Security model: provider auth, connection auth, and scope control

Loadoutz separates provider credentials from agent connection credentials. Your agent connects to an owner route, while provider secrets stay in server-side workspace storage.

Auth layers

Control-plane account auth: sign in to manage workspaces, loadouts, and sessions.
Provider auth: per-provider OAuth / API key / PAT in workspace.
Connection auth: OAuth-first access on /mcp/u/:owner for the agent client.

What is stored where

Server-side

Provider credentials and connection session secrets (encrypted at rest using CREDENTIALS_KEY).

Client-side

Connection URL and client-managed OAuth token lifecycle for owner route access.

Never in setup

Provider secrets in URLs, snippets, or copied client config.

Connection safety controls

Owner route returns OAuth discovery challenge for unauthenticated clients.
Loadout changes are scoped and can require re-consent when permissions expand.
Session revoke marks connection revoked and attempts OAuth revocation endpoint call.
Legacy token reveal/rotation endpoints are removed from Connections V2.

Custom MCP import security gates

HTTPS only, public DNS host required.
Local/private hostnames and IP-literal endpoints are blocked.
Embedded URL credentials are rejected.
Custom OAuth import is blocked; use catalog OAuth install flow.
Endpoint must pass verification (initialize + tools/list) before installation.

Security rule: treat setup URLs as connection pointers, not bearer credentials. Keep provider secrets in workspace-managed auth only.

Need help next?

Quickstart Agent setup Troubleshooting Resources