Skip to content

Delegated Agent Authorization

sam-partee (Arcade): instead of giving the agent your token (full access, full blast radius), you give the agent a scoped subset of your permissions — one per service, one per agent, one per action.

"You're not giving it a user token. You're giving it a portion of your user token for as many services as there are. Arcade will hold one token for the subset of permissions you've authorized for that particular agent at that particular time for that user for that service."

"As the user" vs "for the user"

"Doing work for the user is good. Doing work as the user is much better… sending the email as you instead of making you copy-paste."

Crucially, as the user doesn't mean with the user's full token. It means: as an authenticated principal acting on the user's behalf with a least-privilege scope — so audit logs, rate limits, and abuse prevention work correctly.

Why this matters

Directly connects to token-vault and capability-based-security — this is the operational pattern that implements those abstract security properties. It's also the missing layer in Lloyd's cloud-agent-primitives (he lists infra but not auth) and what makes Chase's coding-agent-as-foundation generalise to enterprise rather than personal use.

Connects to