AI Agent
🤖
AI Agent
AGENTWho holds this role: Claude instances, automated pipeline scripts, Pipedream workflows, any non-human principal acting on behalf of a credentialed human
✅ Permitted Actions
- Submit data on behalf of delegating human (inherits human's permissions only)
- Read permitted datasets for analysis
- Call POST /policy/evaluate before any write operation
- Generate PROV-O provenance records for every action
🚫 Prohibited Actions
- Hold independent credentials (credential must be delegated from a human DID)
- Exceed the permission scope of the delegating human
- Bypass POST /policy/evaluate
- Take any action when FPIC block is active — absolute prohibition
Required Credential:
cth:AgentCredential (delegated from human DID)
Agent inherits the delegating human's DID permissions — never more. Every agent action creates a PROV-O record naming the delegating human DID and the agent ID. FPIC block is enforced at DB row-level security — OPA never even sees the request.