Members and proxy keys

Members have a role (e.g. owner vs member) and approval status. Approved members can hold a proxy key hashed on the server.

MCP clients authenticate with:

Authorization: Bearer <proxy-key>

The plaintext key is used client-side to unlock encrypted upstream credentials; the server stores fingerprints/hashes only. Losing a key typically forces reconnection of OAuth-backed services.

For untrusted agents, policy loading is per member. If the implementation cannot resolve memberId for a request, policies are empty and tool calls deny.

Invites and joins use signed flows (server/utils/invite.ts, server/api/agents/[id]/join.post.ts, join UI under app/pages/join/).

Agents Tool sessions