Documentation Index Fetch the complete documentation index at: https://docs.agno.com/llms.txt
Use this file to discover all available pages before exploring further.
AgentOS validates JWT scopes against required permissions for each endpoint. Control who can access and run your agents, teams, and workflows.
Quick Start Enable RBAC when initializing AgentOS:
from agno.agent import Agent from agno.db.postgres import PostgresDb from agno.models.openai import OpenAIResponses from agno.os import AgentOS db = PostgresDb( db_url = "postgresql+psycopg://ai:ai@localhost:5532/ai" ) agent = Agent( id = "my-agent" , model = OpenAIResponses( id = "gpt-5.2" ), db = db, ) agent_os = AgentOS( id = "my-agent-os" , agents = [agent], authorization = True , ) app = agent_os.get_app()
Set the JWT_VERIFICATION_KEY environment variable to your public key in your .env file or export it directly in your terminal:
export JWT_VERIFICATION_KEY = "your-public-key"
RBAC uses a hierarchical scope format:
Format Example Description resource:actionagents:readAccess all resources of a type resource:<id>:actionagents:my-agent:runAccess a specific resource resource:*:actionagents:*:readWildcard (equivalent to global) agent_os:admin- Full access to all endpoints
Complete Scope Reference Admin Scopes Scope Description agent_os:adminFull admin access to all endpoints
System Scopes Scope Description system:readView system configuration and available models
Agent Scopes Scope Description agents:readList and view all agents agents:writeCreate and update agents agents:deleteDelete agents agents:runRun any agent agents:<agent-id>:readView a specific agent agents:<agent-id>:runRun a specific agent
Team Scopes Scope Description teams:readList and view all teams teams:writeCreate and update teams teams:deleteDelete teams teams:runRun any team teams:<team-id>:readView a specific team teams:<team-id>:runRun a specific team
Workflow Scopes Scope Description workflows:readList and view all workflows workflows:writeCreate and update workflows workflows:deleteDelete workflows workflows:runRun any workflow workflows:<workflow-id>:readView a specific workflow workflows:<workflow-id>:runRun a specific workflow
Session Scopes Scope Description sessions:readView all sessions and session data sessions:writeCreate, update, and rename sessions sessions:deleteDelete sessions
Memory Scopes Scope Description memories:readView memories and memory topics memories:writeCreate, update, and optimize memories memories:deleteDelete memories
Knowledge Scopes Scope Description knowledge:readView and search knowledge content knowledge:writeAdd and update knowledge content knowledge:deleteDelete knowledge content
Metrics Scopes Scope Description metrics:readView metrics metrics:writeRefresh metrics
Evaluation Scopes Scope Description evals:readView evaluation runs evals:writeCreate and update evaluation runs evals:deleteDelete evaluation runs
Trace Scopes Scope Description traces:readView traces and trace sessions
Schedule Scopes Scope Description schedules:readList and view schedules and schedule runs schedules:writeCreate, update, enable, disable, and trigger schedules schedules:deleteDelete schedules
Approval Scopes Scope Description approvals:readList and view approval requests approvals:writeResolve approval requests approvals:deleteDelete approval requests
Default Scope Mappings AgentOS automatically maps endpoints to required scopes.
System
Agents
Teams
Workflows
Sessions
Memories
Knowledge
Metrics
Evals
Traces
Schedules
Approvals
Endpoint Required Scope GET /configsystem:readGET /modelssystem:read
Endpoint Required Scope GET /agentsagents:readGET /agents/*agents:readPOST /agentsagents:writePATCH /agents/*agents:writeDELETE /agents/*agents:deletePOST /agents/*/runsagents:runPOST /agents/*/runs/*/continueagents:runPOST /agents/*/runs/*/cancelagents:run
Endpoint Required Scope GET /teamsteams:readGET /teams/*teams:readPOST /teamsteams:writePATCH /teams/*teams:writeDELETE /teams/*teams:deletePOST /teams/*/runsteams:runPOST /teams/*/runs/*/continueteams:runPOST /teams/*/runs/*/cancelteams:run
Endpoint Required Scope GET /workflowsworkflows:readGET /workflows/*workflows:readPOST /workflowsworkflows:writePATCH /workflows/*workflows:writeDELETE /workflows/*workflows:deletePOST /workflows/*/runsworkflows:runPOST /workflows/*/runs/*/continueworkflows:runPOST /workflows/*/runs/*/cancelworkflows:run
Endpoint Required Scope GET /sessionssessions:readGET /sessions/*sessions:readPOST /sessionssessions:writePOST /sessions/*/renamesessions:writePATCH /sessions/*sessions:writeDELETE /sessionssessions:deleteDELETE /sessions/*sessions:delete
Endpoint Required Scope GET /memoriesmemories:readGET /memories/*memories:readGET /memory_topicsmemories:readGET /user_memory_statsmemories:readPOST /memoriesmemories:writePATCH /memories/*memories:writePOST /optimize-memoriesmemories:writeDELETE /memoriesmemories:deleteDELETE /memories/*memories:delete
Endpoint Required Scope GET /knowledge/contentknowledge:readGET /knowledge/content/*knowledge:readGET /knowledge/configknowledge:readPOST /knowledge/searchknowledge:readPOST /knowledge/contentknowledge:writePATCH /knowledge/content/*knowledge:writeDELETE /knowledge/contentknowledge:deleteDELETE /knowledge/content/*knowledge:delete
Endpoint Required Scope GET /metricsmetrics:readPOST /metrics/refreshmetrics:write
Endpoint Required Scope GET /eval-runsevals:readGET /eval-runs/*evals:readPOST /eval-runsevals:writePATCH /eval-runs/*evals:writeDELETE /eval-runsevals:delete
Endpoint Required Scope GET /tracestraces:readGET /traces/*traces:readGET /trace_session_statstraces:read
Endpoint Required Scope GET /schedulesschedules:readGET /schedules/*schedules:readGET /schedules/*/runsschedules:readGET /schedules/*/runs/*schedules:readPOST /schedulesschedules:writePATCH /schedules/*schedules:writePOST /schedules/*/enableschedules:writePOST /schedules/*/disableschedules:writePOST /schedules/*/triggerschedules:writeDELETE /schedules/*schedules:delete
Endpoint Required Scope GET /approvalsapprovals:readGET /approvals/countapprovals:readGET /approvals/*approvals:readGET /approvals/*/statusapprovals:readPOST /approvals/*/resolveapprovals:writeDELETE /approvals/*approvals:delete
Custom Scope Mappings Customize or extend the default scope mappings using the JWT middleware:
from agno.os import AgentOS from agno.os.middleware import JWTMiddleware agent_os = AgentOS( id = "my-agent-os" , agents = [my_agent], ) app = agent_os.get_app() app.add_middleware( JWTMiddleware, verification_keys = [ "your-jwt-key" ], algorithm = "RS256" , authorization = True , scope_mappings = { "GET /agents" : [ "custom:read" ], "POST /custom/endpoint" : [ "custom:write" ], "GET /public/stats" : [], # No scopes required } )
Custom scope mappings are additive to the defaults. To override a default, specify the same route pattern with your custom scopes.
JWT Token Structure Your JWT tokens should include:
{ "sub" : "user-123" , "scopes" : [ "agents:read" , "agents:my-agent:run" ], "exp" : 1735689600 , "iat" : 1735603200 }
Claim Required Description scopesYes Array of permission scopes subNo User ID (extracted as user_id) session_idNo Session ID for session tracking audNo Audience (must match AgentOS id when verify_audience=True)
Example Tokens Read-only access: { "scopes" : [ "agents:read" , "teams:read" , "sessions:read" ] }
Run a specific agent: { "scopes" : [ "agents:my-agent:run" , "agents:my-agent:read" , "sessions:write" ] }
Admin access: { "scopes" : [ "agent_os:admin" ] }
Configuration Options Configure JWT verification using AuthorizationConfig:
from agno.os import AgentOS from agno.os.config import AuthorizationConfig agent_os = AgentOS( id = "my-agent-os" , agents = [agent], authorization = True , authorization_config = AuthorizationConfig( verification_keys = [ "your-jwt-verification-key" ], algorithm = "RS256" , ), )
You can also use a JWKS file:
authorization_config = AuthorizationConfig( jwks_file = "/path/to/jwks.json" , algorithm = "RS256" , )
Or set environment variables:
export JWT_VERIFICATION_KEY = "your-public-key" # or export JWT_JWKS_FILE = "/path/to/jwks.json"
Per-User Data Isolation RBAC controls which operations a caller can perform. Per-user data isolation controls which rows a caller can see and write. Opt in with user_isolation=True:
from agno.os import AgentOS from agno.os.config import AuthorizationConfig agent_os = AgentOS( id = "my-agent-os" , agents = [agent], authorization = True , authorization_config = AuthorizationConfig( verification_keys = [ "your-jwt-verification-key" ], algorithm = "RS256" , user_isolation = True , ), )
When enabled, AgentOS uses the JWT sub claim as the user_id for every non-admin caller:
Operation Behavior with user_isolation=True Reads (sessions, memory, traces) Scoped to the caller’s user_id. Other users’ rows are not returned. Writes (sessions, memories, traces) user_id is coerced to the caller’s sub. A caller cannot persist rows attributed to another user.Cancel / resume / continue routes Require session_id and verify the caller owns the run. WebSocket reconnect Requires session_id (and workflow_id) for non-admins.
A caller holding admin_scope (default agent_os:admin) bypasses isolation and sees all data. Set a custom override with admin_scope="ops:admin".
Isolation is off by default. JWT/RBAC still apply when user_isolation=False, but routes operate on the unscoped database and add no per-user ownership gates on top of RBAC. Per-user isolation requires a database that records user_id (PostgreSQL recommended for production).
Excluded Routes These routes are excluded from RBAC checks by default:
/, /health, /docs, /redoc, /openapi.json, /docs/oauth2-redirectError Responses Status Code Description 401 UnauthorizedMissing or invalid JWT token 403 ForbiddenInsufficient scopes for the requested operation
Examples
Basic RBAC Basic RBAC example
Per-Agent Permissions Grant specific permissions to specific agents
Per-User Data Isolation Scope sessions, memory, and traces per user with user_isolation=True
Developer Resources
AuthorizationConfig Reference Configuration options for JWT verification
JWTMiddleware Reference Complete JWT middleware class reference
