[{"data":1,"prerenderedAt":880},["ShallowReactive",2],{"navigation":3,"\u002Fguides\u002Fcapabilities":89,"\u002Fguides\u002Fcapabilities-surround":875},[4,40,63,76],{"title":5,"path":6,"stem":7,"children":8,"icon":39},"Getting Started","\u002Fgetting-started","1.getting-started\u002F1.index",[9,11,15,19,23,27,31,35],{"title":10,"path":6,"stem":7},"Introduction",{"title":12,"path":13,"stem":14},"Quick Start: Service Provider","\u002Fgetting-started\u002Fquickstart-sp","1.getting-started\u002F2.quickstart-sp",{"title":16,"path":17,"stem":18},"Quick Start: Identity Provider","\u002Fgetting-started\u002Fquickstart-idp","1.getting-started\u002F3.quickstart-idp",{"title":20,"path":21,"stem":22},"Quick Start: Agent","\u002Fgetting-started\u002Fquickstart-agent","1.getting-started\u002F4.quickstart-agent",{"title":24,"path":25,"stem":26},"Quick Start","\u002Fgetting-started\u002Finstallation","1.getting-started\u002F5.installation",{"title":28,"path":29,"stem":30},"How It Works","\u002Fgetting-started\u002Fhow-it-works","1.getting-started\u002F6.how-it-works",{"title":32,"path":33,"stem":34},"For Service Providers","\u002Fgetting-started\u002Ffor-service-providers","1.getting-started\u002F7.for-service-providers",{"title":36,"path":37,"stem":38},"CLI (apes & ape-shell)","\u002Fgetting-started\u002Fcli","1.getting-started\u002F8.cli",false,{"title":41,"path":42,"stem":43,"children":44,"icon":39},"Ecosystem","\u002Fecosystem","2.ecosystem\u002F1.index",[45,47,51,55,59],{"title":46,"path":42,"stem":43},"Overview",{"title":48,"path":49,"stem":50},"OpenApe Auth","\u002Fecosystem\u002Fauth","2.ecosystem\u002F2.auth",{"title":52,"path":53,"stem":54},"OpenApe Grants","\u002Fecosystem\u002Fgrants","2.ecosystem\u002F3.grants",{"title":56,"path":57,"stem":58},"nuxt-auth-sp","\u002Fecosystem\u002Fnuxt-auth-sp","2.ecosystem\u002F4.nuxt-auth-sp",{"title":60,"path":61,"stem":62},"escapes","\u002Fecosystem\u002Fescapes","2.ecosystem\u002F5.escapes",{"title":64,"icon":39,"path":65,"stem":66,"children":67,"page":39},"Security","\u002Fsecurity","3.security",[68,72],{"title":69,"path":70,"stem":71},"Compliance","\u002Fsecurity\u002Fcompliance","3.security\u002F1.compliance",{"title":73,"path":74,"stem":75},"Threat Model","\u002Fsecurity\u002Fthreat-model","3.security\u002F2.threat-model",{"title":77,"icon":39,"path":78,"stem":79,"children":80,"page":39},"Guides","\u002Fguides","4.guides",[81,85],{"title":82,"path":83,"stem":84},"Capabilities & Grants","\u002Fguides\u002Fcapabilities","4.guides\u002F1.capabilities",{"title":86,"path":87,"stem":88},"Delegation","\u002Fguides\u002Fdelegation","4.guides\u002F2.delegation",{"id":90,"title":82,"body":91,"description":869,"extension":870,"links":871,"meta":872,"navigation":252,"path":83,"seo":873,"stem":84,"__hash__":874},"docs\u002F4.guides\u002F1.capabilities.md",{"type":92,"value":93,"toc":856},"minimark",[94,98,107,112,119,130,134,196,200,205,312,316,451,455,458,464,467,480,483,497,501,504,677,680,712,716,719,733,736,740,829,833,852],[95,96,82],"h1",{"id":97},"capabilities-grants",[99,100,101,102,106],"p",{},"OpenApe agents start with ",[103,104,105],"strong",{},"zero permissions",". Every action requires an explicit, human-approved grant. This page explains how the grant system works end-to-end.",[108,109,111],"h2",{"id":110},"core-concept","Core Concept",[99,113,114,115,118],{},"The grant system implements a ",[103,116,117],{},"human-in-the-loop"," authorization model:",[120,121,126],"pre",{"className":122,"code":124,"language":125},[123],"language-text","Agent requests permission → Grant is created (pending)\n                          → Human reviews and decides\n                          → Agent receives AuthZ-JWT (if approved)\n                          → Agent uses token for authorized action\n","text",[127,128,124],"code",{"__ignoreMap":129},"",[108,131,133],{"id":132},"grant-types","Grant Types",[135,136,137,153],"table",{},[138,139,140],"thead",{},[141,142,143,147,150],"tr",{},[144,145,146],"th",{},"Type",[144,148,149],{},"Behavior",[144,151,152],{},"Use Case",[154,155,156,170,183],"tbody",{},[141,157,158,164,167],{},[159,160,161],"td",{},[127,162,163],{},"once",[159,165,166],{},"Single use, consumed after first use",[159,168,169],{},"One-off deployments, destructive commands",[141,171,172,177,180],{},[159,173,174],{},[127,175,176],{},"timed",[159,178,179],{},"Valid for a time window (TTL)",[159,181,182],{},"Recurring tasks during a maintenance window",[141,184,185,190,193],{},[159,186,187],{},[127,188,189],{},"always",[159,191,192],{},"Active until manually revoked",[159,194,195],{},"Standing permissions for trusted agents",[108,197,199],{"id":198},"requesting-a-grant","Requesting a Grant",[201,202,204],"h3",{"id":203},"via-cli","Via CLI",[120,206,210],{"className":207,"code":208,"language":209,"meta":129,"style":129},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# Adapter mode: wraps a CLI command with grant protection\napes run -- kubectl apply -f deployment.yaml\n\n# With explicit approval type\napes run --approval timed -- npm publish\n\n# Audience mode: request a grant for a specific target\napes run escapes \"apt-get upgrade\"\n","bash",[127,211,212,221,247,254,260,281,286,292],{"__ignoreMap":129},[213,214,217],"span",{"class":215,"line":216},"line",1,[213,218,220],{"class":219},"sHwdD","# Adapter mode: wraps a CLI command with grant protection\n",[213,222,224,228,232,235,238,241,244],{"class":215,"line":223},2,[213,225,227],{"class":226},"sBMFI","apes",[213,229,231],{"class":230},"sfazB"," run",[213,233,234],{"class":230}," --",[213,236,237],{"class":230}," kubectl",[213,239,240],{"class":230}," apply",[213,242,243],{"class":230}," -f",[213,245,246],{"class":230}," deployment.yaml\n",[213,248,250],{"class":215,"line":249},3,[213,251,253],{"emptyLinePlaceholder":252},true,"\n",[213,255,257],{"class":215,"line":256},4,[213,258,259],{"class":219},"# With explicit approval type\n",[213,261,263,265,267,270,273,275,278],{"class":215,"line":262},5,[213,264,227],{"class":226},[213,266,231],{"class":230},[213,268,269],{"class":230}," --approval",[213,271,272],{"class":230}," timed",[213,274,234],{"class":230},[213,276,277],{"class":230}," npm",[213,279,280],{"class":230}," publish\n",[213,282,284],{"class":215,"line":283},6,[213,285,253],{"emptyLinePlaceholder":252},[213,287,289],{"class":215,"line":288},7,[213,290,291],{"class":219},"# Audience mode: request a grant for a specific target\n",[213,293,295,297,299,302,306,309],{"class":215,"line":294},8,[213,296,227],{"class":226},[213,298,231],{"class":230},[213,300,301],{"class":230}," escapes",[213,303,305],{"class":304},"sMK4o"," \"",[213,307,308],{"class":230},"apt-get upgrade",[213,310,311],{"class":304},"\"\n",[201,313,315],{"id":314},"via-api","Via API",[120,317,319],{"className":207,"code":318,"language":209,"meta":129,"style":129},"POST \u002Fapi\u002Fgrants\n{\n  \"requester\": \"agent@example.com\",\n  \"target_host\": \"prod-server\",\n  \"audience\": \"escapes\",\n  \"grant_type\": \"once\",\n  \"command\": [\"apt-get\", \"upgrade\"],\n  \"reason\": \"Security patch\"\n}\n",[127,320,321,329,334,354,370,385,400,431,445],{"__ignoreMap":129},[213,322,323,326],{"class":215,"line":216},[213,324,325],{"class":226},"POST",[213,327,328],{"class":230}," \u002Fapi\u002Fgrants\n",[213,330,331],{"class":215,"line":223},[213,332,333],{"class":304},"{\n",[213,335,336,339,343,345,348,351],{"class":215,"line":249},[213,337,338],{"class":226},"  \"requester\"",[213,340,342],{"class":341},"s2Zo4",":",[213,344,305],{"class":304},[213,346,347],{"class":230},"agent@example.com",[213,349,350],{"class":304},"\"",[213,352,353],{"class":230},",\n",[213,355,356,359,361,363,366,368],{"class":215,"line":256},[213,357,358],{"class":226},"  \"target_host\"",[213,360,342],{"class":341},[213,362,305],{"class":304},[213,364,365],{"class":230},"prod-server",[213,367,350],{"class":304},[213,369,353],{"class":230},[213,371,372,375,377,379,381,383],{"class":215,"line":262},[213,373,374],{"class":226},"  \"audience\"",[213,376,342],{"class":341},[213,378,305],{"class":304},[213,380,60],{"class":230},[213,382,350],{"class":304},[213,384,353],{"class":230},[213,386,387,390,392,394,396,398],{"class":215,"line":283},[213,388,389],{"class":226},"  \"grant_type\"",[213,391,342],{"class":341},[213,393,305],{"class":304},[213,395,163],{"class":230},[213,397,350],{"class":304},[213,399,353],{"class":230},[213,401,402,405,407,411,413,416,418,421,423,426,428],{"class":215,"line":288},[213,403,404],{"class":226},"  \"command\"",[213,406,342],{"class":341},[213,408,410],{"class":409},"sTEyZ"," [",[213,412,350],{"class":304},[213,414,415],{"class":230},"apt-get",[213,417,350],{"class":304},[213,419,420],{"class":409},", ",[213,422,350],{"class":304},[213,424,425],{"class":230},"upgrade",[213,427,350],{"class":304},[213,429,430],{"class":230},"],\n",[213,432,433,436,438,440,443],{"class":215,"line":294},[213,434,435],{"class":226},"  \"reason\"",[213,437,342],{"class":341},[213,439,305],{"class":304},[213,441,442],{"class":230},"Security patch",[213,444,311],{"class":304},[213,446,448],{"class":215,"line":447},9,[213,449,450],{"class":304},"}\n",[108,452,454],{"id":453},"approval-flow","Approval Flow",[99,456,457],{},"When a grant is requested, the CLI prints an approval URL:",[120,459,462],{"className":460,"code":461,"language":125},[123],"Grant requested: 3f8a...\nApprove at: https:\u002F\u002Fid.openape.ai\u002Fgrant-approval?grant_id=3f8a...\n",[127,463,461],{"__ignoreMap":129},[99,465,466],{},"The approver (agent owner or designated approver) opens this URL and sees:",[468,469,470,474,477],"ul",{},[471,472,473],"li",{},"Who is requesting (agent identity)",[471,475,476],{},"What they want to do (command, target host)",[471,478,479],{},"Why (reason field)",[99,481,482],{},"The approver can:",[468,484,485,491],{},[471,486,487,490],{},[103,488,489],{},"Approve"," with the requested type, or override to a different type\u002Fduration",[471,492,493,496],{},[103,494,495],{},"Deny"," the request",[108,498,500],{"id":499},"authz-jwt","AuthZ-JWT",[99,502,503],{},"On approval, a signed JWT is issued containing:",[120,505,509],{"className":506,"code":507,"language":508,"meta":129,"style":129},"language-json shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","{\n  \"sub\": \"agent@example.com\",\n  \"aud\": \"target-system\",\n  \"grant_type\": \"once\",\n  \"permissions\": [\"deploy\"],\n  \"cmd_hash\": \"sha256:a1b2c3...\",\n  \"decided_by\": \"alice@example.com\",\n  \"exp\": 1234567890,\n  \"jti\": \"unique-grant-id\"\n}\n","json",[127,510,511,515,536,556,575,597,617,637,654,672],{"__ignoreMap":129},[213,512,513],{"class":215,"line":216},[213,514,333],{"class":304},[213,516,517,520,524,526,528,530,532,534],{"class":215,"line":223},[213,518,519],{"class":304},"  \"",[213,521,523],{"class":522},"spNyl","sub",[213,525,350],{"class":304},[213,527,342],{"class":304},[213,529,305],{"class":304},[213,531,347],{"class":230},[213,533,350],{"class":304},[213,535,353],{"class":304},[213,537,538,540,543,545,547,549,552,554],{"class":215,"line":249},[213,539,519],{"class":304},[213,541,542],{"class":522},"aud",[213,544,350],{"class":304},[213,546,342],{"class":304},[213,548,305],{"class":304},[213,550,551],{"class":230},"target-system",[213,553,350],{"class":304},[213,555,353],{"class":304},[213,557,558,560,563,565,567,569,571,573],{"class":215,"line":256},[213,559,519],{"class":304},[213,561,562],{"class":522},"grant_type",[213,564,350],{"class":304},[213,566,342],{"class":304},[213,568,305],{"class":304},[213,570,163],{"class":230},[213,572,350],{"class":304},[213,574,353],{"class":304},[213,576,577,579,582,584,586,588,590,593,595],{"class":215,"line":262},[213,578,519],{"class":304},[213,580,581],{"class":522},"permissions",[213,583,350],{"class":304},[213,585,342],{"class":304},[213,587,410],{"class":304},[213,589,350],{"class":304},[213,591,592],{"class":230},"deploy",[213,594,350],{"class":304},[213,596,430],{"class":304},[213,598,599,601,604,606,608,610,613,615],{"class":215,"line":283},[213,600,519],{"class":304},[213,602,603],{"class":522},"cmd_hash",[213,605,350],{"class":304},[213,607,342],{"class":304},[213,609,305],{"class":304},[213,611,612],{"class":230},"sha256:a1b2c3...",[213,614,350],{"class":304},[213,616,353],{"class":304},[213,618,619,621,624,626,628,630,633,635],{"class":215,"line":288},[213,620,519],{"class":304},[213,622,623],{"class":522},"decided_by",[213,625,350],{"class":304},[213,627,342],{"class":304},[213,629,305],{"class":304},[213,631,632],{"class":230},"alice@example.com",[213,634,350],{"class":304},[213,636,353],{"class":304},[213,638,639,641,644,646,648,652],{"class":215,"line":294},[213,640,519],{"class":304},[213,642,643],{"class":522},"exp",[213,645,350],{"class":304},[213,647,342],{"class":304},[213,649,651],{"class":650},"sbssI"," 1234567890",[213,653,353],{"class":304},[213,655,656,658,661,663,665,667,670],{"class":215,"line":447},[213,657,519],{"class":304},[213,659,660],{"class":522},"jti",[213,662,350],{"class":304},[213,664,342],{"class":304},[213,666,305],{"class":304},[213,668,669],{"class":230},"unique-grant-id",[213,671,311],{"class":304},[213,673,675],{"class":215,"line":674},10,[213,676,450],{"class":304},[99,678,679],{},"Security properties:",[468,681,682,688,694,700],{},[471,683,684,687],{},[103,685,686],{},"Audience-bound"," -- token only valid for the intended target system",[471,689,690,693],{},[103,691,692],{},"Command hash"," -- binds to the exact command, prevents substitution attacks",[471,695,696,699],{},[103,697,698],{},"Dual accountability"," -- agent requester and human approver are both recorded",[471,701,702,705,706,708,709,711],{},[103,703,704],{},"Replay protection"," -- unique ",[127,707,660],{}," per grant, ",[127,710,163],{}," grants are consumed on use",[108,713,715],{"id":714},"incremental-capabilities","Incremental Capabilities",[99,717,718],{},"When an agent already has a grant for a similar action, the system detects this and offers the approver two options:",[468,720,721,727],{},[471,722,723,726],{},[103,724,725],{},"Widen"," -- expand the existing grant's scope to cover the new request",[471,728,729,732],{},[103,730,731],{},"Merge"," -- combine the permission sets of old and new grants",[99,734,735],{},"This avoids grant sprawl while maintaining the principle of least privilege.",[108,737,739],{"id":738},"managing-grants","Managing Grants",[120,741,743],{"className":207,"code":742,"language":209,"meta":129,"style":129},"# List your grants\napes grants list\n\n# Check grant inbox (pending approvals)\napes grants inbox\n\n# Revoke a specific grant\napes grants revoke \u003Cgrant-id>\n\n# Revoke all your pending grants\napes grants revoke --all-pending\n",[127,744,745,750,760,764,769,778,782,787,808,812,817],{"__ignoreMap":129},[213,746,747],{"class":215,"line":216},[213,748,749],{"class":219},"# List your grants\n",[213,751,752,754,757],{"class":215,"line":223},[213,753,227],{"class":226},[213,755,756],{"class":230}," grants",[213,758,759],{"class":230}," list\n",[213,761,762],{"class":215,"line":249},[213,763,253],{"emptyLinePlaceholder":252},[213,765,766],{"class":215,"line":256},[213,767,768],{"class":219},"# Check grant inbox (pending approvals)\n",[213,770,771,773,775],{"class":215,"line":262},[213,772,227],{"class":226},[213,774,756],{"class":230},[213,776,777],{"class":230}," inbox\n",[213,779,780],{"class":215,"line":283},[213,781,253],{"emptyLinePlaceholder":252},[213,783,784],{"class":215,"line":288},[213,785,786],{"class":219},"# Revoke a specific grant\n",[213,788,789,791,793,796,799,802,805],{"class":215,"line":294},[213,790,227],{"class":226},[213,792,756],{"class":230},[213,794,795],{"class":230}," revoke",[213,797,798],{"class":304}," \u003C",[213,800,801],{"class":230},"grant-i",[213,803,804],{"class":409},"d",[213,806,807],{"class":304},">\n",[213,809,810],{"class":215,"line":447},[213,811,253],{"emptyLinePlaceholder":252},[213,813,814],{"class":215,"line":674},[213,815,816],{"class":219},"# Revoke all your pending grants\n",[213,818,820,822,824,826],{"class":215,"line":819},11,[213,821,227],{"class":226},[213,823,756],{"class":230},[213,825,795],{"class":230},[213,827,828],{"class":230}," --all-pending\n",[108,830,832],{"id":831},"next-steps","Next Steps",[468,834,835,841,846],{},[471,836,837,840],{},[838,839,86],"a",{"href":87}," -- let agents act on behalf of another user",[471,842,843,845],{},[838,844,60],{"href":61}," -- privilege escalation with grant verification",[471,847,848,851],{},[838,849,850],{"href":53},"Grant API reference"," -- full API details",[853,854,855],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"title":129,"searchDepth":216,"depth":223,"links":857},[858,859,860,864,865,866,867,868],{"id":110,"depth":223,"text":111},{"id":132,"depth":223,"text":133},{"id":198,"depth":223,"text":199,"children":861},[862,863],{"id":203,"depth":249,"text":204},{"id":314,"depth":249,"text":315},{"id":453,"depth":223,"text":454},{"id":499,"depth":223,"text":500},{"id":714,"depth":223,"text":715},{"id":738,"depth":223,"text":739},{"id":831,"depth":223,"text":832},"How agents request permissions and humans approve them.","md",null,{},{"title":82,"description":869},"I1yXhMhWQlGXS3P37ASh-xvSnnVRm70eKmfz06mw74w",[876,878],{"title":73,"path":74,"stem":75,"description":877,"children":-1},"Security analysis and design decisions.",{"title":86,"path":87,"stem":88,"description":879,"children":-1},"Let agents act on behalf of another user.",1776885317056]