pub fn link_render(linker: &mut Linker<SessionData>) -> Result<()>Expand description
Links ONLY the render-safe host fns onto linker: infra, the allowlisted
read fns, and the draft natives. The dual gate is FULL here — a dangerous
native is blocked at both levels. First, the config, user, and ssh_key
modules are never registered at all (the secret/credential/auth surface has
nothing to bind to). Second, the account/commodity/split/transaction
mutators are excluded by linking each module’s register_readonly variant,
so create-* / update-* / delete-* / set-*-tag imports are never bound
either. So even a hypothetical compiler-spec leak finds no linked target.
env.log is bound as a silent no-op (the import must resolve, but template
output is discarded).