Claims

A straightforward claims-based authorization system for managing permissions across multiple agents. You get seven claim types (read, write, execute, spawn, memory, network, admin) that you can grant, revoke, check, and list via CLI commands. The scope patterns are flexible enough to lock things down to specific files or namespaces, which matters when you're coordinating multiple agents and don't want everything having admin access to everything else. It's built around least privilege principles with predefined security levels from minimal to admin. If you're running agents that need different permission boundaries or you're building any kind of multi-agent workflow where access control actually matters, this gives you the authorization layer to make that happen.