Agent Authorization

Agent authorization controls exactly what each agent can access and do — per resource, per action. Powered by OpenFGA (the same Zanzibar-based authorization engine used by Okta and Twitch), it ensures that no agent can clone a repo, send an email, or update a CRM record unless explicitly permitted.

This guide covers how authorization works, how to grant and manage permissions, and the security principles that underpin the system.