How Capa compares
Where Capa sits among the capability-typed languages and among the existing sources of capability claims. Everything here tracks docs/positioning.md in the compiler repository, which is the canonical version; last reviewed against it in June 2026.
Where do the claims come from?
Comparing an SBOM's capability claims against a policy file is roughly thirty lines of code in any language. The pipeline downstream of the claims is not the interesting part. The interesting part is upstream: where do the claims come from, and why should an auditor believe them?
Three existing sources, and Capa
In the ecosystems that have capability claims at all, the claims come from one of three places. The right column is what an auditor actually gets.
The runtime enforces the list, but the static picture depends on the author being honest and complete; in practice a previous release's manifest gets copy-pasted forward and the discrepancies accumulate.
Output with both false negatives (unmodelled indirect calls; adversarial code can route around the analyser) and false positives, so "no Net usage detected" cannot be distinguished from "the analyser missed it".
A record of what the program did during the runs that were observed, which says nothing about what it could do on a path no test exercised.
A declaration that lists every authority the function could possibly use, with a compiler that rejects any program whose code reaches an authority the declaration omits. The auditor re-derives the SBOM from source with capa --cyclonedx and needs no second analyser.
Capability typing predates Capa by decades
Several language families have explored it. One sentence on each, and on how it relates to Capa's use case.
Reference capabilities (iso, trn, ref, val, box, tag) govern aliasing and data-race freedom in an actor model: the same intellectual family, aimed at concurrency safety rather than external-authority audit.
An effect row that includes <net> is shape-equivalent to a function taking a Net parameter, but the ecosystems are research-grade and there is no SBOM tooling story today.
Phantom types and the ReaderT-of-capability-record pattern get close to the same soundness property, but as a library convention rather than a language guarantee: any contributor who imports IO directly bypasses it.
Capabilities arrive through the platform (the platform provides effectful primitives, the program receives them as values), making Roc the closest in spirit among production-aimed new languages; it is still pre-1.0 and the SBOM angle has not been explored upstream.
A component's WIT imports are a genuine, machine-readable capability surface, at module granularity rather than function granularity; Capa compiles to Wasm-CM, so the two are complementary rather than competing.
The only other language with capability-based I/O as its headline: a systems language in the C / Rust space whose toolchain emits stable error codes and typed repair categories for AI-agent repair loops; it shares Capa's root and splits on audience (AI-agent toolchain vs supply-chain auditor).
What Capa cannot claim
A comparison page that only lists wins is marketing. From the same positioning document:
- The mechanism is not new. Capability typing is decades old and well-understood; Capa's contribution is the combination (discipline by construction feeding machine-verifiable per-function audit artefacts), not the primitive.
- It is a one-person project. Capa is at 1.15 with a stability commitment, but there are no industrial adopters and no third-party libraries.
- The default runtime is CPython, with measured overhead between 1.00× and 1.45× against hand-written Python on the benchmark suite; the Wasm Component Model backend emits a component the runtime (for example wasmtime) can AOT-compile, which is distinct from a dedicated native backend; a dedicated native/LLVM backend is deliberately deferred, with no date.
- The ecosystem is shallow. There is a CLI, an LSP server, a formatter, the SBOM emitters and diff tooling, a package manager with a signed registry index, and a small standard library; no debugger story beyond CPython's.
- The Wasm Component Model competes for the same role at module granularity, with a much larger ecosystem behind it.
Where to go next
Full positioning document →
The canonical, maintained version of everything on this page, including the thesis in one sentence.
Why Capa exists →
The case against ambient authority, with runnable code rather than comparisons.
The audit artefacts →
What --manifest, --cyclonedx, --spdx, --vex and --provenance emit.
See it on an LLM agent →
A worked example where the per-function capability bound is the security argument.