Goal
Ensure agent tool execution carries enough principal/auth/audit context for enterprise/private-site knowledge products.
This is runtime substrate work for permission-aware search/read and generated knowledge provenance in Automattic/intelligence#815.
Required work
- Carry authenticated principal, agent owner, user/session owner, and credential scope through tool execution where available.
- Record safe audit metadata for tool calls: tool name, provider/source class, principal class, execution timestamp, redacted parameters, and result status.
- Make auth scope behavior explicit for agent-specific vs user-specific vs site-wide credentials.
- Avoid logging secrets, cookies, tokens, raw customer identifiers, or unsafe payloads.
- Expose enough metadata for Intelligence to annotate search/read envelopes, wiki provenance, and review items.
Acceptance criteria
- Downstream knowledge layers can tell which principal/source context produced a retrieved fact or generated change.
- Sensitive values are redacted by default.
- Generic Data Machine contracts remain domain-neutral and do not mention A8C-specific providers.
Goal
Ensure agent tool execution carries enough principal/auth/audit context for enterprise/private-site knowledge products.
This is runtime substrate work for permission-aware search/read and generated knowledge provenance in
Automattic/intelligence#815.Required work
Acceptance criteria