Capabilities come from your WIT imports - Terminal 3 Documentation

You don’t declare capabilities in a manifest — there isn’t one. What your TEE contract can do is decided in two places, both enforced inside the TEE at call time. Your contract runs in one of the tenant-* linker worlds, chosen from the host interfaces it imports in world.wit. Import http and your contract is linked against the tenant-http world; import nothing beyond the base and you get tenant-base (kv-store, logging, tenant-context).

world your-contract {
  import t3n:host/kv-store@0.1.0;
  import t3n:host/logging@0.1.0;
  import t3n:host/tenant-context@0.1.0;
  import t3n:host/http-iface@0.1.0;   // ← opting into outbound HTTP
}

On top of that, the TEE runtime enforces a capability ceiling — privileged interfaces (signing, user profile, …) are never linked into tenant worlds. See Host API → z-namespace for the full list.

Seed API key into secrets map Outbound HTTP calls