Capabilities are intent-scoped authorizations. They let your application prove that a specific tool or action is allowed to run against a specific funded intent.
A capability token minted for one intent must never be reused for another intent, even inside the same tenant.
Recommended verification pattern
- Bind your tool execution context to
(tenant, intent_id, capability_token). - Call Harbor
POST /verifyto verify the capability for a specific operation. - Only run the tool if verification succeeds.
- Submit evidence against the same intent after the guarded work completes.
This pattern prevents cross-intent drift, keeps the audit trail attached to the right settlement record, and gives operators a clear explanation of why the work was allowed.
Choose operation names deliberately
allowed_tools and allowedTools should use the operation names from your own runtime or application:
travel.planner.plantravel.booker.purchasecrm.contact.enrich
Paybond does not define the catalog. Harbor simply compares the requested operation value at verification time with the names that were attached to the intent.
Design recommendations
- Keep operation names stable over time so policy and reporting stay readable.
- Verify as close as possible to execution time.
- Keep one capability binding per active run or workflow step.
- Treat a deny response as a business decision, not as a transport error.
Implementation guides
- TypeScript: see the verify walkthrough in TypeScript quickstart.
- Python: see the verify walkthrough in Python quickstart.
- Agent runtimes: see Agent integrations.