Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brane.membranelabs.org/llms.txt

Use this file to discover all available pages before exploring further.

Capability control means governing everything an AI agent can use. In Brane, a capability is not just a tool. It can be a model call, database query, memory write, retrieval request, MCP tool, file operation, secret access, sandbox execution, workflow, or another agent. Brane turns those capabilities into governed objects with metadata and runtime policy.

Why Capabilities Matter

Agents become risky when they can act. A tool name alone is not enough context for a safe decision. A policy needs to know what the capability does, how risky it is, which tenant it belongs to, what data namespace it touches, and what side effects it may create. Brane captures that context in a Capability.

Capability Metadata

A capability can include:
  • Name
  • Type
  • Risk level
  • Primary effect
  • Side effects
  • Required scopes
  • Tenant
  • Environment
  • Data namespace
  • Owner
  • Input and output schema metadata

Example

@runtime.capability(
    name="database.customer_query",
    type="database",
    risk="high",
    data_namespace="customer.records",
    owner="data-team",
)
def execute_sql(query: str):
    ...
Once a function is registered as a capability, Brane can enforce policies before and after execution.

Capability Control Examples

  • Block high-risk capabilities in production.
  • Restrict database capabilities to read-only SQL.
  • Enforce tenant boundaries on customer-data capabilities.
  • Require scopes for financial capabilities.
  • Deny MCP tools with destructive side effects.
  • Inspect model outputs before returning them to the agent.