AI Agent

🤖
  
    
AI Agent
    AGENT
  
Who holds this role: Claude instances, automated pipeline scripts, Pipedream workflows, any non-human principal acting on behalf of a credentialed human
  
    
✅ Permitted Actions
    
Submit data on behalf of delegating human (inherits human's permissions only)
Read permitted datasets for analysis
Call POST /policy/evaluate before any write operation
Generate PROV-O provenance records for every action
  
  
    
🚫 Prohibited Actions
    
Hold independent credentials (credential must be delegated from a human DID)
Exceed the permission scope of the delegating human
Bypass POST /policy/evaluate
Take any action when FPIC block is active — absolute prohibition
  
  Required Credential: 
cth:AgentCredential (delegated from human DID)
Agent inherits the delegating human's DID permissions — never more. Every agent action creates a PROV-O record naming the delegating human DID and the agent ID. FPIC block is enforced at DB row-level security — OPA never even sees the request.