[Design Proposal] Agent Manager - Permission Model #853
Replies: 2 comments 2 replies
-
|
How would the authorization check happen at the AM backend? Would these backend APIs be exposed over API GW? |
Beta Was this translation helpful? Give feedback.
-
|
I'm unclear how service accounts fit here. We're building MCP and CLI as first-class
Also — have we considered using OpenChoreo's existing Casbin-backed authz? otherwise we have two authz frameworks, |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Problem
Agent Manager enables teams to build, deploy, and govern AI agents within an organization. Without a well-defined permission model, the platform risks two failure modes:
The platform has two distinct access dimensions:
This proposal addresses the platform access layer.
Goals
Non-Goals
User Stories
Administrator
Developer
AI Lead
Platform Engineer
Custom Roles
Deploy-Onlyrole that triggers deployments without modifying agent configuration).Proposed Solution
Agent Manager will use Thunder as the Identity Provider, with Agent Manager's permissions modeled as a resource server inside Thunder. The design is structured so that future external IDP integration is a contained change rather than a system-wide refactor.
Key Design Decisions
Thunder as the Identity Provider. Thunder owns users and permission assignments. Authentication and token issuance are delegated to Thunder.
Permissions modeled as a Thunder resource server. Agent Manager registers as a resource server in Thunder. Scopes (e.g.,
amp:agent:deploy_prod,amp:org:member_role_assign) and roles (Admin, Developer, AI Lead, Platform Engineer, custom) are defined as Thunder resource-server constructs.Identity Provider runtime contract = scopes. Runtime authorization relies entirely on IDP-issued scopes carried in the access token. The backend enforces the required scope on every API call.
Agent Manager owns the permission management UI. User, role, and permission management screens live in the Agent Manager console. The console communicates only with the Agent Manager backend, never directly with Thunder.
Backend as authorization broker, with an IDP adapter seam. All IDP-specific calls live behind an
IDPAdapterinterface.ThunderAdapteris the only implementation in Phase 1; future IDPs implement the same interface.UI and Pluggability Strategy
permissionManagementUI: enabled | disabled) controls this behavior, set per deployment based on the configured IDP's capabilities.Forward-Compatibility Principles
idp.providerconfig flag; onlythunderaccepted today).Architecture
flowchart TB User["End User (Browser)"] subgraph Console["Agent Manager Console"] ConsoleUI["• Permission management UI<br/>• Domain views<br/>• OIDC client"] end subgraph Backend["Agent Manager Backend"] AuthZ["Auth/AuthZ Module<br/>JWT validation · Scope checks · Org isolation"] UserRole["User & Role Service<br/>Member CRUD · Role assignment · Custom roles"] Domain["Domain APIs<br/>Agents · Projects · Deployments"] Adapter["IDP Adapter Interface"] Thunder["ThunderAdapter"] end subgraph ThunderIDP["Thunder (IDP)"] Identity["Identity Store<br/>Users"] ResourceServer["Resource Server: Agent Manager<br/>Scopes · Roles · Assignments"] end User -->|HTTPS| Console Console -->|REST + access token| Backend AuthZ --> Adapter UserRole --> Adapter Domain --> AuthZ Adapter --> Thunder Thunder -->|Thunder Admin / Token APIs| ThunderIDPRequest Flow (Developer deploys an agent)
POST /deploymentson the backend with the bearer token.amp:agent:deploy_nonprod.403.Current State
The following components are already in place in the codebase:
ThunderConfigand OAuth2 app provisioning viaclients/thundersvc.middleware/jwtassertionvalidates tokens via JWKS with issuer and audience checks.console/uses@asgardeo/reactwith the OIDC flow.The following work is required to deliver the proposal:
Milestones
Phase 1 — Foundations (Thunder only, ~3-5 weeks)
Phase 1 deliverable: Thunder-based permission model with full Agent Manager-managed UI, all four predefined roles enforced end-to-end, and custom role support.
Phase 2 — Pluggability Foundation (~4-5 days)
permissionManagementUIflag)Phase 2 deliverable: clean adapter seam and configuration to support non-compatible IDP deployments. No new IDP integration.
Phase 3 — First External IDP (~5–6 weeks)
Phase 3 deliverable: Agent Manager runs on a customer-chosen external IDP using the same scope-based runtime contract. This will not be covered with this feature.
Risks
@asgardeo/reactmay need replacement with a Thunder-native client during M3.Verification
Deploy-Onlyrole via console, assign to a user, confirm the user can deploy but cannot modify agent configurations.ThunderAdapter.Beta Was this translation helpful? Give feedback.
All reactions