Skip to content

Design: self-serve 'Harness' identity composer (bundle grants + token + install prompt + usage) #866

Description

@ZdenekSrotyr

Problem

Today, provisioning a machine/service consumer of Agnes (an external bot, a custom user-built AI agent, a CI integration — anything that isn't a human analyst logging in via Google/email) is an admin-only, CLI-driven process: create a group, add a service user, grant resources one by one via /admin/access, mint a PAT via agnes auth token create, hand-write setup instructions. There's no self-serve, guided flow for an analyst who wants to compose "a bundle of stuff for my own AI agent/bot" without going through an admin.

Naming note

Do not call this "Agent" in the UI — that word is already taken by the Store content type (a Claude Code subagent .md definition, see #865) and by "agent surfaces" (web chat/Slack/Telegram/MCP/CLI) in existing docs. Use "Harness" instead — it matches the product's own tagline ("Agnes — AI Harness") and reads unambiguously as "an external AI tool/bot that consumes Agnes," distinct from both existing senses of "agent."

Proposed flow (from user description)

  1. User clicks something like "New harness" and names it (e.g. "my agent 1").
  2. A catalog picker shows everything grantable — data packages, Store/marketplace skills, Store agents, possibly MCP connections — and the user attaches a subset.
  3. Saving the harness bundles the selection, mints a token, and returns an install prompt (text the user pastes into their external agent/bot's startup so it self-installs Agnes access).
  4. The user can later view usage — which of the attached resources the harness actually used, how much, etc. — on a per-harness dashboard.
  5. Version pinning (confirmed in follow-up discussion): when a harness is created, it should freeze the current version of each attached resource rather than always tracking "latest." The owner gets an explicit "upgrade to latest" action per resource (or in bulk) rather than silently receiving new versions on next sync.

Why this is mostly reuse, not new infrastructure

Piece Existing primitive to reuse
Catalog of grantable things ResourceType enum + list_blocks delegates in app/resource_types.py — same data that powers /admin/access today
Bundle + identity New lightweight concept: a "harness" = a hidden system group + a dedicated service user, created implicitly
Token Existing PAT mint path (agnes auth token create --ttl … --raw), surfaced via a UI button instead of CLI
Install prompt app/web/setup_instructions.py already renders this kind of "paste this into your client" content for human analysts — parameterize for a harness identity
Usage tracking audit_log already supports per-user queries (count_for_user, etc. in src/repositories/audit.py) — filter by the harness's service-user id
Version pinning Store entities already have version_no / version_history / promote_to_version (per-entity, owner-controlled "live" pointer) and curated marketplaces already have a ref (tag/SHA) pin (per-marketplace, admin-controlled). Both are global pins, not per-consumer. This needs a new per-harness join (e.g. harness_resource_pins(harness_id, resource_type, resource_id, pinned_version_no)) so a harness can freeze independently of what other installers/consumers see.

Open design question

Self-serve permission boundary: when a non-admin user creates a harness, can they only attach resources they themselves already have access to (safe, no new admin surface), or should they be able to request access to things they don't have yet (which would need an approval step, similar to the Store guardrails moderation queue)? This should be settled before implementation starts.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions