Skip to main content

Contract: Dynamic Agent Execution Authorization

Protected Operations

The following operations require both authentication and an allow decision for the selected Dynamic Agent:

OperationPathAuthorization relationship
Start streaming executionPOST /api/v1/chat/stream/startuser:<subject> can_use agent:<agent_id>
Non-streaming invocationPOST /api/v1/chat/invokeuser:<subject> can_use agent:<agent_id>
Resume interrupted executionPOST /api/v1/chat/stream/resumeuser:<subject> can_use agent:<agent_id>

The following operation requires authentication only. It intentionally does not require a fresh can_use decision because cancellation stops work rather than starting or continuing execution:

OperationPathAuthorization relationship
Cancel active streamPOST /api/v1/chat/stream/cancelNone for this feature

Request Requirements

Start streaming execution

Required fields:

  • agent_id
  • conversation_id
  • message

Optional fields:

  • protocol
  • trace_id
  • client_context

Non-streaming invocation

Required fields:

  • agent_id
  • conversation_id
  • message

Optional fields:

  • trace_id
  • client_context

Resume interrupted execution

Required fields:

  • agent_id
  • conversation_id
  • resume_data

Optional fields:

  • protocol
  • trace_id

Cancel active stream

Required fields:

  • agent_id
  • conversation_id

Response Requirements

Allowed

  • Protected execution requests are forwarded to Dynamic Agents only after the boundary authorization check allows the caller.
  • Dynamic Agents starts, invokes, or resumes runtime work only after its runtime authorization check allows the caller.

Unauthorized

Authentication failure response:

{
  "success": false,
  "error": "You are not signed in. Please sign in to continue.",
  "code": "NOT_SIGNED_IN",
  "reason": "not_signed_in",
  "action": "sign_in"
}

Runtime missing-bearer response:

{
  "success": false,
  "error": "Bearer token is required",
  "code": "missing_bearer",
  "reason": "not_signed_in",
  "action": "sign_in"
}

Forbidden

Authorization denial response:

{
  "success": false,
  "error": "Permission denied",
  "code": "agent#use",
  "reason": "pdp_denied",
  "action": "contact_admin"
}

Authorization service unavailable

Retryable authorization-service response:

{
  "success": false,
  "error": "Authorization service is temporarily unavailable. Please try again in a moment.",
  "code": "PDP_UNAVAILABLE",
  "reason": "pdp_unavailable",
  "action": "retry"
}

Non-Execution Guarantee

For start, invoke, and resume requests, every denied or unavailable authorization outcome must terminate before any agent runtime is created, resumed, or invoked.