Skip to main content
HASP’s agent identity layer lets autonomous AI agents act under explicitly delegated human authority with scoped, time-bounded, revocable credentials. Instead of giving an agent your API key (which carries all your permissions and never expires), you issue a credential that encodes exactly what the agent may do, on whose behalf, and until when. Every credential is anchored into HASP’s integrity-chain audit log at issuance. Every action the agent takes under that credential is auditable back to the specific human who authorized it.

Key concepts

Agent definition

An agent is a persistent identity registered to your org. It represents a class of automated work — the same agent definition can be used across many credential issuances over time (one per session, one per shift, one per workflow run). 
AgentDefinition
  id:                   agent_01ARZ3...   ← permanent identity
  name:                 IntakeRouter
  capabilities:         [chart-review, scheduling-handoff]
  default_expiry_hours: 8
  allowed_scope_types:  [hasp.data.read, external.tool.invoke]
  status:               active
Registering an agent does not grant it any authority. A registered agent without a credential cannot make API calls.

Credential

A credential is a time-bounded, scoped authorization issued to a specific agent on behalf of a specific user. It contains:
  • The granted scope set — what the agent may do
  • The delegating user — whose authority the agent acts under
  • An expiry — when the authorization ends
  • A revocation policy — what happens when revoked
The bearer token (hasp_agent_...) is the credential’s wire representation. HASP stores only its SHA-256 hash — the plaintext is shown once at issuance and never stored.

Scope grants

Scope grants follow the OAuth 2.1 Rich Authorization Requests (RFC 9396) shape: structured authorization objects, not free-form strings. 
{
  "granted_scopes": [
    { "type": "hasp.data.read" },
    { "type": "external.tool.invoke", "tool_id": "calendar.find_slots" }
  ]
}
The full scope type reference is in Scope Grants.

Revocation

Credentials are revocable at any time. Two policies:
PolicyBehavior
drainIn-flight work completes; no new invocations authorized after revocation
killAll in-flight invocations are cancelled immediately
Revoking a credential cascades to every credential delegated from it (agent-to-agent delegation chains), regardless of the descendants’ own revocation policy.

Delegation chains

When an agent needs to hand off work to another agent, it can issue a child credential using its own credential as authorization. The child credential’s authority is always bounded by the parent’s — an agent cannot delegate scopes it doesn’t hold, and cannot set an expiry beyond its own. The full delegation path is recorded on every credential and every audit event, tracing every action back to the root human authorization.

Pre-action tool authorization

Every tool invocation by an agent passes through an authorization check in the AI Gateway before execution. The check evaluates the credential’s scope grants against the specific tool being called. A tool call outside scope returns 403 TOOL_NOT_IN_SCOPE; it never silently proceeds. This is the technical answer to the regulated-buyer question: “show me the chain of who authorized this agent to do this.”

Audit events

Every significant event in the agent lifecycle is integrity-chain-anchored:
EventWhen
agent.registeredAgent definition created
agent.credential_issuedCredential issued to agent
agent.credential_revokedCredential revoked (including cascade)
agent.tool_invocation_authorizedTool call passed pre-action check
agent.tool_invocation_rejectedTool call failed pre-action check
agent.delegation_handoffAgent issued credential to another agent
Events are queryable via the Audit endpoint.

Getting started

  1. Register an agentDashboard or API
  2. Issue a credentialDashboard or API
  3. Make API calls — Use the bearer token in Authorization: Bearer hasp_agent_...
See Issuing Credentials for the full flow.