Acrobi CortexAgent Capabilities
Cortex provides 56 granular capabilities across 13 categories, enabling fine-grained control over what each agent can do.
Capability Categories
Agent Management (5 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
agent.create | Create new agent definitions | No |
agent.read | View agent configurations | No |
agent.update | Modify agent settings | No |
agent.delete | Remove agents | Yes |
agent.execute | Trigger agent execution | No |
Task Management (5 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
task.create | Create kanban tasks | No |
task.read | View tasks | No |
task.update | Modify task status/details | No |
task.delete | Remove tasks | No |
task.assign | Assign tasks to agents | No |
Skill Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
skill.create | Create new skills | No |
skill.read | View skills | No |
skill.update | Modify skills | No |
skill.delete | Remove skills | No |
Swarm Coordination (5 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
swarm.create | Create agent swarms | No |
swarm.read | View swarm status/metrics | No |
swarm.update | Modify swarm configuration | No |
swarm.delete | Remove swarms | Yes |
swarm.execute | Launch swarm execution | No |
Integration Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
integration.create | Add new integrations | No |
integration.read | View integration configs | No |
integration.update | Modify integrations | No |
integration.delete | Remove integrations | Yes |
Webhook Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
webhook.create | Register webhooks | No |
webhook.read | View webhook configs | No |
webhook.update | Modify webhooks | No |
webhook.delete | Remove webhooks | No |
Memory & Knowledge (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
memory.create | Store memory entries | No |
memory.read | Query/search memories | No |
memory.update | Modify memory entries | No |
memory.delete | Remove memory entries | No |
Document Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
document.create | Create documents | No |
document.read | View documents | No |
document.update | Modify documents | No |
document.delete | Remove documents | No |
LLM Provider Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
llm.create | Add LLM providers | No |
llm.read | View provider configs | No |
llm.update | Modify providers | No |
llm.delete | Remove providers | Yes |
Organization Management (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
org.read | View org settings | No |
org.update | Modify org settings | Yes |
org.members | Manage org members | Yes |
org.billing | Access billing data | Yes |
Scheduling (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
schedule.create | Create cron jobs | No |
schedule.read | View schedules | No |
schedule.update | Modify schedules | No |
schedule.delete | Remove schedules | No |
Monitoring (5 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
status.report | Report agent status | No |
status.read | View status reports | No |
metrics.read | View agent metrics | No |
audit.read | View audit logs | No |
health.read | View system health | No |
Communication (4 capabilities)
| Capability | Description | Dangerous |
|---|---|---|
message.send | Send inter-agent messages | No |
message.read | Read messages | No |
notification.send | Send notifications | No |
notification.read | Read notifications | No |
Dangerous Capabilities
These 10 capabilities require elevated access and may trigger confirmation flows when using write-level access:
agent.delete— Permanently removes an agent definitionswarm.delete— Destroys a swarm and all its associationsintegration.delete— Removes integration and its credentialsllm.delete— Removes LLM provider config (may break dependent agents)org.update— Changes organization-level settingsorg.members— Can add/remove organization membersorg.billing— Access to billing and payment datasystem.admin— Platform-level admin operationssystem.config— Modify system configurationdata.export— Export bulk data from the platform
Preset Profiles
Seven built-in profiles provide sensible defaults:
| Profile | Use Case | Enabled Capabilities |
|---|---|---|
| Chief | Strategic coordination (never writes code) | All read + task/swarm management + monitoring |
| Coder | Implementation + self-testing | Agent/task/skill/memory CRUD + execution |
| Tester | QA validation | Read all + task update + status report |
| Researcher | Investigation + analysis | Read all + memory/document CRUD |
| Architect | System design | Read all + task/document CRUD |
| PM | Project management | Task/swarm CRUD + monitoring + org read |
| Viewer | Read-only observer | All read capabilities only |
Capability Resolution
Effective capabilities are resolved through hierarchical intersection:
effective = definition_caps ∩ instance_caps ∩ project_caps ∩ workspace_capsEach level can only restrict — never grant capabilities that a higher level denies.
Resolution API
bash
curl -X POST https://api.cortex.acrobi.com/api/agent-capabilities/resolve \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"agentName": "my-coder-agent",
"scope": "project",
"entityId": "proj-123"
}'Response:
json
{
"capabilities": {
"agent.create": true,
"agent.read": true,
"agent.delete": false,
"task.create": true,
...
},
"profile": "coder",
"scope": "project",
"resolvedAt": "2026-04-03T12:00:00.000Z"
}See Capability Control for the 4-tier access level system.