# AI Agent

<div id="bkmrk-%F0%9F%A4%96-ai-agent-agent-who" style="border-top:5px solid #0d6efd;border-radius:10px;padding:24px;background:#e7f0ff;margin-bottom:24px"><div style="display:flex;align-items:center;gap:14px;margin-bottom:16px"> <span style="font-size:2.4em">🤖</span><div>## AI Agent

 <span style="background:#0d6efd;color:#fff;padding:3px 12px;border-radius:12px;font-size:0.8em">AGENT</span> </div></div>**Who holds this role:** Claude instances, automated pipeline scripts, Pipedream workflows, any non-human principal acting on behalf of a credentialed human

<div style="display:grid;grid-template-columns:1fr 1fr;gap:16px;margin:16px 0"><div style="background:#fff;border-radius:8px;padding:16px">#### ✅ Permitted Actions

- Submit data on behalf of delegating human (inherits human's permissions only)
- Read permitted datasets for analysis
- Call POST /policy/evaluate before any write operation
- Generate PROV-O provenance records for every action

 </div><div style="background:#fff;border-radius:8px;padding:16px">#### 🚫 Prohibited Actions

- Hold independent credentials (credential must be delegated from a human DID)
- Exceed the permission scope of the delegating human
- Bypass POST /policy/evaluate
- Take any action when FPIC block is active — absolute prohibition

 </div></div><div style="background:#fff;border-radius:8px;padding:14px;margin-top:12px"> **Required Credential:** `cth:AgentCredential (delegated from human DID)`</div><div style="margin-top:14px;font-size:0.9em;color:#555">Agent inherits the delegating human's DID permissions — never more. Every agent action creates a PROV-O record naming the delegating human DID and the agent ID. FPIC block is enforced at DB row-level security — OPA never even sees the request.</div></div>