Scope Discovery

Q: What is the recommended way to provide scope?

An explicit scope file (`--scope ./scope.yaml`) gives the most precision. For convenience, `--repo .` scans your codebase for system prompts, tool definitions, and README context. You can combine `--repo` and `--prompt` for the richest extraction.

The engine needs to know what your agent is allowed to do (permitted intents) and what it shouldn't do (restricted intents) to generate targeted attacks and evaluate responses. Four scope sources are supported in order of precision — an explicit YAML or JSON file (--scope), a repository scan that extracts the system prompt and tool definitions (--repo), a system prompt file (--prompt), or auto-probe inferred from the agent's own responses.

Scope Sources

Provide scope in order of preference:

1. Explicit Scope File (Recommended for precision)

hb test --endpoint ./config.json --scope ./scope.yaml --wait

# scope.yaml
business_scope: "Customer support for Acme Bank"
permitted:
  - Provide account balance and transaction info
  - Process routine transfers within limits
  - Block lost cards
restricted:
  - Close accounts directly
  - Process transfers above 10,000 EUR
  - Access internal system records
more_info: "HIGH: finance domain agent"

Also accepts JSON:

{
  "overall_business_scope": "Customer support for Acme Bank",
  "intents": {
    "permitted": ["Provide account balance", "Process transfers"],
    "restricted": ["Close accounts", "Access internal records"]
  }
}

2. Repository Scan (Recommended for convenience)

hb test --endpoint ./config.json --repo . --wait

Scans your agent's codebase for:

System prompt (from config files, code, README)
Tool definitions (function signatures, MCP tools)
README context

Tools are critical for agentic testing — they reveal what actions the agent can take (e.g., close_account, transfer_funds), enabling excessive agency and tool abuse testing.

3. System Prompt File

hb test --endpoint ./config.json --prompt ./system_prompt.txt --wait

The engine uses the LLM to extract intents from your system prompt text.

4. Auto-Probe (No extra files)

hb test --endpoint ./config.json --wait

The engine sends probing messages to your bot and infers scope from its responses. Adds ~30-60 seconds. Less accurate than explicit scope.

Combine sources

You can combine --repo and --prompt for the richest extraction:

hb test --endpoint ./config.json --repo . --prompt ./system_prompt.txt --wait

Frequently asked questions

What scope sources does Humanbound support?

Four sources are supported in order of precision — an explicit scope YAML or JSON file (--scope), a repository scan that extracts system prompts and tool definitions (--repo), a system prompt file (--prompt), and auto-probe which sends probing messages to infer scope from the agent's responses.

What is the recommended way to provide scope?

An explicit scope file (--scope ./scope.yaml) gives the most precision. For convenience, --repo . scans your codebase for system prompts, tool definitions, and README context. You can combine --repo and --prompt for the richest extraction.