Scopes
Open Scopes

Agents · first-class operators

Built for agents — natively, not bolted on.

In Scopes an agent isn't a webhook afterthought. It has the same first-class surface a human does: read context, append beats, own tasks, act within policy. CLI, REST, and SDK reach exactly the same operations — and MCP is optional, not required.

append a beat · three ways to say the same thingall surfaces · same auth
CLI
$ scopes beat append
    acme_corp
    --type call
    --summary "Renewal confirmed, closes Q3"
    --actor agent:renewal-ops
REST
POST /arcs/acme_corp/beats
Authorization: Bearer <token>
Content-Type: application/json
{
  "type": "call",
  "summary": "Renewal confirmed, closes Q3"
}
SDK · TypeScript
await scopes.arcs("acme_corp")
  .beats.append({
    type:    "call",
    summary: "Renewal confirmed, closes Q3",
    actor:   "agent:renewal-ops"
  })
MCP is supported — and optional. Production agents shouldn't depend on it for auth. Bearer token or OAS DID works across CLI, REST, and SDK identically.

One operation expressed three ways — all visible, all identical under the hood. An agent picks its surface; Scopes doesn't care which.

Every capability an agent needs, nothing it doesn’t.

Capability tokens

Each agent gets a scoped ACT — a signed bearer token that grants exactly the operations it needs, nothing more.

Full audit trail

Every agent action is recorded as a signed beat: attributed, hash-chained, replayable end to end.

Subscriptions

Subscribe to any health threshold or arc event — "wake me when health < 0.5" — and the platform pushes.

Proposed-action approval

Route high-stakes actions through a human-in-the-loop gate before they commit to the arc.

Every action is signed.

Cryptographic lineage, all the way to a human root.

Every agent carries a did:oas identity traceable back to the human who spawned it. Each action it takes is signed with that identity, recorded as a beat, and hash-chained into the arc — so you always know who is accountable, even three agents deep in an automated pipeline.

  • OAS DID · Ed25519 signed actions
  • Per-scope capability tokens (ACTs)
  • Subscriptions · push on threshold
  • Proposed-action gates for high-stakes ops
agent:renewal-opssigned · Ed25519
beat.append (acme_corp) ← capability token ACT-4f2a
lineage →
did:oas:forge:agent:renewal-ops · spawned by did:oas:hmr:j.rivera
human root →
HMR · j.riveraaccountable root
recorded as →
beat#b9f2a · acme_corp · hash 9f2a…c1

Keep reading

Context documents

The versioned, diffable document an agent reads in one shot.

Modes

How much authority an agent has — read-only, propose, or execute.

Trust & security

Identity, provenance, and the cryptographic guarantees behind every action.

Give your agents a real surface.

First-class identity, scoped capabilities, and a complete audit trail — built in from day one.

Open ScopesSee pricing