Security

A token can exist and access can still stop.

Credentials are not permission by themselves. Identity, workflow lane, access scope, commercial state, approval rules, and receipts all participate before delegated work can run.

Allowed
Run still needs the right lane

A token can exist, but execution still depends on the allowed workflow, scoped action, owner, and current access state.

Blocked
Wait or stop before risk

Revenue, customer trust, production, credential, contract, billing, or policy issues can pause or deny execution before the workflow acts.

Recover
Compromise has a direct path

Access can be revoked or regenerated immediately without waiting for a token expiry window.

Last updated March 9, 2026

Controlled delegation needs an explicit access chain.

Each request passes through a clear path so approval requirements, blocked states, and recovery paths stay legible instead of hiding inside a prompt or a vendor account.

Identity
Person and tenant boundary

Portal sign-in establishes who is acting and which organization boundary the request belongs to.

Entitlement
Live access check

Membership, allowed workflow, contract standing, billing state, and policy acceptance are checked at request time.

Credential
Separate managed tokens

Portal identity, managed bearer tokens, and hosted product credentials remain distinct so compromise and revocation stay deliberate.

Control
Receipts and recovery

Revocation, regeneration, anomaly review, blocked states, and audit trails stay attached to the workflow.

Access boundary

Map the workflow before you hand it credentials.

Security is strongest when the workflow map names its objects, permissions, stop points, decision owner, and audit trail before any agent acts.

Map Name the protected workflow

Define which objects, actions, and systems need security review.

Gate Define allowed and blocked states

Separate routine execution from approval, denial, and recovery.

Prove Keep the audit trail

Attach evidence to the workflow path instead of relying on prompt memory.