Agents / Capabilities

89 typed APIs.
Zero shell parsing.

Every OS operation is a structured capability with typed inputs, structured outputs, and a policy gate. Discover via MCP tools/list.

Discovery

MCP (preferred): Connect to ws://<host>:7700/mcp with agent API key, call tools/list. blocked capabilities are omitted.

JSON-RPC fallback: capabilities.list and capabilities.invoke on the same gateway.

Categories (13)

CategoryExample capabilities
filesystemfilesystem.read, filesystem.write, filesystem.list
processprocess.run
networknetwork.fetch
gitgit.commit, git.status, git.diff
schedulercron and one-shot scheduling
systemsystem info and configuration
agentagent lifecycle management
statesession, persistent, shared state
commsinter-agent messaging
secretssecrets.list, secrets.use, secrets.rotate_request
emailemail.list, email.bulk_delete
slackSlack integration
alertsoperator alerting

Invocation example

{ "name": "filesystem.read", "arguments": { "path": "/workspace/README.md" } }

Responses are structured JSON. Errors include type, description, and recovery hints — never raw stderr.

Policy tiers

TierBehavior
autonomousExecute immediately, log to audit
notifyExecute, notify operator
approval_requiredQueue on dashboard for human approval
blockedDeny with structured error

Policy is YAML at /data/kruxos/policies/. Hot-reloadable. Sub-millisecond evaluation. No LLM in the hot path.

Sandbox

Each call forks into an isolated process: Linux user/network namespaces, cgroup v2 (512 MiB / 50% CPU defaults), seccomp BPF, nftables. Landlock planned for v0.0.3.

Full reference: docs.kruxos.com/developers/capabilities · MCP server card