Module scope 

AgentScope — the capability that bounds an MCP session (spec §3.2, I13).

Scope is enforced first: a coordinate outside the session’s scope is unaddressable — it does not exist for that channel — rather than being resolved and then denied. This is defense in depth: even a hijacked agent cannot reach what the scope excludes, because the relevant secrets are never surfaced to it (I13).

The scope is defined on operation axes and a project/environment filter, never on environment alone (a blunt “no prod for Claude” would break legitimate diagnose/deploy flows — §3.2).

Structs

AgentScope

The bounded capability a session operates under (§3.2).

Enums

Filter

A set-membership filter over a string axis (projects or environments).

Operation

What an operation does with a secret’s value.

Origin

Who initiated the request — weighs differently for prod reveals (I14, §8.3).

Surface

Which face is asking — selects the §3.1 delivery column.