Capability Matrix
Permission inspector showing allowed and denied capabilities.
Install
npx ax-depute@latest add capability-matrixpnpm dlx ax-depute@latest add capability-matrixyarn dlx ax-depute@latest add capability-matrixbunx ax-depute@latest add capability-matrixOverview
Capability Matrix is the "Agent Handshake." As products explicitly declare their tools to agents via frameworks like WebMCP, humans need to see that exact programmatic contract. This component visualizes what an agent is capable of doing in the current specific operating context.
Agent Permissions
sysadmin-bot-013 allowed2 denied
Observability
logs.readRead system logs
Operations
services.restartRestart running servicesif requires 2FA
services.stopStop running services
System
config.writeModify configuration
Storage
db.dropDrop database tables
Interactive StorybookView all states, toggle props, and test edge cases.
Basic Usage
<CapabilityMatrix
title="Agent Permissions"
agentId="sysadmin-bot-01"
capabilities={[
{ name: 'logs.read', description: 'Read system logs', permission: 'full', category: 'Observability' },
{ name: 'services.restart', permission: 'conditional', condition: 'requires 2FA', category: 'Operations' },
{ name: 'db.drop', description: 'Drop database tables', permission: 'none', category: 'Storage' },
]}
/>Solution Patterns
Render CapabilityMatrix inside a DelegationGate when an agent is spawned, ensuring the user understands the absolute bounds of the agent's authority before letting it execute.
Props
| Prop | Type | Default | Description |
|---|---|---|---|
title | string | — | Title of the matrix |
agentId | string | — | Agent identity label |
capabilities | Capability[] | — | List of defined permissions |
groupByCategory | boolean | true | Group capabilities by category |
highlightDenied | boolean | true | Emphasize denied/none permissions |
Design rationale
Why highlightDenied? In security, knowing what an agent cannot do is often more important than what it can. Visually elevating explicit denials (e.g., "Write to Production: Denied") builds trust that guardrails are actively in place.