After grafting onto the Membrane, an agent holds references to:
| Capability | What it does |
|---|---|
| Host | Peer identity, listen addresses, connected peers, network access |
| Runtime | Load WASM binaries and obtain scoped Executors (with compilation caching) |
| Routing | Kademlia DHT: publish and discover content/services |
| Identity | Host-side signing (private key never enters WASM) |
| HttpClient | Outbound HTTP requests (domain-scoped) |
| StreamListener / StreamDialer | Open and accept libp2p byte streams for custom subprotocols |
| VatListener / VatClient | Serve and consume Cap'n Proto RPC capabilities over the network |
Each capability is epoch-guarded: it fails with staleEpoch once the
on-chain head advances, forcing a re-graft.
- Agent calls
membrane.graft()to receive epoch-scoped capabilities - Having a Membrane reference IS authorization (ocap model)
- To gate access, wrap the Membrane in a
Terminal(Membrane)challenge-response auth layer - When the on-chain epoch advances, all capabilities are revoked
- Agents re-graft, picking up the new state automatically
Schema definitions live in capnp/:
system.capnp— Host, Runtime, Executor, Process, ByteStream, StreamListener, StreamDialer, VatListener, VatClient, HttpListenerstem.capnp— Terminal, Membrane, Epoch, Signer, Identityipfs.capnp— IPFS CoreAPI (UnixFS, Block, Pin, ...)routing.capnp— Kademlia DHT (provide, findProviders, hash)