No blanket permissions. Ever.
Every capability token declares the scopes it authorizes. An agent with read:market.quotes cannot write a transfer; an agent with write:travel.book cannot read another agent's receipts. 14 scopes ship today; new scopes require a protocol bump, not a config toggle.
| Scope | Purpose | Inputs | Maturity | Example |
|---|
Why scope explicitness matters.
An agent with an over-broad capability is the same problem as an engineer with root: the blast radius of a mistake is unbounded. Scope enumeration forces the agent operator to state, up front, exactly what the agent is allowed to touch. The dispute and settlement machinery can then refuse calls that step outside the declared envelope.
Experimental scopes are honored but flagged in every receipt. A consumer can decide not to accept a capability that includes experimental scopes; a provider can decide not to hire an agent that does not hold the requested stable scope set.