# Overview Source: https://docs.settlemint.com/docs/architecture/components/capabilities Capabilities are optional system addons for asset operations. They add focused workflows for token distribution, treasury control, settlement, primary sales, and issuer-signed market data without putting every workflow into an asset contract. Capabilities are workflow contracts deployed next to a governed asset or another operational subject. Capability contracts handle distribution, treasury approvals, exchange-versus-payment settlement, primary sales, and issuer-signed data publication without moving every control into the base asset contract. Asset contracts own identity, compliance checks, roles, and token behaviour when a capability moves or allocates regulated tokens. Other capabilities own standalone workflow state, such as treasury approvals or issuer-signed subject data, without changing the base asset contract. The deploying operator owns each capability instance and assigns the role holders or participants for that workflow. Identity, claim topics, and trusted issuers are defined in the [claims and identity model](/docs/architecture/concepts/claims-and-identity). Asset rules are defined in the [asset policy model](/docs/architecture/concepts/asset-policy). ## How capabilities fit [#how-capabilities-fit] Capabilities sit beside the asset-contract layer or a non-token workflow subject. Each capability instance is deployed through a factory and keeps its own on-chain state, so one airdrop, vault, settlement, token sale, or price feed does not share state with another instance. DALP routes execution through platform services where an API, CLI, or Asset Console workflow is available, while the capability contract enforces the workflow state on-chain. ## What each addon owns [#what-each-addon-owns] Each addon owns one operational workflow. Asset contracts own the base token model, role setup, identity registry, compliance modules, and instrument profile. | Task | Page | Capability ownership | Outside the capability | | ------------------------------------------------ | ------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | | Distribute tokens to eligible recipients | [Airdrop](/docs/architecture/components/capabilities/airdrop) | Time-bound, vesting, or push distribution state, Merkle proof validation, claim tracking, and owner withdrawal | Token issuance, recipient identity setup, and off-chain Merkle tree generation | | Control treasury movements with signer approvals | [Vault](/docs/architecture/components/capabilities/vault) | Proposals, confirmations, revocations, execution, pause, signer roles, and configurable thresholds | Token issuance, investor identity, and compliance verification | | Settle token legs atomically between parties | [XvP Settlement](/docs/architecture/components/capabilities/xvp-settlement) | Local flow definitions, sender approvals, expiration, hashlock reveal, cancellation requests, and all-or-nothing local execution | Price discovery, order matching, external-chain execution, and upstream compliance checks | | Run a primary token offering | [Token Sale (DAIO)](/docs/architecture/components/capabilities/token-sale) | Sale timing, accepted payment currencies, buyer eligibility checks, purchase records, finalisation, refunds, vesting, and token withdrawal | Secondary trading, lifecycle servicing after the sale, and broader asset policy design | | Publish issuer-signed numeric values | [Issuer-Signed Scalar Feed](/docs/architecture/components/capabilities/issuer-signed-scalar-feed) | Signed value submission, signer verification, history mode, drift checks, fixed-point precision, and feed discovery | External price formation, external oracle operation, and the business decision behind the value | ## Operating model [#operating-model] Capabilities follow the same high-level model, but they do not expose the same workflow. | Operating question | Capability answer | | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Deployment | A factory creates a dedicated capability instance for the asset or workflow. | | State ownership | The deployed instance owns workflow state, such as claims, approvals, sale status, settlement flows, or signed feed rounds. | | Post-deployment changes | The relevant role holder or participant changes only allowed fields. Some configuration is immutable after creation. | | When do compliance checks apply? | Token transfers still rely on the underlying asset and SMART Protocol compliance path when the capability moves or allocates regulated tokens. | | What events can auditors inspect? | Contracts emit events for proposals, confirmations, claims, purchases, settlement actions, and feed updates. DALP services can index those events for APIs and operator surfaces. | ## Choose the right capability [#choose-the-right-capability] Start from the workflow outcome, not from the contract name. | If the operating question is... | Start with... | | ------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | | How can an issuer distribute an already funded token allocation? | [Airdrop](/docs/architecture/components/capabilities/airdrop) | | How can a treasury require signer approval before funds move? | [Vault](/docs/architecture/components/capabilities/vault) | | How can two or more parties settle local token legs atomically? | [XvP Settlement](/docs/architecture/components/capabilities/xvp-settlement) | | How can eligible buyers participate in a primary token offering? | [Token Sale (DAIO)](/docs/architecture/components/capabilities/token-sale) | | How can a trusted issuer publish signed numeric values for a topic? | [Issuer-Signed Scalar Feed](/docs/architecture/components/capabilities/issuer-signed-scalar-feed) | Use the asset lifecycle, identity, and policy pages first for token creation, investor onboarding, claim topics, trusted issuers, or transfer restrictions. Use a capability page when the token or workflow subject already exists and the question is about the extra operation DALP runs around it. ## Next pages by review question [#next-pages-by-review-question] * Distribution ownership: [Airdrop](/docs/architecture/components/capabilities/airdrop). * Treasury approval control: [Vault](/docs/architecture/components/capabilities/vault). * Atomic token-leg settlement: [XvP Settlement](/docs/architecture/components/capabilities/xvp-settlement). * Primary buyer participation: [Token Sale (DAIO)](/docs/architecture/components/capabilities/token-sale). * Issuer-attested numeric data: [Issuer-Signed Scalar Feed](/docs/architecture/components/capabilities/issuer-signed-scalar-feed). Security and compliance reviews should pair the relevant capability page with [SMART Protocol integration (ERC-3643)](/docs/architecture/components/asset-contracts/smart-protocol-integration) and the [infrastructure layer](/docs/architecture/components/infrastructure). Those pages explain the transfer checks and execution services around each addon. ## Related [#related] * [Component catalog](/docs/architecture/components) for the full platform inventory * [Asset contracts overview](/docs/architecture/components/asset-contracts) for the base token layer capabilities build around * [SMART Protocol integration (ERC-3643)](/docs/architecture/components/asset-contracts/smart-protocol-integration) for the compliance framework capabilities build on * [Infrastructure layer](/docs/architecture/components/infrastructure) for the services capabilities depend on * [Key flows](/docs/architecture/flows) for end-to-end operation sequences involving capabilities