Docs / Examples

Agent operations example

An operations agent can use hosted capabilities without receiving unrestricted access to production systems.

Plain English

The agent asks hosts to do narrow things, and each host enforces lifecycle, permission, and evidence.

Why it exists

Operational agents need useful actions, but infrastructure teams need accountable boundaries and replayable decisions.

Formal definition

Agent operations uses CHP capabilities as governed action surfaces around ticket classification, status updates, and incident notifications.

Concrete example

Ground the concept before the schema.

Ops Agent invokes classify_ticket and request_incident_update with audited policy and evidence export.

classify_ticketInvokable

Classifies an operational ticket and proposes a routing label.

host: OpsSupportHostpolicy: auditedv1.1.0

Invocation trace

01 Actor
Ops Agent
02 Capability
classify_ticket
03 Host
OpsSupportHost
04 Policy
audited
05 Context
ticket_context
06 Result
Routing Label

agent-ops-invoke.json

json

1{2  "invocation_id": "inv_session_abc_001",3  "capability_id": "schedule_technician",4  "version": "1.0.0",5  "mode": "sync",6  "correlation": { "correlation_id": "session-abc" },7  "subject": {8    "id": "agent://planning-assistant",9    "roles": ["dispatcher"]10  },11  "payload": {12    "job_id": "job_456",13    "window": "tomorrow"14  },15  "requested_at": "2026-06-16T15:14:20.000Z"16}

Relationships

Where this sits in the protocol.

Each concept should explain its neighbors so implementation teams can preserve the boundary across manifests, invocation, evidence, and tests.

Agent frameworks discover host capabilities.

Applications govern high-value operations.

Infrastructure providers export evidence to telemetry systems.

Visual model

01Agent selects a capability.
02Host checks policy and context.
03Outcome and evidence are visible to operators.

Implementation notes

Keep dangerous actions blocked or approval_required by default.
Use audited policy for low-risk read and classify actions.
Treat unavailable hosts as protocol outcomes.

Common mistakes

Giving the agent broad credentials instead of host-scoped capabilities.
Skipping evidence for read-like actions.
Treating host unavailability as agent failure.

Related concepts

Keep reading through the boundary.

Policy →Evidence →CHP vs MCP tools →