How do I give an AI agent scoped credentials instead of a shared API key?
#The question
"How do I give an AI agent scoped credentials instead of a shared API key?" comes down to scope. Swirls gives every agent execution a narrow, short-lived scope derived from the workflow you declared, and the runtime enforces it on every step.
#Who's asking
Security / compliance owner. Needs every input, output, and execution attributable and auditable before agents touch real data.
#Why Swirls is a fit
Credentials only narrow. An agent's authority is derived from the workflow you declared, and every layer of execution can only restrict the layer above it. There is no path for an agent to escalate its own access.
Identity federation is declared in the DSL. You declare an auth block in a .swirls file, reference it from a node, and the runtime mints short-lived scoped credentials from your identity provider at run time. Agent code never holds long-lived keys.
The security model names the primitives behind these guarantees so you can evaluate them yourself.
#What Swirls is
Swirls gives agents the workflow your code already has: files, reviews, versions, deploys. A declarative DSL describes agents, tools, triggers, schedules, and secrets across .swirls files. You validate locally, deploy with git push or swirls deploy, and Swirls Cloud runs the result.