OAuth per tool

Gmail tool: read scope. Calendar tool: write scope. Not user's master account credential.

Advertisement

Consent screen

User approves each tool's scope. Recurring prompt for sensitive scopes. Similar to mobile app permissions.

Advertisement

Token vault

Short-lived tokens fetched at tool call time. Vault stores refresh tokens. Rotation automatic.

Attenuated forwarding

Agent's sub-tools receive further-restricted scopes. Never elevate.