Identity
Auth0 provides the user identity boundary. Portable bearer tokens are issued by .agency, not exported directly from Auth0.
Trust Surface
Security
`.agency` is designed around identity separation, live authorization, controlled secret handling, and operational revocation. The point is not just to issue credentials. The point is to keep automation governable after credentials exist.
Last updated: March 6, 2026
Authorization
Every request is checked against organization membership, service entitlements, policy acceptance, contract status, and billing state.
Secrets
System-side runtime secrets remain in managed secret infrastructure such as Infisical. User bearer tokens are treated as high-trust credentials and protected separately.
Operations
Revocation, regeneration, audit logs, anomaly review, and rate controls are part of the standing operating model, not optional support procedures.
Bearer Token Risk Management
`.agency` supports one long-lived bearer token per authenticated user. This simplicity is balanced by compensating controls: opaque token format, protected server-side storage, request-time entitlement enforcement, immediate revoke and regenerate paths, and auditability for both issuance and downstream use.
If a token is suspected to be compromised, CREATE SOMETHING may revoke it immediately and require re-issuance before further host or agent access is restored.
Commercial and Legal Gating
Access is not determined by token validity alone. `.agency` may deny access where contract status, required policy acceptance, or billing standing is not current, even if a token has not expired. This keeps legal and commercial state inside the access decision rather than leaving it as a disconnected back-office concern.
For security inquiries, contact [email protected].