Capability tokens for governed agent and tool authorization.
CapToken defines lightweight capability tokens for authorizing what agents and tools are allowed to do, under explicit scope, limits, delegation rules, and expiry constraints.
As agent systems become more modular, permission boundaries often remain implicit. Agents gain access to tools, resources, and actions without a portable, inspectable authorization layer.
CapToken exists to make those boundaries explicit.
Many agent systems still rely on weak or implicit authorization assumptions:
- broad tool access
- missing scope boundaries
- unclear delegation rights
- weak expiry semantics
- no portable capability format
- unclear limits around cost, duration, or request volume
CapToken introduces a lightweight capability token layer for bounded agent execution.
- define portable capability tokens
- validate token structure
- clarify authorization scope
- encode limits and expiry
- represent delegation permissions explicitly
- support inspection and dev-friendly tooling
CapToken v0 starts with:
captoken.yamlparsing- token validation
- human-readable explanation
- CLI commands
- example tokens
Later phases may add:
- signing
- revocation
- token bundles
- policy packs
- runtime adapters
- coordination with contracts, traces, and skill reliability layers
captoken validate ./examples/web-research-token
captoken inspect ./examples/web-research-token
captoken explain ./examples/web-research-token
captoken mint-dev ./examples/web-research-tokenCapToken is not a full IAM platform.
It is a portable specification and validation layer for bounded agent and tool authorization.
See:
- docs/vision.md
- docs/architecture.md
- docs/token-spec.md
- docs/roadmap.md