One attempted use of a capability. The unit of interception, authorization, and audit.Documentation Index
Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt
Use this file to discover all available pages before exploring further.
Definition
A Capability describes what exists. AnAgentAction is one attempted use of it.
That distinction matters. Policy cannot make useful decisions from tool_name = refund_customer. It needs the attempted use: which agent, acting for which principal, in which tenant, in which environment, with which arguments, right now.
The AgentAction captures all of that. It is the thing the runtime inspects, authorizes, modifies, audits, or blocks.
How Actions Are Created
When you call a capability decorated with@runtime.capability, Brane automatically creates the AgentAction from the runtime context and bound arguments.
Example Action
Lifecycle
- Created before the
before_capabilitypolicy stage - Before decision when policy evaluates the action and returns a Decision
- Executed if allowed, when the function runs
- After record when a new AgentAction is created with
outputpopulated - After decision when
after_capabilitypolicy evaluates the output - Returned or denied when output is returned or
CapabilityDeniedErroris raised
Fields
| Field | Type | Description | |
|---|---|---|---|
action_id | str | Unique ID for this action. Auto-generated if not provided. | |
trace_id | `str | None` | Trace this action belongs to. |
parent_action_id | `str | None` | Parent action ID for nested or delegated actions. |
action_type | str | What kind of action this is. | |
timestamp | str | ISO 8601 timestamp when the action was created. | |
agent_id | `str | None` | Identity of the agent attempting the action. |
principal_id | `str | None` | User or service the agent is acting on behalf of. |
tenant_id | `str | None` | Tenant in a multi-tenant deployment. |
environment | `str | None` | Runtime environment. |
capability | Capability | The capability being attempted. | |
input | dict | Bound input arguments for the capability call. | |
output | `Any | None` | Output after execution. Populated in after-action records. |
input_summary | `str | None` | Human-readable input summary for audit. |
output_summary | `str | None` | Human-readable output summary for audit. |
cost_so_far_usd | `float | None` | Accumulated cost so far in the trace. |
estimated_cost_usd | `float | None` | Estimated cost for this action. |
latency_so_far_ms | `float | None` | Accumulated latency so far in the trace. |
labels | dict | Arbitrary key-value labels for filtering. | |
metadata | dict | Arbitrary metadata for policy use. |
Computed Property
is_prod:Trueifenvironment == "prod". Exposed on PolicyContext asctx.is_prod.
Action Types
| Type | Description |
|---|---|
tool_call | Generic tool invocation |
model_call | LLM or embedding call |
memory_read | Read from agent memory |
memory_write | Write to agent memory |
retrieval | Vector or semantic search |
database_query | Database query |
external_api_call | External HTTP API call |
mcp_tool_call | MCP tool invocation |
sandbox_execution | Code execution in a sandbox |
file_read | File read |
file_write | File write |
secret_access | Credential or secret retrieval |
agent_handoff | Handoff to another agent |
human_approval | Human approval request |
Identity Fields
The combination ofagent_id, principal_id, and tenant_id answers the most important governance question: who is doing this, on behalf of whom, for which customer.
Policy can check these via ctx.agent_id, ctx.principal_id, and ctx.tenant_id.
Trace Fields
trace_id links all actions in a single workflow run. parent_action_id links nested actions, for example when an agent spawns a subagent. These fields form the action tree that becomes the trace timeline in the dashboard.