Four new primitives for capability-aware evaluation:
- with-capabilities: restrict capabilities for a body (sets global cap stack)
- current-capabilities: query current capability set
- has-capability?: check if a specific capability is available
- require-capability!: assert a capability, error if missing
Uses a global OCaml ref (cap_stack) for cross-CEK-boundary visibility.
Note: with-capabilities error propagation from CEK sub-evaluations
needs deeper integration — the primitives themselves work correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
giles
96d0d29f10