Skip to main content
Run before the capability executes. This is the most important policy stage.

Timing

A before_capability policy runs after the call is intercepted but before the underlying function executes. If the policy denies, CapabilityDeniedError is raised and the function never runs. The consequence does not occur.

Registration

What Is Available

In a before_capability policy, ctx.output is always None; the function has not run yet.
  • ctx.capability
  • ctx.arg("name")
  • ctx.agent_id, ctx.principal_id, ctx.tenant_id
  • ctx.is_prod, ctx.is_high_risk
  • ctx.agent_has_scope("scope")

Common Use Cases

Block unsafe SQL input:
Block high-risk tools in production:
Enforce a financial limit:
Check scopes:

Deny Behavior

When any before policy returns Decision(type="deny"):
  1. The runtime stops evaluating remaining before policies
  2. The underlying function is not called
  3. CapabilityDeniedError is raised with the denial reason

Policy Order

Multiple before policies on the same capability run in descending priority order. Deny wins: if any policy denies, the action is blocked regardless of other policies. Wildcard policies ("*") run alongside exact-match policies.

Future Decision Types

  • approval_required: pause until a human approves
  • transform_input: mutate the input before execution
  • route: redirect to a different capability or provider
  • sandbox: execute with restricted access
  • log_only: allow but flag for review