hakorune/docs/guides/box-patterns.md

# Box Patterns (dev guide; docs-only)

Status: design notes to standardize reusable Box idioms. No runtime/spec change during the feature‑pause.

## OwnershipBox / LeaseBox
- Intent: make ownership vs borrowing explicit for resource Boxes.
- Rules
  - OwnershipBox owns the underlying handle; calls `fini()` on drop.
  - LeaseBox references an owned Box without taking responsibility to `fini()`.
  - Upgrading a lease to ownership must be explicit (and validated).
- Smells avoided: double-close, leaked handles, implicit transfer.

## CancelTokenBox / DeadlineBox
- Intent: structured cancellation and time limits across waiting APIs.
- Rules
  - Token can be passed to blocking APIs (Channel/Select/Waiter) to abort waits.
  - DeadlineBox wraps an absolute time; APIs accept either `token` or `deadline`.
  - Cancellation is idempotent; multiple cancel calls are safe.
- Effects
  - Waiting ops return promptly with a well-typed cancel/timeout indicator.

## CapabilityBox
- Intent: define minimal authority (I/O, net, thread, fs) explicitly.
- Rules
  - Boxes that access external capabilities must declare the capability dependency.
  - Tests can substitute Noop/Mock capability Boxes.
- Effects
  - Principle of least privilege; easier sandboxing and auditing.

## AffinityBox
- Intent: encode thread/runtime affinity constraints.
- Rules
  - Annotate Boxes that must be used on their creator thread or via Actor mailbox.
  - Violations produce early, explicit errors (not UB).
- Effects
  - Predictable behavior across concurrency boundaries.

## ObservableBox
- Intent: unify tracing/metrics hooks.
- Rules
  - Emit JSONL events with `ts`, `box_id`, `op`, `ok`, and domain-specific fields.
  - Allow opt-in (`NYASH_*_TRACE=1`) and keep logs stable for tooling.
- Effects
  - Cross-cutting visibility with one schema; simpler troubleshooting.

## Composition Tips
- Separate hot/cold paths: ThinBox (hot) vs RichBox (full) to avoid overhead on the critical path.
- Prefer immutable handles + message passing across threads (Actor) to avoid races.
- Keep `birth/fini` idempotent; document post-fini behavior (no-op vs error).
-												selfhost(pyvm): MiniVmPrints – prefer JSON route early-return (ok==1) to avoid fallback loops; keep default behavior unchanged elsewhere

											
										
										
											2025-09-22 07:54:25 +09:00
+								# Box Patterns (dev guide; docs-only)
 								Status: design notes to standardize reusable Box idioms. No runtime/spec change during the feature‑pause.
 								## OwnershipBox / LeaseBox
 								- Intent: make ownership vs borrowing explicit for resource Boxes.
 								- Rules
 								  - OwnershipBox owns the underlying handle; calls `fini()` on drop.
 								  - LeaseBox references an owned Box without taking responsibility to `fini()`.
 								  - Upgrading a lease to ownership must be explicit (and validated).
 								- Smells avoided: double-close, leaked handles, implicit transfer.
 								## CancelTokenBox / DeadlineBox
 								- Intent: structured cancellation and time limits across waiting APIs.
 								- Rules
 								  - Token can be passed to blocking APIs (Channel/Select/Waiter) to abort waits.
 								  - DeadlineBox wraps an absolute time; APIs accept either `token` or `deadline`.
 								  - Cancellation is idempotent; multiple cancel calls are safe.
 								- Effects
 								  - Waiting ops return promptly with a well-typed cancel/timeout indicator.
 								## CapabilityBox
 								- Intent: define minimal authority (I/O, net, thread, fs) explicitly.
 								- Rules
 								  - Boxes that access external capabilities must declare the capability dependency.
 								  - Tests can substitute Noop/Mock capability Boxes.
 								- Effects
 								  - Principle of least privilege; easier sandboxing and auditing.
 								## AffinityBox
 								- Intent: encode thread/runtime affinity constraints.
 								- Rules
 								  - Annotate Boxes that must be used on their creator thread or via Actor mailbox.
 								  - Violations produce early, explicit errors (not UB).
 								- Effects
 								  - Predictable behavior across concurrency boundaries.
 								## ObservableBox
 								- Intent: unify tracing/metrics hooks.
 								- Rules
 								  - Emit JSONL events with `ts`, `box_id`, `op`, `ok`, and domain-specific fields.
 								  - Allow opt-in (`NYASH_*_TRACE=1`) and keep logs stable for tooling.
 								- Effects
 								  - Cross-cutting visibility with one schema; simpler troubleshooting.
 								## Composition Tips
 								- Separate hot/cold paths: ThinBox (hot) vs RichBox (full) to avoid overhead on the critical path.
 								- Prefer immutable handles + message passing across threads (Actor) to avoid races.
 								- Keep `birth/fini` idempotent; document post-fini behavior (no-op vs error).