0x0LearnReferenceLibrariesMigration0x0.jmp0x1b.com

Runtime Capabilities

The app runtime boundary uses explicit capabilities so pure application code,

compatibility constructors, and real host effects remain separate.

| Capability | Category | Host Effect |

| --- | --- | --- |

| cap.pure | pure | deterministic constructors, projection, validation |

| cap.io.stdio | io | stdin, stdout, stderr |

| cap.file.read | file | reading regular files and directory metadata |

| cap.file.write | file | writing files and creating directories |

| cap.process.spawn | process | spawning subprocesses and collecting status |

| cap.network.client | network | outbound HTTP and socket clients |

| cap.network.server | network | inbound HTTP, WebSocket, and health listeners |

| cap.browser.snapshot | browser | deterministic browser/page capture |

| cap.database.query | database | SQL or document database queries |

| cap.crypto.secret | crypto | secret handling, signing, verification, random bytes |

| cap.time.read | time | wall clock, monotonic clock, deadlines |

| cap.state.local | state | app-local durable state and cache directories |

| cap.deploy.remote | deploy | image, Helm, Kubernetes, SSH, and rsync operations |

| cap.test.fake-runtime | test | deterministic fake runtime injection |

Pure code can call only cap.pure functions. Any function that reaches the host

must declare one of the effect capabilities above and return a stable host

result shape:


(list "HostOk" value)
(list "HostErr" code message capability)

Compatibility constructors are data-only. They can normalize or preserve legacy

wire labels, but they cannot perform file, process, network, browser, database,

time, state, crypto, deploy, or test effects.

Unsupported host calls fail at compile time when the front end has static

capability support. Until then, runtime startup checks compare

abi/runtime-calls.tsv with the production and fake runtime modules and fail

before command dispatch if a call is missing or has inconsistent support.

Public Boundary Note

This document describes the app host runtime capability taxonomy. It does not

mean every capability is a core language builtin. Source-level capability

annotations are documented in docs/capabilities.html.

Fake runtime support is test infrastructure. A fake runtime result must not be

used as the only evidence for a production feature claim.