These examples show host-side actions executing only when authoritative Context Compiler state explicitly authorizes them.
They demonstrate observable runtime behavior changes rather than prompt compliance. User wording alone does not authorize the action.
Authorizes a host-owned submit_expense function only when state contains:
use expense_approval
The host blocks execution when state is absent or when state contains:
prohibit expense_approval
The tests cover authorized execution, absent-state blocking, prohibited-state blocking, adversarial request text, and the runtime behavior change between blocked and authorized state.
A FastAPI variant also shows the live-model comparison boundary: a live model can say an expense is approved, but the compiler-mediated host still denies the protected mutation unless authoritative state authorizes it.