IDEN
Wacommerce

Agent scopes and safety

Limit what an agent can do with scopes and audit.

Every `nxk_live` key carries scopes. An agent can only call tools or endpoints its scopes allow, and every action is recorded in the audit log.

Safe practice

  • Grant the minimum scopes the agent needs
  • Use a separate key per agent for easy revocation
  • Watch the audit log for unexpected actions
  • Rotate keys if leaked