Summary
The cred worker (/v1/cred/store) is master-facing today — the master stores credentials for its actors, and agents receive injected creds at localhost (they don't cred store themselves). But an agent could store creds itself: the provisioner can sign the agent up to a service, and an agent has its own email, so an agent-side credential provision + store flow is feasible.
Motivation
- Stage-3 steps 11-12 (run on the sandbox as the real §10.2 agent) exercise the cred worker with the agent's STS creds purely as an STS-scoping check — there's no real agent-side cred operation behind it.
- A real agent-side cred store would let an agent provision + persist its own service credentials, scoped to
bots/<agent_omni>/credentials/, using the agent's email for signup/verification — the same per-actor isolation the memory path already has.
Scope (later work)
Filed per the harness operator/sandbox/CI split discussion — deferred follow-up.
🤖 Generated with Claude Code
Summary
The cred worker (
/v1/cred/store) is master-facing today — the master stores credentials for its actors, and agents receive injected creds at localhost (they don'tcred storethemselves). But an agent could store creds itself: the provisioner can sign the agent up to a service, and an agent has its own email, so an agent-side credential provision + store flow is feasible.Motivation
bots/<agent_omni>/credentials/, using the agent's email for signup/verification — the same per-actor isolation the memory path already has.Scope (later work)
cred store/fetchpath (CLI subcommand or MCP tool) that signs as the agent and writes to the agent's owncredentials/prefix.harness/sandbox-agent-isolation.shto exercise the real agent-side cred roundtrip (today it covers memory only).Filed per the harness operator/sandbox/CI split discussion — deferred follow-up.
🤖 Generated with Claude Code