The Heart of Spritely: Distributed Objects and Capability Security
Reference: Christine Lemmer-Webber, Randy Farmer, Juliana Sims (2025). Spritely Institute whitepaper, May 21 2025. Source file: spritely-core.pdf. URL · Project
Summary
The second paper in Spritely’s three-part design series, this whitepaper lays out the technical core of Goblins — a distributed, transactional, object-programming environment built around object capability security (OCap). The thesis: secure peer-to-peer applications should feel like ordinary programming, not like a separate security discipline, and capability security makes that achievable. The operative slogan is “If you don’t have it, you can’t use it” — authority is conveyed only by holding a reference, never ambient.
The paper works through (1) capability security as ordinary reference-passing, motivated against Access Control Lists and the confused-deputy problem; (2) Goblins itself — a distributed object programming model with promise pipelining, vats as containers of synchronous turns, turns as cheap local transactions, and time-travel debugging; (3) OCapN — a new cross-implementation protocol for secure distributed object communication; (4) portable encrypted storage for capabilities; (5) library/application safety implications. Implementations exist for Guile and Racket Schemes, with a roadmap toward language-heterogeneous object invocation.
Goblins is the modern distillation of a three-decade lineage running through Mark Miller’s E language, the CapTP protocol, Jonathan Rees’s capability-kernel argument, and Carl Hewitt’s actor formalism. It reframes agent communication as object-reference passing over the network, offering an alternative substrate to the ACL/RPC-stack approach that dominates modern LLM-agent protocols.
Key Ideas
- Principle of Least Authority (POLA): grant each piece of code only the authority it needs, no more
- Object capability security: authority = unforgeable object reference. Lexical scoping + no ambient authority + no global mutable state
- Confused-deputy problem: why ACLs fail when a privileged program is tricked into acting for an attacker
- Vat: an isolated synchronous execution context; objects live inside vats; vats communicate asynchronously
- Turn: an atomic event loop iteration inside a vat; turns are transactional — errors roll back the turn’s local state
- Promise pipelining (from CapTP): chain calls on a reference before the prior call resolves, reducing round trips
- Time-travel distributed debugging: replay turns deterministically across the network
- OCapN (Object Capability Network): protocol for secure, cross-language distributed object invocation
- Revocation and accountability as programmable patterns over references
- “If you don’t have it, you can’t use it” — the design-level simplification capability security provides
Connections
Conceptual Contribution
- Claim: Secure peer-to-peer applications become routine when authority is conveyed only by holding an unforgeable object reference — no ambient authority, no global mutable state, lexical scope as the capability kernel — and when the network distribution of such references is itself designed as an ordinary message-passing object system.
- Mechanism: Goblins realises the E-language tradition in Scheme (Guile, Racket): objects live in vats; each vat runs atomic turns that serve as cheap local transactions; asynchronous inter-vat invocation uses promise pipelining to collapse round-trips; persistence, upgrade, and cross-language interop are handled by OCapN — a capability-preserving transport protocol. Time-travel debugging exploits the turn-level determinism.
- Concepts introduced/used: Object Capability Security, Principle of Least Authority, Ambient Authority, Confused Deputy, Vat Model, Turn (Goblins), Promise Pipelining, OCapN, CapTP, E Language, Time-Travel Debugging, Capability Revocation
- Stance: engineering / foundational design doc
- Relates to: A modern engineering culmination of the capability-security thread rooted in Security Kernel Lambda Calculus (Rees 1995, explicitly cited) — lexical scope as a capability kernel, extended into a full distributed system. The vat model is a direct descendant of A Universal Modular Actor Formalism for Artificial Intelligence (Hewitt 1973) and sibling to Programming Erlang Second Edition but with security-by-reference as a first-class concern. Frames a structural alternative to the modern LLM-agent protocol stack: where Agent-to-Agent Protocol / Model Context Protocol / Agent Network Protocol layer trust on top of ACL/RPC primitives, OCapN encodes trust in the reference graph itself. The flat context trust model that ClawWorm Self-Propagating Attacks Across LLM Agent Ecosystems exploits and that MalTool Malicious Tool Attacks, AI Agents Under Threat catalogue is precisely the ambient-authority failure capability security is designed to prevent — making Goblins / OCapN a serious candidate substrate for Inter-Agent Trust Models - A Comparative Study’s Constraint trust dimension.