Synsema docsENES

Índice de capacidades

Deny-by-default: se declara con require capability("scope"). Ver Capacidades e intent para el modelo.

capabilities.syn
-- Doc example: deny-by-default capabilities + faithful scope.
-- Uses `secret` because it proves the model with no network/disk side effects.
intent: "doc example: capabilities and intent"
require secret("APP_*")          -- name-prefix scope: covers APP_KEY, APP_DB, ... only

task read_app_key()
    -- APP_KEY is under the declared APP_* scope → allowed (still redacted, as always)
    give text(secret("APP_KEY", "demo")) == "secret(APP_KEY)"

task read_unscoped()
    -- DB_PASSWORD is NOT under APP_* → denied at the capability check (before any use)
    give secret("DB_PASSWORD")

print("APP_KEY is in scope → " + text(read_app_key()))

test "a capability you declared (in scope) is allowed"
    assert(read_app_key())

test "anything outside the declared scope is denied (deny-by-default)"
    assert_error(read_unscoped)
CapacidadGateaScope¿Auto-otorgada en run?
stdoutprint / salida
timenow, format_time, sleep
llmreason/decide/analyze/generate, llm_step (incl. egress al proveedor)
randomrandom, random_intno (tokens/nonces)
nethttp*, fetchhost: net("api.x"), net(".x"), net("")no
filelectura y escrituraruta: file("/data/*")no
file.read / file.writeI/O de mínimo privilegioglob de rutano
dbsql/mongo_/redis_ruta (SQLite) o URL canónicano
secretsecret(...)nombre: secret("APP_*")no
revealreveal(...)nombre/label (scopeado)no
execrun (shell)nombre del comandono
serveserve on Npuertono (y exigida)
envenv(...)nombre / prefijono
stdinread_line, ask de texto libreno

Notas: los scopes de ruta son fieles (los escapes con .. se deniegan). sandbox despoja todo. Un require por-task acota la task a solo lo que declara (∩ el programa). Bajo serve/modo seguro, incluso las auto-otorgadas deben declararse.