Capabilities
The full list of Oxagen capabilities available via the REST API, their surfaces, and the contract model that guarantees parity.
The contract model
Every capability in Oxagen is declared once in the platform contract registry. A contract declaration specifies:
- A stable
id(e.g.,agent.code.execute) - Input and output schemas (Zod)
- The surfaces it is exposed on:
api,mcp, and/oragent - Risk level and approval requirements (for agent-surface capabilities)
- Default roles and effects (for IAM)
The contract registry is the single source of truth. Every API route and every MCP tool is generated from it. This means: if a capability exists, it is available on every surface it declares. Parity is structural, not maintained by hand.
Capability parity is verified automatically at build time; any gap is reported as a warning.
Capability naming and aliases
Every capability's canonical name follows one standard, domain.subject.action
(ADR-022):
- domain — the top-level area (
agent,graph,billing,org, …). One domain per area, no synonyms. - subject — the entity the action operates on, singular (
connection, neverconnections), with a multi-word concept written as a single snake_case segment (file_lock, never a fourth dotted segment). - action — a verb from a closed vocabulary (
list,get,create,update,delete,acquire,release, …).
A two-segment domain.action name is legal when the action implies the
domain's root entity (connection.list = "list connections") or reads as an
implied get (workflow.status = "get the workflow's status").
The model-facing tool name a coding agent sees is the same canonical
string with dots replaced by underscores (agent.file_lock.acquire →
agent_file_lock_acquire), except for the engine's primitive tools
(read_file, bash, code_graph, …), which predate this standard and keep
their established names.
Renaming never breaks an existing integration. When a capability is
renamed to conform to the standard, the old name becomes a permanent alias:
the registry resolves it to the canonical capability, the kernel meters and
audits the call under the canonical name, and IAM matches grants keyed by
either name. REST paths and MCP tool names for a capability you already
integrate against do not change on a rename — only the contract's internal
identity moves. For example, agent.file.lock.acquire (pre-standard) still
resolves; its canonical name is now agent.file_lock.acquire.
Capability list
The following capabilities are available in the current release, grouped by domain.
Agent
| Capability | Surfaces | Risk |
|---|---|---|
agent.tool.list | API, MCP, agent | Low |
agent.skill.list | API, MCP, agent | Low |
agent.skill.load | API, MCP, agent | Low |
agent.mcp.list | API, MCP, agent | Low |
agent.mcp.register | API, MCP | Medium |
agent.plan.create | API, MCP, agent | Low |
agent.plan.approve | API, agent | Low |
agent.approval.resolve | API, agent | Low |
agent.subagent.dispatch | API, MCP, agent | Medium |
agent.subagent.aggregate | API, MCP, agent | Low |
agent.code.execute | API, MCP, agent | High |
agent.memory.recall | API, MCP, agent | Low |
agent.memory.write | API, MCP, agent | Low |
agent.task.background.start | API, MCP, agent | Medium |
agent.task.background.read | API, MCP, agent | Low |
agent.task.background.cancel | API, MCP, agent | Medium |
Chat and conversations
| Capability | Surfaces | Risk |
|---|---|---|
chat.message.send | API, MCP, agent | Low |
conversation.list | API, MCP, agent | Low |
conversation.archive | API, MCP, agent | Low |
conversation.rename | API, MCP, agent | Low |
conversation.delete | API, MCP, agent | Medium |
conversation.purge | API, MCP, agent | High |
Knowledge and assets
| Capability | Surfaces | Risk |
|---|---|---|
asset.upload | API, MCP, agent | Low |
Content generation
| Capability | Surfaces | Risk |
|---|---|---|
documents.generate | API, MCP, agent | Low |
documents.pdf.create | API, MCP, agent | Low |
image.generate | API, MCP, agent | Low |
svg.generate | API, MCP, agent | Low |
video.generate | API, MCP, agent | Medium |
form.fill | API, MCP, agent | Low |
Organization and workspace
| Capability | Surfaces | Risk |
|---|---|---|
organization.create | API, MCP, agent | Medium |
org.member.add | API, MCP | Medium |
org.member.remove | API, MCP | High |
org.member.role.change | API, MCP | High |
org.member.invite.accept | API, MCP | Low |
org.member.invite.decline | API, MCP | Low |
workspace.create | API, MCP, agent | Medium |
workspace.model.settings.read | API, MCP, agent | Low |
workspace.model.settings.write | API, MCP | Medium |
Billing
| Capability | Surfaces | Risk |
|---|---|---|
billing.subscription.read | API, MCP, agent | Low |
billing.subscription.upgrade.start | API | High |
billing.credits.purchase | API | High |
Notifications
| Capability | Surfaces | Risk |
|---|---|---|
notifications.list | API, MCP, agent | Low |
notifications.mark | API, MCP, agent | Low |
User preferences
| Capability | Surfaces | Risk |
|---|---|---|
user.preferences.read | API, MCP, agent | Low |
user.preferences.write | API, MCP, agent | Low |
API keys
| Capability | Surfaces | Risk |
|---|---|---|
api.key.create | API, MCP | High |
api.key.revoke | API, MCP | High |
Plugins
| Capability | Surfaces | Risk |
|---|---|---|
plugin.catalog.browse | API, MCP, agent | Low |
plugin.catalog.get | API, MCP, agent | Low |
plugin.org.install | API, MCP | High |
plugin.org.install_bulk | API, MCP | High |
plugin.org.uninstall | API, MCP | High |
plugin.org.list | API, MCP, agent | Low |
plugin.org.set_enabled | API, MCP | Medium |
plugin.workspace.set_enabled | API, MCP | Medium |
plugin.registry.add | API, MCP | High |
plugin.registry.remove | API, MCP | High |
plugin.registry.list | API, MCP, agent | Low |
plugin.catalog.sync | API, MCP | Medium |
plugin.credential.reauth | API, MCP | Medium |
plugin.credential.set_secret | API, MCP | High |
plugin.settings.set_auth_alerts | API, MCP | Low |
System
| Capability | Surfaces | Risk |
|---|---|---|
system.install.instructions | API, MCP, agent | Low |
REST route convention
All capabilities map to REST routes under /v1/{orgSlug}/{workspaceSlug}/ using the following convention:
- Capability domain becomes the path prefix:
agent.code.execute→/v1/{orgSlug}/{workspaceSlug}/agent/code/execute - The HTTP method reflects the operation: reads use
GET, mutations usePOST - List operations append
/listor use a bareGETon the collection path - The org and workspace slug path segments are mandatory on every capability route. The slugs are those associated with your API key.
The pnpm check:manifest --json script reports the full capability parity table at development time. There is no runtime /v1/capabilities endpoint.
Parity caveat
The following UI-only flows do not have corresponding contract declarations and are therefore not reachable via API or MCP:
- In-stream plan approval (requires the chat UI stream; use
agent.plan.approveafter the fact) - Stripe Customer Portal redirect (UI-only billing management;
billing.subscription.upgrade.starthandles upgrades programmatically) - OAuth plugin credential flows (browser redirect required)
This list is kept current automatically. As contracts are added for these flows, they will appear in the capability list above.