Principals#
A principal is any entity that can make requests through FirstOps — a human developer or an AI agent. FirstOps treats all principals uniformly: the same policies, the same enforcement, and the same audit trail apply regardless of whether the principal is a human or an agent.
Principal Types#
| Type | Created by | Credentials | Lifecycle |
|---|---|---|---|
| Human | Self-registration or admin invite | CLI auth (DPoP key pair) | Tied to user account |
| Agent | Admin via dashboard or API | Agent ID + DPoP key pair (generated at creation) | Independent of creator |
Uniform Governance#
Humans and agents are governed the same way. Both:
- Authenticate via DPoP proof-of-possession
- Belong to Access Groups
- Have policies evaluated identically
- Generate audit records in the same format
This means you manage agent security with the same tools and concepts you use for human access — one policy model, one audit trail, one set of access controls.
Agent Principals#
Agents are not users with API keys. They have their own lifecycle:
- Creation — by admins, not self-registration
- Credential rotation — without downtime
- Revocation — propagates immediately
- Audit trails — independent of their creator
Human-Delegated vs Autonomous#
An agent can operate in two modes:
Human-delegated: The agent acts on behalf of a specific user. The user's identity is the primary principal; the agent inherits permissions from the user's access group.
Autonomous: The agent has its own principal identity, its own access group membership, and its own credential set. It does not inherit from any human.
See Human-Delegated Agents and Autonomous Agents for integration guides.
Access Groups#
Every principal belongs to at least one Access Group. Access Groups determine:
- Which upstream tools the principal can reach (via Outbound Sets)
- Which policies govern the principal's requests
A Default Access Group exists per tenant — the least-privilege group automatically applied when a principal has no explicit mapping.