Documentation

Autonomous Agents#

An autonomous agent has its own principal identity, its own access group membership, and its own credential set. It does not inherit from any human.

When to use this model#

  • Production agents running in CI/CD or cloud infrastructure
  • Long-running services that operate independently
  • Agents that need their own audit trail separate from any user
  • Multi-agent systems where each agent has distinct permissions

How it works#

  1. An admin creates an agent principal in the dashboard
  2. FirstOps generates an ES256 DPoP key pair and returns the agent ID + private key PEM (shown once)
  3. The admin deploys both to the agent's environment
  4. The FirstOps SDK starts a local proxy that signs DPoP proofs per request
  5. Every request is authenticated with the agent's own identity
  6. The agent's access group policies are applied independently



  
    
  
  
    
  








  
  Create agent principal


  
  Agent ID + DPoP private key PEM


  
  Deploy agent ID + key


  
  MCP request (no auth headers)


  
  Sign fresh DPoP proof with private key


  
  Request (agent ID + DPoP proof)


  
  Verify proof → identify agent


  
  Enforce agent's policies


  
  Forward (inject upstream credentials)


  
  Admin


  
  Dashboard


  
  Agent


  
  SDK Proxy (localhost)


  
  Gateway


  
  Upstream

Setup#

1. Create the agent principal#

In the FirstOps dashboard, navigate to Principals > Create Agent. Provide:

  • Agent name
  • Description
  • Access group assignment

You will receive an agent ID (fo_agent_<uuid>) and a DPoP private key in PEM format. Store these securely -- the private key is shown once and cannot be retrieved again.

2. Register connections#

Before your agent can access upstream tools, register the connections:

fo connection add --name notion --url https://mcp.notion.com --auth bearer --token ntn_secret_... --agent <agent-name>

This returns a connection ID that you will use in your agent's MCP server configuration.

3. Configure the agent#

import firstops

# Start the local proxy that handles DPoP authentication
firstops.init(
    agent_id="<uuid>",                    # from agent creation (without fo_agent_ prefix)
    private_key_pem=open("key.pem").read(), # the PEM returned at creation
    gateway_url="https://api.firstops.ai",
)

# Configure your agent framework to connect through the local proxy
# Use the connection ID from step 2
mcp_url = "http://127.0.0.1:9322/mcp/proxy/<connection-id>"

The SDK starts a local HTTP proxy on 127.0.0.1:9322. Your agent framework connects to this proxy URL instead of the upstream tool directly. The proxy adds DPoP authentication headers to every request and forwards to the FirstOps gateway.

4. Assign policies#

Add the agent's access group to the appropriate policies. The agent will be governed by:

  • The access group's outbound set (which tools it can reach)
  • The access group's attached policies (what rules are enforced)

Key differences from human-delegated#

AspectHuman-DelegatedAutonomous
IdentityHuman's principalAgent's own principal
PermissionsInherited from humanIndependently assigned
LifecycleTied to human credentialsIndependent
Credential managementHuman re-authenticatesAdmin deploys key
RevocationRevoke human accessRevoke agent independently
AuditAttributed to humanAttributed to agent

Production considerations#

  • Secret management: Store the agent ID and DPoP private key in your secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.)
  • Monitoring: Set up flag rules to alert on unexpected agent behavior
  • Least privilege: Start with the Default Access Group and add permissions as needed
  • Revocation: Revoking an agent principal immediately blocks all its requests -- no credential cleanup needed on upstream services

Shutdown#

# Clean up the proxy on shutdown
firstops.shutdown()