Daemon Security
Caller identity, endpoint scopes, local development mode, and audit attribution.
Daemon Security
Daemon calls must preserve separate layers of authority:
transport security -> caller authentication -> endpoint scopes -> signed work order -> tenant/agent/run checks -> gateway verificationCaller identity
Caller principals identify the app or client. They are separate from tenant, agent, run, node, and instance identities.
Every non-dev request requires:
- authenticated caller principal;
- endpoint scopes;
- tenant or fleet binding;
- audience binding;
- expiry;
- revocation status;
- audit attribution for mutating requests.
Endpoint scopes
Representative scopes include:
splendor.runs.createsplendor.runs.readsplendor.runs.startsplendor.runs.pausesplendor.runs.resumesplendor.runs.stopsplendor.percepts.appendsplendor.actions.submitsplendor.traces.readsplendor.state.readsplendor.replay.createsplendor.messages.sendsplendor.health.readsplendor.capabilities.read
Missing scopes fail closed.
Local development mode
Insecure local mode is allowed only when explicitly enabled, bound to loopback or a Unix domain socket, visibly warned at startup, and unavailable for production, fleet, remote, or resident-node operation. Clients must not silently fall back to it.
Action submission
POST /actions requires authenticated caller context or an internal runtime
principal, endpoint scope, tenant/run binding, trace linkage, and gateway
verification state. Caller-provided “already verified” claims are not accepted as
authority.