Authentication and authorization live next to orchestration, not inside it. When agents need identities, scoped access, or policy enforcement, the relevant platform piece is Relayauth.
What it covers
- JWT-style access tokens for agents and services
- Scope-based permissions
- RBAC and deny-first policy layers
- Audit trails and token revocation
- Budget and action controls around sensitive access
When to reach for it
- Agents need access to external APIs or protected internal services
- You want workspace-scoped credentials instead of long-lived shared secrets
- You need humans to retain control over what agents are allowed to do