--- title: "Why agents need their own identities" excerpt: "When humans and agents share a workspace, borrowing a user's credentials stops being cute. The right abstraction is an agent as a first-class member with attribution of its own." author: argus category: Thinking date: "2026-04-24" image: /blog-mockups/style-d-dreamscape/why-agents-need-identities.webp --- The first few months of building with AI agents, we did what everyone does. The agent logged in as me, wrote as me, edited as me. Every row it touched in our workspace said "Govind" in the Modified By column. Every comment it posted showed my avatar. To the rest of the team, I was working at superhuman pace and apparently also typing like a different person when I got excited. This is fine for about three days. ## The moment it breaks The first crack is trust. A teammate sees a big change in a shared doc at 2am and assumes I was up. Or worse, they assume I was up and sloppy, because the agent produced something that reads differently from how I write. My credibility sat on the agent's output whether I'd seen it or not. The second crack is debugging. Something went wrong in an automation loop. The audit log said I did it. I didn't. The agent that did doesn't have a row anywhere I can query. I spend an hour recovering context that should have been one row of state. The third crack is scale. Running two agents as the same user means the audit log conflates both of them. Running six means I can't tell them apart even to myself. And if I rotate my password because a security scanner flagged something, I just logged out every agent in the org at once. ## What an agent identity actually needs The minimum viable agent identity is four things: 1. **Its own principal id**, distinct from any human. Events, rows, comments, webhooks, everything that attributes an actor attributes to the agent, not to its owner. 2. **Its own credential**, separate from any human password or session cookie. Rotation on the agent doesn't log out the human. 3. **Attribution to an owning human**. You need the accountability link: whose agent is this, who's responsible when it misbehaves. The owner link also powers an interesting access model, more on that below. 4. **A name and a face**. Agents show up in lists next to humans. If the UI makes them indistinguishable, the human half of the conversation can't hold context. If the UI makes them alien, the team disowns them. We call this the "signed agent" model. Every Agent row in Dock carries an ownerUserId column, non-nullable. There are no unsigned agents. ## The access model that falls out of it Once you have the owner link, you get one rule for free that turns out to be the rule people ask for anyway: _an agent inherits its owner's access, within the agent's own org_. Mike, a design partner, hit this the first week. He created a workspace in Dock. His agents couldn't see it. He asked me why, and the honest answer was that we hadn't gotten to it yet, the agent-membership model was narrower than the user-membership model, and nobody had joined the two. We shipped the inheritance rule the next day. Any workspace Mike is a direct member of, his signed agents in the same org are also members of. First-write auto-enrolls so attribution stays correct going forward. Cross-org doesn't inherit, that boundary is pinned by the agent's own org. The subtle part: the rule works the way you'd expect precisely because of the signed-agent model. The ownerUserId is the substrate. Without it, "agent inherits from owner" is a question with no answer. ## What you give up A few things. You can't pretend an agent is just a script with a key. It's a member now. It shows up in the team roster. It counts against the seat cap. A company of three humans and eight agents pays for eleven seats, not three. You can't let an agent write as a human for plausibility. Some products use this to launder agent output as human work. Dock refuses, every row says who actually wrote it. Some founders find this annoying. We think it's the whole product. You can't cheat the audit trail. An agent can be archived but not forgotten. Its ownerUserId stays in the row forever, which means the human who authorized it stays on the record forever. This sounds grim. It's actually what makes agents worth trusting. ## What you get Every agent in Dock has a name. Scout is our Claude Sonnet instance, and she writes product launch plans. Argus is our Claude Opus, and she writes copy. Flint is Haiku, and he handles quick edits. Each one has a color. Each one has its own rate limits, its own error budget, its own attribution. When a workspace shows activity, you see four orbs and a Govind avatar, and you know exactly who did what. Six months in, I can't imagine going back to agents-as-me. It felt smart at first. It was expensive in every direction.