How does Cori handle live updates to authorization policies without risking inconsistent permissions for long-running agents?
What is the recommended strategy for revoking or rotating Biscuit tokens issued to autonomous agents that may run for hours or days?
How extensible is Cori’s tool generation model when you need domain-specific operations or workflows that go beyond simple CRUD actions?
For policy updates, the biscuit token store reference to the role and optionally a tenant. This means that any extensions or restrictions you make to the policy will be applied directly
For token invalidation, you can either invalidate any token generated after a certain period or manage a blacklist for individual tokens (this is not yet implemented). Regarding rotation, we are currently exploring the use of standard MCP OAuth to deliver biscuit tokens per session. This process is ongoing and will be compatible only with HTTP deployments of Cori.
Concerning extensibility, the current policy format aims to cover 80% of standard use cases. For custom workflows, we are developing a dedicated component that will allow the orchestration of multiple services, whether APIs or MCP servers
I like the "last mile at the data layer" approach vs building agent-specific APIs. How do you think about invariants that span multiple writes or tables? For example, rules that only make sense across a sequence of operations, not a single CRUD action.
Do you see those living purely in the orchestration layer, or something Cori might eventually support more natively?
bringitup•1w ago
Cori solves this by placing enforcement at the very last mile: the data layer.
It acts as a secure MCP kernel that turns database schemas into typed tools governed by simple YAML policies. This allows you to safely enable controlled writes and build thousands of capable agents without maintaining endless API boilerplate or risking your data.
Who we are: We are two engineers who have spent years navigating the rigid security constraints of large enterprises. We built Cori to bridge the gap between strict compliance and actually leveraging the full power of autonomous agents.