user_isolation=True:
sub claim as the user_id for every non-admin caller:
A caller holding
admin_scope (default agent_os:admin) bypasses isolation and sees all data. Set a custom override with admin_scope="ops:admin".
Isolation is off by default. JWT and scope checks still apply when
user_isolation=False, but routes operate on the unscoped database and add no per-user ownership gates on top of authorization. Per-user isolation requires a database that records user_id (PostgreSQL recommended for production).Service Accounts
Service account principals (sa:<name>) are always scoped to themselves, regardless of the user_isolation flag. The scoping decision runs in this order:
- A caller holding the admin scope is never scoped. This is checked first, so an admin service account reads across users.
- A service account is scoped to its own
sa:<name>principal, even whenuser_isolation=False. - JWT callers are scoped to their
subonly whenuser_isolation=True.