0x0 Capability Reference

This public reference separates source capability annotations from runtime host

capabilities.

Source Capabilities

Source functions may use:

(cap pure)

Current source capability names:

• pure;
• io;
• file;
• network;
• process.

Unannotated functions default to io.

Pure Enforcement

A pure function may call pure functions and pure builtins. It may not call

effectful builtins or functions whose capability is not pure.

Runtime Capabilities

Host runtime capabilities use a more detailed app boundary taxonomy documented

in docs/runtime-capabilities.html. Examples include file read/write, process

spawn, network client/server, browser snapshot, database query, secret, time,

state, deploy, and fake runtime capabilities.

Boundary Rule

Source capability annotations describe what a 0x0 function is allowed to do.

Runtime capabilities describe what host effects an app runtime can perform.

Do not treat source network or process annotations as proof that generic

socket or subprocess builtins exist in the core language.

Fake Adapter Rule

cap.test.fake-runtime and fake runtime modules are for deterministic tests.

They must not be the only evidence for a production runtime feature claim.

Deferred Areas

Embedded, HAL, RTOS/BSP, secure boot, and hardware capabilities are deferred in

current 0x0 public docs.