Skip to main content

Agents

AI agents on the same trust rails as people.

Raytio Agents provides identity, credentials and accountability for AI workers. An agent gets a registered identity, a role with defined permissions, credentials that are shared to it encrypted and expire on schedule, guardrails on what it may do, and a complete record of what it did and what it cost. The same infrastructure Raytio provides for people - because trust doesn't have two standards.

Business problems solved

Agents need secrets, and today they get them unsafely

The usual patterns put secrets at risk.

  • API keys pasted into prompts.
  • Tokens in plain-text config files.
  • Credentials that never expire and are never revoked.
Agents act without accountability

Work happens, but there is no record of which agent did what, under whose authority, at what cost.

Agent spend is invisible

Token costs accumulate across models and providers with no per-worker, per-role or per-task attribution.

Agent quality is unmeasured

Without evaluation, you cannot tell a reliable worker from an unreliable one - or notice when one degrades.

How it works - agent credentials

  1. Your agent requests a credential - an API key, an OAuth token, a password, a certificate - from a named person, with a stated purpose.
  2. That person approves, and shares the secret through the same end-to-end encrypted channel Raytio uses for human data sharing.
  3. The agent retrieves the encrypted payload and decrypts it locally. The plaintext never transits or is stored on Raytio's servers.
  4. The credential expires on the schedule you set, and can be revoked at any time. Every request, share and retrieval is recorded.

Features

Worker identity

Every agent is registered - human, AI or service - with a role that determines what it can see and do.

Governed configuration

A worker's permitted resources are defined once and resolved in a single call.

  • Which models it may use, in preference order with fallbacks.
  • Which tools it may call.
  • Which knowledge it may read.
Guardrails

Rule-based or model-graded checks that warn or block. Guardrails are scoped to a role and recorded per run.

Evaluations

Score agent output against defined criteria and track quality by worker, role and model over time.

Run records and cost

Every run is traced, including status, steps, artifacts, tokens and cost in dollars. Costs aggregate by worker, role, provider and model.

Knowledge and memory

Give workers indexed knowledge sources and long-term role memory, retrieved by semantic search.

Studio

A dashboard of agent runs, success rates and spend.

Benefits to the business

Stop leaking secrets to agents

Credentials are encrypted end to end, time-boxed and revocable - never sitting forgotten in a config file.

Know what your agents did

A complete, queryable record of every run.

Know what your agents cost

Spend attributed to the worker, role and task that incurred it.

Improve what you measure

Evaluations catch degradation before your customers do.

Benefits to the agent builder

One call to configure

A worker's models, tools, knowledge and memory resolve in a single request.

MCP native

The whole platform is exposed as Model Context Protocol tools - agents built on Claude, or any MCP-capable framework, connect directly.

Real business surfaces

Agents operate the same project, sales and party systems humans do, under the same authorisation.

The credential lifecycle, as your agent sees it

The platform is MCP-native: these are the actual tool calls. The retrieved value is ciphertext - the agent decrypts it locally with its own key material.

// 1. Ask a named human for a secret, with a stated purpose
wrm_credential_request_create({
worker_id: "wkr_01…",
credential_name: "github-deploy-token",
credential_type: "API_KEY",
purpose: "Push release tags to the deploy repository",
request_from_user_id: "usr_cameron",
ttl_seconds: 3600,
});

// 2. Poll until the human approves
wrm_credential_request_status({ request_id });
// → { status: "SHARED" }

// 3. Retrieve ciphertext; decrypt locally. Plaintext never
// transits or persists server-side.
wrm_credential_retrieve({ credential_id });
// → { encrypted_value: "…", expires_at: "2026-07-05T11:00:00Z" }

// 4. Revocable at any time, by the human or the org
wrm_credential_revoke({ credential_id });

One call to configure a worker

A worker's whole runtime stack resolves in a single request. That covers model preferences with fallbacks, permitted MCP servers and tools, role memories, and the sandbox:

wrm_worker_resolve_config({ worker_id: "wkr_01…" });
// → {
// definition: { role: "BACKEND", system_prompt: "…" },
// models: [ { model: "claude-sonnet-5", priority: 1 },
// { model: "claude-haiku-4-5", priority: 2 } ],
// mcp_servers: [ { server: "raytio", tools: ["ppm_*", "sfa_*"] } ],
// memories: [ …semantically matched to the task… ],
// sandbox: { provider: "…", resource_limits: { … } }
// }

Run telemetry

Run states

The run states are RUNNING, SUCCESS, FAILED, TIMEOUT, BUDGET_EXCEEDED and INVALID_OUTPUT. Every run ends in an explicit state.

Traced steps

Every stage of a run is traced, with artifacts attached.

  • Configuration resolution.
  • Workspace creation.
  • Dispatch.
  • Merge-request creation.
  • Evaluation and guardrail checks.
  • Cleanup.
Cost attribution

Token counts and dollar cost per run, aggregated by worker, role, provider, model or backend.

Quality

Guardrail results (warn or block) and eval scores (0-1, with reasoning) recorded against every run.

Where this is heading

The Raytio Concierge - an agent that works solely for you, watching the market against your own verified data and optimising in your interests, never the interests of companies trying to sell you products. The trust infrastructure and the marketplace are the foundation; the Concierge is why we laid it.

Agents in depth

Worker management

Define, run, and govern AI and human workers with full cost and quality visibility.

Explore →

Where Agents is used

Agent credentialling

Give AI agents credentials you can time-box and revoke.

Read more →

Secret management for AI

Stop pasting API keys into prompts.

Read more →

Verified customers, protected data, and agents you can hold to account.