本文结构In This Post
一、委派授权模型I. Delegation Model
Agent 不应直接继承用户全部权限。推荐模型是“用户授权 + Agent 身份 + 策略约束”三件套:用户提供意图,Agent 绑定专属身份,策略引擎决定可执行动作。Agents should never inherit full user authority. A robust model combines user intent, dedicated agent identity, and policy constraints enforced by a decision engine.
二、权限边界设计II. Permission Boundary Design
边界至少应包括:可访问资源、可执行操作、频率上限、有效时间窗。对高风险动作,必须增加人工批准或双重确认。Boundaries should define resources, action types, rate limits, and time windows. High-risk actions require human approval or dual confirmation.
“读权限”与“写权限”应分别授权,避免一次授权覆盖所有后续任务。Read and write permissions should be granted separately to avoid broad authority from a single approval.
三、撤销与过期机制III. Revocation and Expiry
代行授权必须默认短时有效,并可实时吊销。用户撤销、风险升高、策略变更都应立即使 Token 失效,防止“幽灵授权”持续存在。Delegated grants must be short-lived and instantly revocable. User revocation, rising risk, or policy changes should invalidate tokens immediately.
四、责任链追溯IV. Accountability Chain
每次 Agent 操作都要记录“谁授权、授权给谁、执行了什么、结果如何”。这条因果链是合规、法务与事故复盘的共同基础。Every agent action must record who authorized, which agent executed, what was done, and what the outcome was. This causal chain underpins compliance, legal review, and incident response.