Skip to main content
One attempted use of a capability. The unit of interception, authorization, and audit.

Definition

A Capability describes what exists. An AgentAction is one attempted use of it. That distinction matters. Policy cannot make useful decisions from tool_name = refund_customer. It needs the attempted use: which agent, acting for which principal, in which tenant, in which environment, with which arguments, right now. The AgentAction captures all of that. It is the thing the runtime inspects, authorizes, modifies, audits, or blocks.

How Actions Are Created

When you call a capability decorated with @runtime.capability, Brane automatically creates the AgentAction from the runtime context and bound arguments.
You can also create actions manually for custom interception:

Example Action

Lifecycle

  1. Created before the before_capability policy stage
  2. Before decision when policy evaluates the action and returns a Decision
  3. Executed if allowed, when the function runs
  4. After record when a new AgentAction is created with output populated
  5. After decision when after_capability policy evaluates the output
  6. Returned or denied when output is returned or CapabilityDeniedError is raised
Audit events are planned at each lifecycle transition.

Fields

Computed Property

  • is_prod: True if environment == "prod". Exposed on PolicyContext as ctx.is_prod.

Action Types

Identity Fields

The combination of agent_id, principal_id, and tenant_id answers the most important governance question: who is doing this, on behalf of whom, for which customer. Policy can check these via ctx.agent_id, ctx.principal_id, and ctx.tenant_id.

Trace Fields

trace_id links all actions in a single workflow run. parent_action_id links nested actions, for example when an agent spawns a subagent. These fields form the action tree that becomes the trace timeline in the dashboard.