Every OS operation is a structured capability with typed inputs, structured outputs, and a policy gate. Discover via MCP tools/list.
MCP (preferred): Connect to ws://<host>:7700/mcp with agent API key, call tools/list. blocked capabilities are omitted.
JSON-RPC fallback: capabilities.list and capabilities.invoke on the same gateway.
| Category | Example capabilities |
|---|---|
| filesystem | filesystem.read, filesystem.write, filesystem.list |
| process | process.run |
| network | network.fetch |
| git | git.commit, git.status, git.diff |
| scheduler | cron and one-shot scheduling |
| system | system info and configuration |
| agent | agent lifecycle management |
| state | session, persistent, shared state |
| comms | inter-agent messaging |
| secrets | secrets.list, secrets.use, secrets.rotate_request |
| email.list, email.bulk_delete | |
| slack | Slack integration |
| alerts | operator alerting |
Responses are structured JSON. Errors include type, description, and recovery hints — never raw stderr.
| Tier | Behavior |
|---|---|
| autonomous | Execute immediately, log to audit |
| notify | Execute, notify operator |
| approval_required | Queue on dashboard for human approval |
| blocked | Deny with structured error |
Policy is YAML at /data/kruxos/policies/. Hot-reloadable. Sub-millisecond evaluation. No LLM in the hot path.
Each call forks into an isolated process: Linux user/network namespaces, cgroup v2 (512 MiB / 50% CPU defaults), seccomp BPF, nftables. Landlock planned for v0.0.3.
Full reference: docs.kruxos.com/developers/capabilities · MCP server card