credential custody is not action authorization
Agent security discussions often combine three separate decisions: where a secret lives, when an agent may access it and what the agent may do after authentication.
layer one: credential custody
Custody answers where passwords, tokens and keys are stored and who can decrypt them. Encryption, device keys and secret stores belong to this layer.
Decoy stores ciphertext and keeps user decryption keys off the server. This limits what a server breach can reveal, but it does not decide whether an agent's current request is appropriate.
layer two: access authorization
Access authorization answers whether this connected agent may retrieve this account or field now. Resource scope, field scope, duration, step-up approval and revocation belong here.
Decoy lets users approve specific accounts and information for a request or standing period. Every Decoy data access is recorded.
layer three: action authorization
Action authorization answers whether the authenticated agent may send the email, submit the purchase, delete the file or change security settings. This requires awareness of the downstream tool and action, not only the credential used to authenticate.
Once Decoy releases a password, the current credential layer cannot enforce a checkout limit or prevent an account-settings change. Those controls belong in the browser, agent runtime or service API.
audit the layer you actually control
A credential audit should say which connected agent accessed which user information and when. An action audit should record interpreted intent, the external operation, result and rollback path. Calling both records an audit log can hide important gaps.
Decoy records data access and Decoy API operations. Developers should pair it with runtime or browser traces for the complete workflow.
common questions
does a scoped password grant limit website actions?
No. It limits which password the agent can retrieve. The authenticated browser session may still be capable of broader actions.
what does Decoy revoke?
Revocation stops future Decoy access. It does not erase a reusable secret the agent already received or terminate a website session the agent already created.
what should developers add beyond Decoy?
Use browser or runtime controls for action policies, confirmation before high-risk writes and traces that capture the external result.
