Documentation Index
Fetch the complete documentation index at: https://docs.meshai.dev/llms.txt
Use this file to discover all available pages before exploring further.
ABAC lets you assign owners (users, teams, or service accounts) to agents with fine-grained permissions. This establishes clear accountability for every agent in your organization and controls who can perform actions on each agent.
Owner Types
| Type | Description | Example |
|---|
user | An individual user | alice@company.com |
team | A team or department | ml-platform-team |
service_account | A machine identity | ci-cd-pipeline |
Permissions
Each owner assignment includes a permissions object:
| Permission | Description | Default |
|---|
can_invoke | Can send requests through the proxy as this agent | true |
can_configure | Can update agent metadata, policies, and risk classification | false |
can_delete | Can delete the agent | false |
Assign an Owner
curl -X POST https://api.meshai.dev/agents/agt_abc123/owners \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"owner_type": "team",
"owner_id": "ml-platform-team",
"owner_name": "ML Platform Team",
"permissions": {
"can_invoke": true,
"can_configure": true,
"can_delete": false
}
}'
{
"success": true,
"data": {
"id": 1,
"agent_id": "agt_abc123",
"owner_type": "team",
"owner_id": "ml-platform-team",
"owner_name": "ML Platform Team",
"permissions": {
"can_invoke": true,
"can_configure": true,
"can_delete": false
},
"created_at": "2026-03-18T14:30:00Z"
}
}
List Agent Owners
curl https://api.meshai.dev/agents/agt_abc123/owners \
-H "Authorization: Bearer msh_YOUR_API_KEY"
{
"success": true,
"data": [
{
"id": 1,
"agent_id": "agt_abc123",
"owner_type": "team",
"owner_id": "ml-platform-team",
"owner_name": "ML Platform Team",
"permissions": { "can_invoke": true, "can_configure": true, "can_delete": false }
},
{
"id": 2,
"agent_id": "agt_abc123",
"owner_type": "user",
"owner_id": "alice@company.com",
"owner_name": "Alice Chen",
"permissions": { "can_invoke": true, "can_configure": false, "can_delete": false }
}
]
}
Remove an Owner
curl -X DELETE https://api.meshai.dev/agents/agt_abc123/owners/1 \
-H "Authorization: Bearer msh_YOUR_API_KEY"
List Agents by Owner
Find all agents owned by a specific user, team, or service account:
curl https://api.meshai.dev/owners/ml-platform-team/agents \
-H "Authorization: Bearer msh_YOUR_API_KEY"
{
"success": true,
"data": [
{
"agent_id": "agt_abc123",
"agent_name": "production-summarizer",
"permissions": { "can_invoke": true, "can_configure": true, "can_delete": false }
},
{
"agent_id": "agt_def456",
"agent_name": "support-bot",
"permissions": { "can_invoke": true, "can_configure": true, "can_delete": true }
}
]
}
Audit Trail
All ABAC actions emit audit events:
| Event Type | Description |
|---|
agent.owner_assigned | An owner was assigned to an agent |
agent.owner_removed | An owner was removed from an agent |
Use Cases
- Non-human identity management — Track the 144:1 ratio of NHIs to employees by assigning clear owners.
- Team accountability — Every agent has at least one owner responsible for its behavior.
- Least-privilege access — Grant
can_invoke to runtime service accounts, can_configure to team leads only.
- Compliance — EU AI Act Article 14 requires human oversight — ABAC documents who oversees each agent.
- Offboarding — When a team member leaves, find all agents they own and reassign them.
