Object-Capability Model

dregg implements an object-capability discipline: authority flows only through unforgeable references. There is no ambient authority -- if you do not hold a capability reference, you cannot perform the action.

Cells

Cells are the unit of identity and state. Each cell has:

Owner -- Ed25519 public key
C-list -- Capability list (unforgeable references to other cells)
Balance -- Computron budget (resource metering)
Nonce -- Monotonic counter for replay protection
Notes -- Private value commitments (Poseidon2)
Program predicates -- Custom Datalog rules governing the cell's behavior

Turns

A turn is an atomic state transition. It either fully commits (all effects applied) or fully rolls back (no state change). Turns contain a call forest: a tree of actions targeting different cells.

Delegation (Attenuation)

Capabilities are delegated by cryptographic attenuation: each step appends a caveat (a restriction predicate) to the token chain. dregg supports two wire encodings — macaroons (HMAC-chained) and biscuits (Ed25519-signed) — and both fold into the same Datalog derivation when presented. The resulting token is strictly less powerful than the parent: no caveat can be removed, and presentation proofs check the entire chain.

In the proof system, attenuation appears as the Fold AIR: each step is a fold over a committed fact set, and the chain is incrementally verifiable. That is what makes “present a capability” equivalent to “prove a STARK against an attested root” — the verifier never sees the chain itself.

DelegatedToken v2 — issuer, subject, authority policy, caveats, nonce, signature.

A v2 delegation envelope. Every field marked “checked” is re-verified on each authorize call; the nonce binds this specific delegation so a captured signature can’t be replayed in a different context.

Three-Party Introduction

The classic ocap pattern: A holds references to B and to C, and wants to introduce them. A emits an Introduce effect in a turn; B receives a routing directive (and, in the CapTP case, a signed handoff certificate) that lets it talk to C directly. A is no longer in the loop. New communication paths are always introduced — there is no global directory and no ambient namespace.

For the offline case, HandoffCertificate (signed by the introducer) and HandoffPresentation (recipient signs the nonce) carry the introduction through store-and-forward delivery. The CapTP layer (see CapTP) makes sturdy refs the durable form: dregg:// URIs with swiss numbers that survive disconnection, serialization, and process restart.

Confinement

The discipline is enforced structurally: a cell can only invoke references in its c-list, the c-list is itself part of the cell’s state, and the Effect VM proves that every reference the turn touched was in-list at turn start. No ambient authority means no “sudo”: there is nowhere for a confused-deputy attack to land.

Lineage

dregg’s execution model descends from Mark Miller’s E and the broader object-capability lineage (Joe-E, Caja, Cap’n Proto, Spritely Goblins, OCapN). The contributions on top are: STARK-verifiable presentation; the Effect VM as the single proof artifact for a turn; receipt chains as portable state proofs; and CapTP sturdy refs unified with capability tokens so the same delegation primitive covers in-session and across-session.