Capability Graph
Skills & Permissions for Agents and Humans
What is the Capability Graph?
The Capability Graph is a decentralized map of what agents can do. Instead of hardcoding permissions or routing logic, you declare capabilities and let the system route work based on skills.
Think of it as LinkedIn meets IAM — agents advertise their skills, humans grant capabilities, and HUMΛN verifies them cryptographically.
Why Capabilities Instead of Roles?
Traditional systems use roles (Admin, User, Manager). But roles are rigid and don't scale in multi-agent systems. Capabilities are:
Key Concepts
Capability
A capability is a specific skill or permission. Examples:
invoice_processingpdf_extractionsentiment_analysisdata_analysisemail_sendingdatabase_queryGrant
A grant is when a human or organization gives an agent a capability.
Verify
Verify checks if an agent has a capability (and if it's still valid).
Revoke
Revoke removes a capability from an agent (e.g., when an employee leaves).
How It Works
┌──────────────────────────────────────────────────────────────┐ │ CAPABILITY FLOW │ ├──────────────────────────────────────────────────────────────┤ │ │ │ 1. AGENT DECLARES CAPABILITIES │ │ ┌────────────────────────────────────┐ │ │ │ Agent: "I can do invoice_processing, │ │ │ │ pdf_extraction, OCR" │ │ │ └────────────────────────────────────┘ │ │ ↓ │ │ 2. HUMAN GRANTS CAPABILITY │ │ ┌────────────────────────────────────┐ │ │ │ Alice: "I grant invoice_processing │ │ │ │ to this agent until Dec 31" │ │ │ └────────────────────────────────────┘ │ │ ↓ │ │ 3. HUMANOS VERIFIES BEFORE ROUTING │ │ ┌────────────────────────────────────┐ │ │ │ HumanOS: "Does agent have the │ │ │ │ required capability?" │ │ │ └────────────────────────────────────┘ │ │ ↓ │ │ 4. AGENT EXECUTES (IF VERIFIED) │ │ ┌────────────────────────────────────┐ │ │ │ Agent: "Processing invoices..." │ │ │ │ Provenance: Logged with capability │ │ │ └────────────────────────────────────┘ │ │ │ └──────────────────────────────────────────────────────────────┘
Capability-Based Routing
The real power of the Capability Graph is automatic routing. HumanOS looks at the required capabilities and routes work to the right agent.
💡 Pro Tip: Capabilities are composable. An agent withinvoice_processing ANDfinancial_analysis is more valuable than two separate agents.
Common Use Cases
Dynamic Agent Onboarding
When you deploy a new agent, it declares its capabilities. HumanOS can immediately route work to it.
Multi-Skill Workflows
Route complex tasks to agents with multiple capabilities (e.g., PDF extraction + OCR + data validation)
Access Control
Grant capabilities based on role, department, or clearance level. Revoke them instantly when needed.
Capability Marketplace
Discover agents by capability. Need a "sentiment_analysis" agent? Query the graph.
Compliance & Audit
Prove who granted what capability to which agent, when, and why — all in the provenance chain.
Capability Lifecycle
| Stage | Action | Who |
|---|---|---|
| 1. Declaration | Agent declares it has a capability | Agent |
| 2. Grant | Human/org grants the capability | Human/Org |
| 3. Verify | System checks if capability is valid | HumanOS |
| 4. Execute | Agent uses the capability to do work | Agent |
| 5. Revoke | Human/org removes the capability | Human/Org |