Capability System

Control what tools and actions agents can access.

Tool Rings

Codemus uses a 4-tier ring system for tool governance:

Read Ring: Safe, read-only tools
Write Ring: Standard write operations
Action Ring: Elevated actions requiring approval
External Ring: Restricted external access

Capability Sets

Capability sets are versioned and auditable:

Each role has a capability set defining what tools they can access
Capability sets are versioned for rollback
All changes are audited
Escalations can request additional capabilities

Escalations

When an agent needs a capability they don't have, they can request an escalation. You can:

Review the escalation request
Approve or reject with notes
Grant temporary or permanent capabilities