Zero standing secrets

Every automation that holds a long-lived credential is a liability. The credential can be leaked, rotated incorrectly, or outlive the context it was created for. For autonomous agents with access to repositories, cloud APIs, and deployment systems, the stakes are high enough that we decided long-lived secrets could not exist in the system at all.

Workers now start with a single bootstrap token. Its only capability is to request credentials from the orchestrator — nothing else. When a task begins, the worker presents its bootstrap token and receives a scoped, short-lived credential with exactly the access the task requires and nothing more. When the task ends, the credential expires. There is nothing to rotate, nothing to leak, and no standing access that survives the task boundary.

The orchestrator is the trust anchor. It validates the worker's identity, checks the task's permission scope against the project's config, and mints the credential. If a worker is compromised mid-task, the blast radius is bounded to the task's declared scope and its remaining lifetime.

This model also simplifies auditing. Every credential issuance is logged with the task ID, the requesting worker, the granted scope, and the expiry. Compliance questions about what had access to what, and when, have precise answers.