type HttpClient = { ... };
domain IoError { ... }
role Hashable;

const requestId = generateId();
function readFile(path: Path) -> Bytes { ... }
type User = { firstName: String, lastName: String };

const maxRetries = 3;
const DEFAULT_TIMEOUT = Duration.seconds(30);

package net.http;
package data.json;
package my.app.server;

function process(x: i32) -> i32 {
  if x > 0 {
    return x * 2;
  } else {
    return 0;
  }
}

const result = very_long_function_name(
  first_argument,
  second_argument,
  third_argument
);

function foo() -> Unit {
  // ...
}

if condition {
  // ...
} else {
  // ...
}

// PREFER
function process(input: Input) -> Output error ProcessError {
  ensure input.valid === true else err InvalidInput { ... };
  ensure input.size < MAX_SIZE else err TooLarge { ... };
  
  // main logic at low nesting level
  return ok transform(input);
}

// AVOID
function process(input: Input) -> Output error ProcessError {
  if input.valid === true {
    if input.size < MAX_SIZE {
      // deeply nested
      return ok transform(input);
    } else {
      return err TooLarge { ... };
    }
  } else {
    return err InvalidInput { ... };
  }
}

function processRequest(req: Request) -> Response error AppError effects [fs, net] {
  const config = check loadConfig(fs);
  const data = check fetchData(req.url, net);
  const result = check transform(data, config);
  return ok formatResponse(result);
}

// pure: easy to test, easy to reason about
function validatePort(n: u32) -> Bool {
  return n >= 1 && n <= 65535;
}

// effectful: thin wrapper
function readPort(path: Path, cap fs: Fs) -> Port error ConfigError effects [fs] {
  const text = check fs.read_all_text(path);
  const n = check number.parse_u32(text);
  ensure validatePort(n) === true else err InvalidPort { value: n };
  return ok Port(n);
}

// handles the edge case where the buffer wraps around
const effective_len = if end > start { end - start } else { capacity - start + end };

// SAFETY: pointer is valid because we just allocated it above
const view = view.from_raw_unchecked(ptr, len);

// increment counter
counter = counter + 1;

// check if x is greater than 10
if x > 10 { ... }

/// parses a port number from a string
/// 
/// returns ParseError if the string is not a valid number
/// or if the number is outside the valid port range (1-65535)
function parsePort(s: String) -> Port error ParseError { ... }

function handleRequest(raw: Bytes) -> Response error AppError {
  const request = check parseRequest(raw);  // validate structure
  ensure request.size < MAX_REQUEST_SIZE else err TooLarge { ... };
  ensure isAllowedPath(request.path) === true else err Forbidden { ... };
  // ...
}

// WRONG
const API_KEY = "sk-12345...";

// CORRECT
function callApi(cap secrets: Secrets) -> Response effects [net] {
  const key = secrets.get("API_KEY");
  // ...
}

type Port = u16 where self >= 1 && self <= 65535;
type Email = String where text.contains(self, "@");

function processSecret(secret: View<u8>) -> Hash effects [alloc] {
  const hash = crypto.hash(secret);
  mem.secure_zero(secret);  // not optimized away
  return hash;
}