Skip to content

Identity defaults by deployment shape: one canonical principal for personal instances, client recorded as provenance #718

Description

@tps-flint

Context

Flair's identity model is org-first: multiple real agent identities, per-agent ownership, cross-agent corroboration as a trust signal. That's correct for the org/team deployment shape — and silently wrong as a default for the personal shape, where one human drives several AI clients (a chat assistant, an IDE agent, a phone app). Those clients are not independent epistemic actors; giving each its own Agent identity fragments provenance and history for zero corroboration gain.

Proposal: deployment-shape identity defaults

  • Personal shape (default for single-human instances): one canonical principal/agent per human. Every authenticated client maps to it. The originating client is recorded as provenance metadata on each write (alongside the existing verified/claimed provenance fields) — so trust math and history can still distinguish and weight by client, without identity fragmentation. Clients are temporary; memory is permanent.
  • Org shape (today's model, unchanged): multiple genuine agent identities, corroboration across them feeding emergent trust, org-level refinement.
  • Explicit opt-in to multi-agent mode on a personal instance for users who genuinely run independent agents.

What this needs

  1. A place for the shape decision (install-time flag? instance config?) with personal as the single-human default.
  2. Provenance gains an originating-client field (additive, nullable — same migration discipline as prior provenance work).
  3. Client-mapping story for authenticated connections (the OAuth/MCP identity path resolves to the canonical principal rather than minting per-client agents).
  4. Docs: the two shapes stated plainly, so integrators stop asking which identity to mint.

Surfaced by a zero-context source review that independently converged on the portable-memory positioning and flagged identity fragmentation as the one architectural risk to it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions