Spawnly

A reference architecture for AI agent identity — every agent a first-class workload with cryptographic identity, scoped tokens, and revocable, delegated authority.

See it in action Start with the anatomy View on GitHub

The problem

AI agents increasingly spawn other agents and call protected services on a user’s behalf. A static API key can’t express which agent is acting, for whom, or with what authority — and it doesn’t attenuate as work is handed down a delegation chain. Spawnly is a working answer: every agent is a first-class workload with a cryptographic identity, and authority flows — and is revoked — along the chain.

It’s a proof-of-concept platform, built to make these ideas concrete and runnable, not a product. Agents can be short-lived (do one job and exit) or long-lived (serve until deleted, including chat).

Relationship-based authorisation

SpiceDB relations written at registration and checked by protected APIs; tenanted and global agents on one code path.

Full lifecycle observability

Every component emits structured events into an append-only, per-agent timeline.

Run it yourself

Everything runs locally on a Kind cluster — no cloud account required.

Fastest — Claude Code plugin

/spawnly:up    # bring the platform up on a local Kind cluster
/spawnly:demo  # guided tour: spawn, chains, consent, revocation

Install it from PLUGIN.md.

Manual

make bootstrap

Same result, straight from the repository Makefile.

Go deeper

Build an agent

A from-scratch path: the platform contract, then three worked agents.

Reference

Templates and policy, field by field, plus the chat contract.

Under the hood

How the platform works beneath the SDK, traced end to end.

Spawnly

The problem

What it demonstrates

Per-pod workload identity → scoped tokens

Human-in-the-loop spawn consent

Delegated, attenuated authority

Real-time revocation cascade