Use cases Scoped Tokens
Access control

Give every AI surface only the memory access it needs.

Tenure separates clients, agents, extraction, injection, and belief access. A trusted desktop client can manage memory directly. An automated agent can receive scoped context without becoming the memory administrator.

Why it matters

Most AI memory is all-or-nothing. Tenure is capability-scoped.

Your IDE, chat client, CI agent, background worker, and autonomous coding agent should not all have the same authority over shared memory. Some tools need to inspect and edit beliefs. Some only need context injected before a model call. Some should be allowed to extract candidate beliefs, but never manually mutate the belief store.

Without scoped tokens

Every connected tool becomes equally trusted.

Once a memory layer is wired into an AI client or agent, access is often broad. The agent can use memory, but the boundary between using memory and administering memory is blurry.

With Tenure

Each AI surface gets only the capabilities it needs.

Generate separate tokens for clients and agents. Limit what they can read, write, extract, inject, and which projects they can touch. Revoke or expire access when the tool changes.

Client tokens vs agent tokens

Let agents use memory without giving them database access.

Tenure makes the authority boundary visible. User-facing clients can be trusted with full belief management. Automated agents can be limited to chat, extraction, and injection.

Client token

For trusted user-facing tools like VS Code, Open WebUI, CLI tools, or an admin client.

  • chatUse chat completions and model endpoints
  • beliefs:readList, search, and inspect beliefs
  • beliefs:writeCreate, update, and delete beliefs via API
  • extractAuto-extract beliefs from chat turns
  • injectInject scoped beliefs into model context
Agent token

For automated tools, background agents, CI agents, and agent frameworks.

  • chatUse chat completions and model endpoints
  • extractSubmit turns for memory extraction
  • injectReceive scoped memory in context
  • beliefs:readNo direct belief inspection by default
  • beliefs:writeNo direct belief mutation by default
How it works

Capability, project, and expiry controls sit before the model call.

Tenure runs in the request path. Before context reaches the model, the token determines which capabilities are available, which project scopes are eligible, and whether the request is allowed to use or create memory.

01

Issue a token

Create a client or agent token for a specific tool. Name it, choose its capabilities, restrict it to projects, and set an expiry date when needed.

02

Resolve access

Each request is checked against the token: chat access, extraction permission, injection permission, direct belief read/write access, and project scope.

03

Write the audit log

When memory is injected, Tenure records which beliefs were supplied, where they were used, and why they were eligible for that turn.

Injection audit

When memory affects a response, you can see exactly what was injected.

If an AI answer looks wrong, you should not have to guess whether memory influenced it. Tenure records the scoped belief set supplied to each request, so memory use is inspectable instead of reconstructed after the fact.

Injection audit request_7f3a · project:api-service
decision
Use raw MongoDB driver, not Mongoose. Injected because the request touched project:api-service and database access.
injected
preference
Prefer explicit error returns for expected failures. Injected because the request included service-layer error handling.
injected
decision
Client A uses Redis for queues. Excluded because it belongs to project:client-a, not project:api-service.
excluded
What this enables

Move from personal memory to governed AI infrastructure.

Scoped tokens are the practical boundary between “my AI remembers things” and “our AI systems can safely use shared context.” They let teams adopt memory without handing every agent the keys to the belief store.

Give agents context, not admin rights

An agent can receive relevant memory in its prompt without being allowed to list, edit, or delete beliefs directly.

Separate clients from background jobs

Your desktop client can manage memory. A background agent can be limited to extraction and injection.

Restrict memory by project

Tokens can be limited to specific project scopes so customer, repo, and initiative context stays isolated.

Expire and revoke access

Short-lived tokens make it easier to rotate tools, decommission agents, and remove stale access.

Debug memory influence

Per-turn audit logs show whether a belief influenced the request, instead of relying on guesswork after the model responds.

Prepare for team governance

The same primitives become the foundation for role-based issuance, policy templates, SSO, SCIM, and audit/replay.

Community and teams

Local controls today. Team governance when you need it.

Scoped client and agent tokens, project restrictions, token expiry, and per-turn injection logs are useful even for one developer running multiple AI tools. Team and Enterprise plans add shared administration, identity-backed controls, policy workflows, and audit/replay across people and agents.

Community

Local token control

  • Client and agent tokens
  • Capability selection
  • Project scope restrictions
  • Token expiry and revocation
  • Per-turn injection logs
Team / Enterprise

Governed token administration

  • Shared workspaces
  • Role-based token issuance
  • OIDC and SCIM controls
  • Policy-backed agent tokens
  • Audit and replay workflows
Get started

Put a governed memory boundary in front of every AI surface.

Start locally with scoped tokens and injection logs. Move to team governance when you need shared administration, identity controls, and policy-backed agent access.