Scoping with groups

Pulse reuses the platform's existing access control. You do not define a separate permission model for agents: you put the agent's user into groups, and grant those groups the right to run specific topologies.

The model #

  • A group grants the right to run one or more topologies.
  • An agent user (created with its API key) is assigned to one or more groups.
  • The agent can run exactly the topologies its groups permit, and nothing else.

This is the same flow you already use for people. A regular user with only a base chat role can do nothing until you add them to a group that can run a topology. An agent works identically.

flowchart LR
  Key["API key (X-Auth)"] --> Agent["Agent user"]
  Agent --> Group["Group"]
  Group --> Topo["Permitted topologies"]

Why this matters #

The manifest and the run path use the same per-user run check. That single gate keeps every group strictly scoped:

  • The manifest a caller fetches contains only the topologies its groups can run.
  • The run endpoint resolves a tool through the exact same pipeline that built the manifest. A topology outside the caller's scope resolves to an unknown tool and is never executed.

So you can hand different agents different keys, put each key's agent user into a different group, and each agent is confined to its own set of processes, while the underlying system credentials stay shared and centrally managed.

Best practice: create one group per agent role (for example "support-agent" or "reporting-agent"), grant it only the topologies that role needs, then bind the agent's key to that group.

Where to go next #

© 2025 Orchesty Solutions. All rights reserved.