Current state
Both capsec-std and capsec-tokio wrap the most common I/O functions, but several std and tokio functions are missing from both crates. Since capsec-tokio mirrors capsec-std, additions should be made to both in parallel.
Missing filesystem wrappers
These exist in std::fs / tokio::fs but are not wrapped:
| Function |
Permission |
Notes |
symlink_metadata |
FsRead |
Reads metadata without following symlinks |
canonicalize |
FsRead |
Resolves symlinks to canonical path |
read_link |
FsRead |
Reads the target of a symlink |
try_exists |
FsRead |
Checks if a path exists (tokio only) |
hard_link |
FsWrite |
Creates a hard link |
set_permissions |
FsWrite |
Changes file permissions |
create_dir |
FsWrite |
Creates a single directory (not recursive) |
remove_dir |
FsWrite |
Removes an empty directory |
Missing network wrappers
| Function |
Permission |
Notes |
UdpSocket::connect |
NetConnect |
Connects a UDP socket to a remote address (tokio only — sets default send target) |
Not wrapping (intentional)
| Function |
Why |
env::var (async) |
Env vars are not async — no tokio equivalent |
OpenOptions |
Builder pattern is hard to gate meaningfully; users can use open()/create() |
tokio::net::UnixStream / UnixListener |
Platform-specific (unix only), unclear permission mapping |
tokio::spawn |
Task spawning is not I/O authority in the capsec model |
Approach
Each new function follows the existing pattern:
capsec-std: let _proof: Cap<P> = cap.cap_ref(); then delegate to std::*capsec-tokio: { let _proof: Cap<P> = cap.cap_ref(); } then delegate to tokio::* with .await
Add to both crates in the same PR to keep them in sync.
Priority
Nice-to-have for v0.2. The current coverage handles the common cases. These are long-tail functions that most users won't need immediately.
Current state
Both
capsec-stdandcapsec-tokiowrap the most common I/O functions, but severalstdandtokiofunctions are missing from both crates. Since capsec-tokio mirrors capsec-std, additions should be made to both in parallel.Missing filesystem wrappers
These exist in
std::fs/tokio::fsbut are not wrapped:symlink_metadataFsReadcanonicalizeFsReadread_linkFsReadtry_existsFsReadhard_linkFsWriteset_permissionsFsWritecreate_dirFsWriteremove_dirFsWriteMissing network wrappers
UdpSocket::connectNetConnectNot wrapping (intentional)
env::var(async)OpenOptionsopen()/create()tokio::net::UnixStream/UnixListenertokio::spawnApproach
Each new function follows the existing pattern:
capsec-std:let _proof: Cap<P> = cap.cap_ref();then delegate tostd::*capsec-tokio:{ let _proof: Cap<P> = cap.cap_ref(); }then delegate totokio::*with.awaitAdd to both crates in the same PR to keep them in sync.
Priority
Nice-to-have for v0.2. The current coverage handles the common cases. These are long-tail functions that most users won't need immediately.