---
title: Capabilities — KruxOS
description: 89 typed KruxOS capabilities across 13 categories — discovery, invocation, and policy.
---

# Capabilities

89 typed capabilities across 13 categories. Structured inputs and outputs — no shell parsing.

## Discovery

**MCP**: `ws://<host>:7700/mcp` with agent API key → `tools/list`

**JSON-RPC fallback**: `capabilities.list` and `capabilities.invoke` on the same gateway.

`blocked` capabilities are omitted from listings.

## Categories

| Category | Count | Examples |
|----------|------:|----------|
| filesystem | 12 | `filesystem.read`, `filesystem.write`, `filesystem.list` |
| process | 5 | `process.run` |
| network | 4 | `network.fetch` |
| git | 8 | `git.commit`, `git.status`, `git.diff` |
| scheduler | 4 | cron, one-shot delay |
| system | 4 | `system.time`, `system.info`, `system.health` |
| agent | 4 | identity, discovery, session info |
| state | 24 | session / persistent / shared state |
| comms | 4 | inter-agent messaging |
| secrets | 3 | `secrets.list`, `secrets.use`, `secrets.rotate_request` |
| email | 7 | Gmail via Service Proxy |
| slack | 7 | Slack via Service Proxy |
| alerts | 3 | operator alerting |

## Policy tiers

| Tier | Behavior |
|------|----------|
| `autonomous` | Execute immediately |
| `notify` | Execute, notify operator |
| `approval_required` | Queue on dashboard (24h default hold) |
| `blocked` | Deny; hidden from `tools/list` |

## Sandbox

Per-capability fork: Linux user/network namespaces, cgroup v2, seccomp BPF, nftables. Landlock planned for v0.0.3.

## References

- [MCP server card](https://kruxos.com/.well-known/mcp/server-card.json)
- [Capability reference](https://docs.kruxos.com/developers/capabilities/)
- [Permission model](https://docs.kruxos.com/concepts/permission-model/)