Skip to main content
You want Apie to know what your agent is supposed to do — so it can warn when production behavior drifts from your declared boundaries. Capabilities are that contract: a tool name, the actions it may perform, and the resources it may touch. When you finish this page, your agent’s expected boundaries will be registered with Apie.

Declare in config

Add capabilities to your config file. They are auto-declared when the agent registers:
const apie = new Apie({
  agent: { key: "my-agent", name: "My Agent" },
  capabilities: [
    {
      tool: { name: "search", provider: "internal" },
      actions: ["read"],
      resources: ["knowledge_base"],
      environments: ["production", "staging"],
      riskLevel: "low",
    },
    {
      tool: { name: "github.merge_pr", provider: "github" },
      actions: ["merge"],
      resources: ["code_repository"],
      environments: ["production"],
      riskLevel: "high",
    },
  ],
});

Declare via CLI

Push capabilities from your config file without restarting the agent:
npx apie capabilities declare

Declare at runtime

await apie.capabilities.declare([
  {
    tool: { name: "deploy.release", provider: "cicd" },
    actions: ["execute"],
    resources: ["deployment_event"],
    environments: ["production"],
    riskLevel: "high",
  },
]);

Define tools (schemas)

Register tool definitions — especially useful when MCP discovers tools at runtime:
await apie.tools.define({
  name: "filesystem.read_file",
  provider: "filesystem-mcp",
  description: "Read a file from the filesystem",
  actionTypes: ["read"],
  resourceTypes: ["file"],
  riskLevel: "medium",
});
The MCP proxy auto-defines tools when it receives tools/list from the upstream server.

What you’ll see

A boundary map in the dashboard showing declared tools, actions, and resources. Undeclared tools used at runtime trigger boundary drift warnings when configured.

Capability shape

FieldRequiredDescription
tool.nameYesTool identifier
tool.providerNoProvider namespace (github, cicd, mcp)
actionsYesAllowed action types
resourcesYesAllowed resource types
environmentsNoRestrict to specific environments
riskLevelNolow, medium, high, critical
Common action types: read, create, update, delete, execute, communicate, merge Common resource types: code_repository, deployment_event, pipeline_run, secret, work_item, database_record, file

Next steps

Action and resource metadata

Deep dive on the metadata model.

Boundary drift

Detect undeclared tools in production.