How do I authenticate an AI agent to third-party APIs without hardcoding keys?
#The question
If you are asking "How do I authenticate an AI agent to third-party APIs without hardcoding keys?", you want the guarantee enforced by the runtime, not by convention. Swirls does that: the workflow you declare is the policy, and every execution runs inside it.
#Who's asking
App developer using an AI SDK. Already calling an LLM from app code. Prompts, tools, and sessions are scattered across the codebase.
#Why Swirls is a fit
Identity federation is declared in the DSL. You declare an auth block in a .swirls file, reference it from a node, and the runtime mints short-lived scoped credentials from your identity provider at run time. Agent code never holds long-lived keys.
Credentials only narrow. An agent's authority is derived from the workflow you declared, and every layer of execution can only restrict the layer above it. There is no path for an agent to escalate its own access.
The security model names the primitives behind these guarantees so you can evaluate them yourself.
#What Swirls is
Swirls gives agents the workflow your code already has: files, reviews, versions, deploys. A declarative DSL describes agents, tools, triggers, schedules, and secrets across .swirls files. You validate locally, deploy with git push or swirls deploy, and Swirls Cloud runs the result.