Status
v0.3.0 ships API-key auth, admin and invoke scopes, tenant-scoped visibility, tenant quotas, and an audit log.
Remaining problem
The current auth model is intentionally simple. It is suitable for pilots, but not yet for shared production environments with multiple teams and stronger compliance needs.
Goal
Evolve auth and tenancy from pilot-grade controls to production-grade controls.
Scope
- pluggable auth backends beyond static API keys
- RBAC for registry, invocation, and audit endpoints
- stronger tenant isolation for storage and policy scope
- richer budget policies and per-tool budgets per tenant
- audit export and tamper-evident log strategies
Acceptance criteria
- requests can be authenticated through pluggable providers
- authorization is role-based instead of scope-only
- quotas and budgets can be enforced per tenant and per tool
- audit logs can be exported for external analysis or retention
Status
v0.3.0ships API-key auth, admin and invoke scopes, tenant-scoped visibility, tenant quotas, and an audit log.Remaining problem
The current auth model is intentionally simple. It is suitable for pilots, but not yet for shared production environments with multiple teams and stronger compliance needs.
Goal
Evolve auth and tenancy from pilot-grade controls to production-grade controls.
Scope
Acceptance criteria