Capability-aware execution everywhere.
The Unified Capability Surface Architecture is how the product model runs on real infrastructure without becoming infrastructure-shaped. 37 canonical surface kinds across 7 families, three first-class implementation sources, all flowing through one router, one registry, one descriptor shape. Scaling is handled the same way: project intent meets declared RuntimeSubstrate capability, then realizes natively, runtime-enforced, or fail-closed.
Same contract. Different execution per provider.
A provider declares its capabilities. Vadyl reads the declaration and branches per-feature, per-provider. Native row-level security on Postgres? Compiles to it. Provider has no native RLS? Runtime enforcement kicks in. The product model is stable; the execution path varies.
Per-feature branching
27 capability categories with 160 flags, plus substrate-specific runtime categories for scaling, autoscale metrics, resources, ingress, protocols, and artifacts. Every flag has an enforcement point.
Native delegation
Where the provider supports the operation, Vadyl compiles to the native shape. ONLINE = ON on SQL Server. CONCURRENTLY on Postgres. INSTANT on MySQL. RAW Cypher on Neo4j. Aggregation pipelines on Mongo.
Runtime supplement
Where the provider lacks the capability, Vadyl supplements at runtime. SecurityPredicateResolver injects resolved predicates upstream so document providers get the same RLS semantics native ones get.
Cross-provider orchestration
Where atomicity demands distributed coordination, Vadyl picks 2PC if both providers support it, saga compensation otherwise. Capability mismatches surface explicitly through GuaranteeTier.
Compensation
Where rollback is required, Vadyl walks the saga LIFO with deterministic priority ordering. Cross-provider, cross-storage, cross-resource — same compensation model everywhere.
Fail-closed everywhere else
If no strategy is viable under declared caps, Vadyl rejects the operation at compile, never at runtime. Anti-pattern #6 codified: every capability-gated path implements both branches; never one.
One contract per substrate. Vendor-neutral.
Across 7 broader UCSA families, Vadyl ships canonical surfaces for every operational concern. Switch providers without rewriting product logic — the binding changes, the model does not.
Database (7 providers)
PostgreSQL · SQL Server · MySQL · MongoDB · Redis · Neo4j · Cassandra. Across 4 maturity tiers.
Storage
S3 · Azure Blob · GCS · Local Disk · MinIO. 14 sub-interfaces declare capability granularly.
Cache
Redis · In-Memory. AEAD-wrapped post-enforcement, two-layer model with real singleflight.
Distribution / CDN
CloudFront (RSA) · Cloudflare (HMAC + tag purge) · Front Door (SAS HMAC + residency) · Fastly (token + service-version apply).
Analytics fabric
UMG compiler, query planner, materialization, lineage, privacy gates. Compile pipeline IS explain pipeline.
Runtime fabric
AWS ECS Fargate today; Cloud Run, K8s, Nomad, Fly.io, and edge substrates as peer connectors. Scaling, resources, and self-hosted LLM serving land here.
Email · SMS
SendGrid · Postmark · SES · Resend · SMTP for email. Twilio · Vonage · MessageBird · AWS SNS for SMS.
Identity providers
OIDC · SAML · OAuth2 · Passkey · Password · JWT · Custom · ServiceAccount · Anonymous. Pluggable through factory registry.
Model inference adapters
Anthropic · OpenAI · DeepSeek · Moonshot. Capability-aware LLM routing through ILlmCapabilityRegistry.
Connection adapters
HTTP · OAuth · SMTP · gRPC · LLM · KMS · Webhook. Typed integrations referenced from authored code via ctx.connections.
Secrets providers
KMS, Vault, Doppler, config, and environment-backed secret providers through the same key ring and host-import abstraction.
Custom implementations
Author your own implementation in any language that compiles to the Wasm Component Model. Indistinguishable from built-in at the router.
BuiltInNative · DeclarativeBundle · AuthoredComponent.
All three are first-class peers, indistinguishable at the router. WIT (WebAssembly Interface Types) under wit/worlds/connector/ is the single source of truth for contracts. A connector authored in Rust compiled to Wasm has the same descriptor shape, the same capability declaration, the same conformance requirements as a built-in C# class.
Connectors are one source. Projects can publish the surface.
A custom connector implements a capability. A project capability surface packages project-owned capability slices for other projects to install. Both use UCSA, but they answer different questions: how a capability is implemented, and how a project publishes it.
CommandSurface
Projects can publish governed CLI command groups backed by native handlers, workflows, connectors, or Wasm components.
WorkflowSurface
Durable workflows, scheduled handlers, and event consumers can be exported as installed actions and triggers.
AgentSkillSurface
Skills and MCP tools can be projected to consumers with grant narrowing, model requirements, memory scope, and token budgets.
Across 7 UCSA families
All canonical, all peer
6 families, closed by construction
Capability-aware everywhere
Plug in anything.
Pick a vendor. Swap when contracts expire. Author your own surface in Rust or Go. Vadyl keeps the wiring, secrets, failover, and capability negotiation behind the product model.