Expand description
Connection-scoped capability allow-list.
SP-12 demonstrates the §VI least-privilege shape without committing to a
cryptographic token format. Capabilities are trusted free-form strings the
server operator declares at start time via --grant-capability; the
connection’s Hello request asks for a subset, and the server replies with
what it granted. A future SP can swap this allow-list for UCAN verification
without changing CapabilitySet’s public surface.
Structs§
- Capability
Set - Set of capabilities currently granted to a connection. Deterministically
ordered (BTreeSet) so
granted()returns a stable sequence — important for wire-level reproducibility and test assertions.