Problem: AgentWrit issues scoped tokens. But there's no reference implementation showing how a resource server validates those tokens and enforces scopes. Without this, the end-to-end story stops at "agent got a token."
What's needed:
A lightweight resource server (or library/middleware) that:
Why this matters:
- Closes the gap between "I can prove who this agent is" and "this agent can actually do its job"
- Enables the end-to-end demo (agent authenticates → gets token → calls resource server → scope enforced → token expires → access stops)
- Foundation for scope drift detection (resource server reports granted vs actually-used)
- What small companies actually deploy — the broker alone isn't enough
Possible forms:
- Go middleware (drop into any Go HTTP server)
- Standalone validation proxy
- Python/TypeScript SDK method (
verify_token(token, required_scope))
Inspired by community feedback: "The identity layer is done. The last mile is not."
Problem: AgentWrit issues scoped tokens. But there's no reference implementation showing how a resource server validates those tokens and enforces scopes. Without this, the end-to-end story stops at "agent got a token."
What's needed:
A lightweight resource server (or library/middleware) that:
Why this matters:
Possible forms:
verify_token(token, required_scope))Inspired by community feedback: "The identity layer is done. The last mile is not."