Security & access control
Synamcps security is built around least privilege: a token can only intersect a user's existing ACL with its scopes (read-only, specific storages, specific tools). A leaked token can do no more than its owner — usually far less.
Tokens that narrow access, never expand it — plus enterprise identity and observability.
Permission-narrowing tokens
Issue short-lived tokens with toolAllowlist, storageIds, maxMode, and minute/hour/day + burst limits. Rotate or revoke via the Admin API when a workflow ends or a key is suspected leaked. Misbehaving agents get 429'd instead of hammering downstream systems.
Enterprise auth and audit signals
Authenticate with OIDC, Keycloak, Google, or Teleport Proxy JWT — plus internal login for the Admin UI. Prometheus /metrics and Redis TimeSeries usage accounting answer which agent read which storage, how often.