Capsule Documentation

This documentation serves as the primary source for /docs/specs specifications, providing current implementation status and future migration plans under the same assumptions.

How to Read This Documentation

Start with Getting Started for the minimal setup, then review Core Concepts to understand the execution model. Command specifications are in CLI Reference, and distribution procedures are in Publish Guideline.

Policy

Latest spec update: February 7, 2026 (docs/specs/README.md). Refer to each spec’s “Implementation Status” table for implemented/unimplemented items.

Major Spec Status

Spec	Status	Key Points
CAPSULE_CLI_SPEC.md	v0.3	capsule acts as IPC Broker (migrated from nacelle)
NACELLE_SPEC.md	v0.3	Focus on Source Runtime + Sandbox Enforcer
DESKTOP_SPEC.md	v0.3	Guest Host / User Consent / Deep Link UI
DRAFT_LIFECYCLE.md	v1.2 Accepted	[tasks] and [services] separation + DAG execution
DRAFT_CAPSULE_IPC.md	v1.1 Accepted	JSON-RPC 2.0 as unified format
CAPSULE_SPEC.md	v0.1 Draft	capsule.toml required structure
STORE_SPEC.md	v0.1 Accepted	Cloudflare Workers + D1 + R2 distribution

Architecture Boundaries (Smart Build, Dumb Runtime)

The current basic boundaries are three layers: capsule-cli handles runtime selection and IPC mediation, nacelle handles isolation and process execution, and ato-desktop handles user interaction.

capsule-cli: Router / IPC Broker / packaging / signing / validate / install

nacelle: Source runtime, supervisor, sandbox policy enforcement

ato-desktop: HostBridge, mode transition consent, dashboard UI

Page Index

• Getting Started - Quick start: capsule setup → new → validate → open
• Core Concepts - manifest / lifecycle / runtime routing / IPC roles
• CLI Reference - capsule subcommands and phase-specific features
• Publish Guideline - Creating signed artifacts and Store publication flow
• Future Roadmap - v0.3→v0.4+ implementation priorities

---

Updated for specs as of 2026-02-07.