ilusm.dev

cap

Named capability bundles for sbx sandboxes - pre-composed syscall allow-lists you can pass to sbxmk by name instead of hand-listing individual syscalls.

Load with: use cap

What this module does

When creating a sbx sandbox with sbxmk, you must provide a list of allowed syscall names. cap provides named, pre-composed capability bundles so you can write sbxmk(capht()) instead of spelling out every HTTP syscall by hand.

Bundles compose with each other using sbx.cat (re-exported as capcat). Several convenience aliases export the most commonly needed sbx and pol primitives directly so you don't need to use sbx or use pol separately.

Quick example

use cap
use sbx

# Sandbox that can make HTTP requests and write files
allowed = capcat(capht(), capfs())
sbox = sbxmk(allowed)

# Sandbox for an AI tool agent
ai_sbox = sbxmk(capai())

# Sandbox for testing (full local dev access)
test_sbox = sbxmk(captr())

# Combine HTTP + TCP into a "net client" bundle
net_sbox = sbxmk(capne())

Functions

Re-exported primitives

capcat

Alias for sbx.cat - concatenates two capability lists into one.

cappolcat

Alias for pol.cat - concatenates policy lists.

capstdout

Alias for sbx.stdout - stdout write syscall.

captime

Alias for sbx.time - time-read syscall.

capfsro

Alias for sbx.fsro - read-only filesystem syscalls.

Capability bundles

capex()

Execute - ["__os_run"]. Allows spawning OS processes.

capht()

HTTP client - GET, POST, PUT, PATCH, DELETE.

captc()

TCP client - dial, connect, send, recv, close.

capfs()

Filesystem read-write - all read-only syscalls plus __sys_write_file. Also available as a time-inclusive variant (second definition adds captime()).

capch()

Channels - new, send, recv, close.

capsp()

Spawn/wait - __sys_spawn and __sys_wait.

capai()

AI tool agent - getenv, file write, file remove, run process, plus time.

capne()

Network client - HTTP + TCP combined.

capob()

Observability - log, span begin, span end.

cappr()

Process info - argv and environment variables.

capde()

Local development - filesystem read-write-time + net client + channels.

captr()

Testing/CI - local dev + spawn/wait + exec + observability.

Notes

  • Compose multiple bundles with capcat(bundle1, bundle2).
  • These are static lists - they control which native syscalls a sandbox may call, not what network addresses it can reach. Use pol for network-level policy.
  • Requires sbx and pol.