5) Tool/capability gating (defense-in-depth) - Internally, …

5) Tool/capability gating (defense-in-depth)
- Internally, every tool invocation includes a capability check. The agent attaches the same prompt envelope (or a derived capability token) to tool calls.
- Tools verify that the agent is executing within a signed scope chain (owner → sessionKey → capability) before proceeding.
- This ensures that even if prompt text includes “hidden” instructions, tools won’t run unless covered by a valid capability.