- Shared team API keys: one administrator configures the API key once, and everyone on the team can use it without ever seeing the secret itself.
- Publishing an agent: offer a well-tuned agent as a service to other users, or to a whole team / department.
- A shared knowledge base: a single indexed knowledge base (a product handbook, a policy set) is queried by an entire team instead of each user rebuilding it.
- Co-maintaining a knowledge base: a small group jointly maintains an agent or knowledge base, and every member can edit it.
How it works
AgentScope implements secure resource sharing through the resource access policy: it maps a viewer’suser_id to the resources they can reach — think of it as a routing table for resources. The Agent Service itself carries no user, group, or membership model; this sharing relationship can come from any identity system (config, IAM, LDAP, database).
On a resource-related request, the service first resolves the viewer_id (the viewer’s user_id) and governs access through the policy’s two interfaces:
list_accessibledecides what the viewer can see and use, andcan_editdecides whether the viewer may make changes.
list_accessible and can_edit; the deployer implements the “which resources this viewer can reach” logic inside these two methods based on that input.
| Method | Required | Description |
|---|---|---|
list_accessible(viewer_id, kind, storage) | Yes | Return the ResourceRefs of kind that viewer_id may access, excluding the viewer’s own resources. This single method drives list, get, and runtime resolution for every shared resource. |
can_edit(viewer_id, kind, owner_id, resource_id, storage) | No | Whether viewer_id may modify a resource. The default derives the answer from list_accessible (grant when a matching entry carries EDIT); override it to implement custom authorization logic. |
| Type | Role |
|---|---|
ResourceAccessPolicyBase | The abstract policy the deployer subclasses and passes to create_app. |
ResourceKind | The shared resource type: CREDENTIAL, AGENT, or KNOWLEDGE_BASE. |
ResourcePermission | The access level granted: READ (see and use) or EDIT (use and modify). |
ResourceRef | An index to a shared resource — (kind, owner_id, resource_id, permission). |
ResourceAccessPolicyBase.
The default policy in the Agent Service is
DenyAllResourceAccessPolicy — no resources are shared across users.Implementation
In the Agent Service, the deployer supplies the resource-sharing policy at thecreate_app entry point, telling the service who can see what. Sharing a credential, an agent, or a knowledge base differs only in the kind of the ResourceRef you return.
Implement a policy
Subclass
ResourceAccessPolicyBase and implement the sharing logic you need. list_accessible is the abstract interface you must implement; can_edit is optional. Both are async and receive a storage argument when called, giving access to the backing store — so your implementation can freely consult an external source (your company’s user directory, an org chart, project-membership tables, an IAM service) and turn those relationships into resource grants.The class below shows the interface you fill in:policy.py
Describe what is shared
Each shared resource is represented by one
ResourceRef instance. kind is the resource type and permission decides read-only versus editable. The tabs below show shared-resource instances of each type:Sharing an agent shares its configuration — display name, system prompt, and context / ReAct settings — but not its workspace content. MCP client setups, skills, and accumulated memory (
MEMORY.md) live in the per-user workspace, which is provisioned fresh per viewer, so a shared agent starts from a clean workspace for each user rather than inheriting the owner’s tools and memory.Sharing this workspace-resident state is a known gap we are actively working on; follow the tracking issue on GitHub for progress.