Skip to main content

Runtime Glossary

Runtime -- The minimal trusted base (~5,000 lines of Rust) that enforces isolation, verifies signatures, and validates capability tokens. Produces the single elastos binary. Pure Rust, zero C dependencies, zero OpenSSL.

Capsule -- The fundamental unit of execution. Every app, service, agent, and content bundle runs as a capsule with zero ambient authority. Four types: Executable (WASM), Executable (VM), Data, and Agent. See Capsule Model.

Capability Token -- A signed, scoped permission slip granting a capsule access to a specific resource for a specific action. Ed25519-signed, time-limited, use-count limited, revocable. See Capability System.

Epoch -- A monotonic counter maintained by the runtime. Incrementing it invalidates all previously issued capability tokens at once.

Shell -- The capsule responsible for policy decisions: who gets capability tokens and under what conditions. See the Roadmap for its planned evolution.

Provider -- A capsule that exposes a service to other capsules through a defined contract. Examples: localhost-provider (file I/O), did-provider (identity), peer-provider (P2P networking).

Carrier (Runtime Context) -- The trust enforcement layer in the runtime's three-layer architecture. Distinct from classic Carrier/Boson. See Carrier P2P for both meanings.

WebSpace -- One of three default URI namespaces: https://, localhost://, elastos://. See Spaces & Namespaces.

CID -- Content Identifier. A cryptographic hash uniquely identifying a piece of content. IPFS-compatible.

did:key -- The runtime's local identity format. An Ed25519 keypair for signing messages and proving identity. A bridge to on-chain did:elastos is planned.

Data Capsule -- A capsule type bundling encrypted content with a declared viewer CID. See Capsule Model.

Microkernel Design -- The architectural principle: the Carrier layer provides mechanism (enforces tokens), the Shell provides policy (decides who gets tokens). See Architecture.

elastos-guest -- The Rust SDK crate that capsule developers link against. See Capsule Development.