Problem: AgentWrit proves WHO the agent is and WHAT it's allowed to do. It does not solve HOW the agent gets the actual API key, database password, or OAuth token for the service it's calling.
An agent that needs Google Calendar credentials needs an OAuth token with calendar.events scope — not just an identity token. Today, that bridge doesn't exist.
Proposed: Built-in credential exchange connectors for common services:
The agent presents its AgentWrit identity token + requested scope → the broker exchanges it for a short-lived, scoped credential for the target service → the agent uses the real credential → it expires.
Design principles:
- AgentWrit core never stores long-lived service credentials in the broker itself — delegate to the OS keychain or a secrets backend
- Each connector handles its own OAuth flow
- Scope mapping: AgentWrit scopes map to service-specific OAuth scopes
- The exchange is audited in the hash chain
Why this matters: Identity is half the problem. The other half is "now hand me the key." This closes the gap between "I can prove who this agent is" and "this agent can actually do its job."
Inspired by community feedback.
Problem: AgentWrit proves WHO the agent is and WHAT it's allowed to do. It does not solve HOW the agent gets the actual API key, database password, or OAuth token for the service it's calling.
An agent that needs Google Calendar credentials needs an OAuth token with
calendar.eventsscope — not just an identity token. Today, that bridge doesn't exist.Proposed: Built-in credential exchange connectors for common services:
The agent presents its AgentWrit identity token + requested scope → the broker exchanges it for a short-lived, scoped credential for the target service → the agent uses the real credential → it expires.
Design principles:
Why this matters: Identity is half the problem. The other half is "now hand me the key." This closes the gap between "I can prove who this agent is" and "this agent can actually do its job."
Inspired by community feedback.