Authorization patterns for agents and tool access.
Keycard released an execution-time identity layer for coding agents, issuing short-lived credentials tied to user, agent, runtime, and task. It targets the gap between noisy permission prompts and unsafe skip-permissions workflows.
Anthropic’s Claude Code docs say consumer OAuth tokens from Free, Pro, and Max cannot be used with the Agent SDK, and staff said clearer guidance is coming. If you automate local dev loops or parallel workers, use API keys until the allowed auth patterns are explicit.
