmentAccessor throws on environment variable access
  • Verify PureEvaluationContext.Create(injectedNow, envVars) allows deterministic time access
  • Test InjectedTimeProvider returns fixed time value consistently
  • Verify InjectedEnvironmentAccessor returns injected values, not real environment
  • Test DeterministicResolver uses PureEvaluationContext for its EvaluatePure phase

Verification

  • Verified: 2026-02-13T20:30:00Z
  • Run: run-001
  • Tier: Tier 2d (Library/Internal)
  • Verdict: PASS