So like seccomp? Or do you mean a simpler interface like pledge? I haven't really used the seccomp syscall or eBPF directly but I have used libseccomp (https://github.com/seccomp/libseccomp) successfully.

Totally uncool and a dead end. Nobody else will do it that way. "The promises argument is specified as a string, with space separated keywords". caps as strings to be tokenized at runtime are slow, insecure and not validated at compile-time. Never trust a parser in core. This needs to be a bitmask of course. Don't let ruby programmers add OS API's.