Índice de capacidades
Deny-by-default: se declara con require capability("scope"). Ver Capacidades e intent para el modelo.
-- Doc example: deny-by-default capabilities + faithful scope.
-- Uses `secret` because it proves the model with no network/disk side effects.
intent: "doc example: capabilities and intent"
require secret("APP_*") -- name-prefix scope: covers APP_KEY, APP_DB, ... only
task read_app_key()
-- APP_KEY is under the declared APP_* scope → allowed (still redacted, as always)
give text(secret("APP_KEY", "demo")) == "secret(APP_KEY)"
task read_unscoped()
-- DB_PASSWORD is NOT under APP_* → denied at the capability check (before any use)
give secret("DB_PASSWORD")
print("APP_KEY is in scope → " + text(read_app_key()))
test "a capability you declared (in scope) is allowed"
assert(read_app_key())
test "anything outside the declared scope is denied (deny-by-default)"
assert_error(read_unscoped)
| Capacidad | Gatea | Scope | ¿Auto-otorgada en run? |
|---|---|---|---|
stdout | print / salida | — | sí |
time | now, format_time, sleep | — | sí |
llm | reason/decide/analyze/generate, llm_step (incl. egress al proveedor) | — | sí |
random | random, random_int | — | no (tokens/nonces) |
net | http*, fetch | host: net("api.x"), net(".x"), net("") | no |
file | lectura y escritura | ruta: file("/data/*") | no |
file.read / file.write | I/O de mínimo privilegio | glob de ruta | no |
db | sql/mongo_/redis_ | ruta (SQLite) o URL canónica | no |
secret | secret(...) | nombre: secret("APP_*") | no |
reveal | reveal(...) | nombre/label (scopeado) | no |
exec | run (shell) | nombre del comando | no |
serve | serve on N | puerto | no (y exigida) |
env | env(...) | nombre / prefijo | no |
stdin | read_line, ask de texto libre | — | no |
Notas: los scopes de ruta son fieles (los escapes con .. se deniegan). sandbox despoja todo. Un require por-task acota la task a solo lo que declara (∩ el programa). Bajo serve/modo seguro, incluso las auto-otorgadas deben declararse.