Can I confidently (i.e. with reason to trust the source) install one today from boot media, expect my applications to just work, and have a proper GUI experience out of box?

People will use the equivalent of audit2allow https://linux.die.net/man/1/audit2allow and not go the extra mile of defining fine-grained capabilities to reduce the attack surface to a minimum.

Problem is if people are vibecoding with these tools then the capability "can write to local folder" is safe but once that code is deployed it may have wider consequences. Anything. Any piece of data can be a confused deputy these days.

This type of security is an improvement but doesn’t actually address all the possible risks. Say, if the capabilities you need to complete a useful, intended action match with those that could be used to perform a harmful, fraudulent action.

Have you, or anyone, ever lived with such a system?

For human beings, they sound like a nightmare.

We're already getting a taste of it right now with modern systems.

Becoming numb to "enter admin password to continue" prompts, getting generic "$program needs $right/privilege on your system -- OK?".

"Uh, what does this mean? What if I say no? What if I say YES!?"

"Sorry, $program will utterly refuse to run without $right. So, you're SOL."

Allow location tracking, all phone tracking, allow cookies.

"YES! YES! YES! MAKE IT STOP!"

My browser routinely asks me to enable location awareness. For arbitrary web sites, and won't seem to take "No, Heck no, not ever" as a response.

Meanwhile, I did that "show your sky" cool little web site, and it seemed to know exactly where I am (likely from my IP).

Why does my IDE need admin to install on my Mac?

Capability based systems are swell on paper. But, not so sure how they will work in practice.

I wish I could share your optimism.