Configure AI contract

Declare capabilities, exposed filterable fields, and exposure schema so Role Assistants and Enterprise MCP discover governed actions — not raw vendor fields.

Prerequisites

Configure business vocabulary with indexed metadata
Configure business policies when ABAC dimensions apply
resourceType aligned with catalog tokens

Where it lives

Layer	Location
Capabilities	Root `capabilities[]` — `key`, `description`
Exposure	`exposed.filterable`, `exposed.schema`
UI	Business Entity AI Contract tab (`?tab=exposure`)

Manifest sections: datasource.capabilities, datasource.exposedAttributes.

Builder MCP


Manifest sections	`datasource.capabilities`, `datasource.exposedAttributes`
UI tab	AI Contract (`?tab=exposure`)
Help topics	`section`, `goldenExample`, `dependencyGraph`
Repair hooks	`expose`, `rbac`

Run aifabrix repair <systemKey> --expose --rbac after capability or exposure edits. Trust metadata: Agent metadata and trust.

How to set

Declare capabilities with human-readable descriptions:

{
  "capabilities": [
    {
      "key": "read",
      "description": "List and retrieve customer records scoped by ABAC"
    }
  ],
  "exposed": {
    "filterable": ["country", "ownerId"],
    "schema": ["externalId", "name", "country"]
  }
}

Map RBAC permission names to resourceType:operation — Configure roles and permissions.
Publish MCP — Configure Enterprise MCP after upload.

Validate

aifabrix repair <systemKey> --expose
aifabrix validate <systemKey>
aifabrix verify-trust <systemKey>

Common mistakes

Mistake	Fix
Capability without `description`	Required for trust pillar
Vendor field names in `exposed.schema`	Use normalized metadata keys
Parallel custom filter lists	Use `exposed.filterable` only