feat: New 'Authorization for Agents' section

[aaguiarz]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

Release Notes

• Documentation
  • Added comprehensive documentation on AI agent authorization modeling, including an overview page and detailed guide on task-based authorization patterns for agents.
  • New documentation section integrated into the main navigation menu for easy discovery.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7ba48610-ea76-4e86-906f-bb4c05494823

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Added two new documentation pages covering authorization patterns for AI agents using OpenFGA, including an overview page and detailed task-based authorization modeling guidance. Updated the documentation sidebar to include these new pages in the "Authorization for Agents" category.

Changes

Cohort / File(s)	Summary
Agent Authorization Documentation docs/content/modeling/agents/overview.mdx, docs/content/modeling/agents/task-based-authorization.mdx	New documentation pages introducing authorization patterns for agents, covering overview, task-based authorization modeling patterns, tool permissions, contextual tuples, authorization conditions, agent binding, and task delegation approaches.
Documentation Configuration docs/sidebars.js	Added new sidebar category "Authorization for Agents" under Modeling Guides with links to the new agent authorization documentation pages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• dyeam0
• rhamzeh

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: New 'Authorization for Agents' section' accurately describes the main change: adding a new documentation section about Authorization for Agents, including overview and task-based authorization pages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/agents

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-04-02 10:14 UTC

[Copilot]

Pull request overview

Adds a new documentation section focused on authorization patterns for AI agents, including an overview landing page and an initial “Task-Based Authorization” modeling guide.

Changes:

• Introduces a new “Authorization for Agents” category in the Modeling Guides sidebar.
• Adds an overview page for the new Agents documentation section.
• Adds a detailed “Task-Based Authorization” guide covering tool scoping, session/agent scoping, expiration, and binding patterns.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
docs/sidebars.js	Adds a new “Authorization for Agents” sidebar category and links to the new docs.
docs/content/modeling/agents/overview.mdx	New landing page for the Agents modeling section, linking to the first guide.
docs/content/modeling/agents/task-based-authorization.mdx	New in-depth guide describing modeling patterns and examples for task-based agent authorization.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

docs/content/modeling/agents/task-based-authorization.mdx (1)

266-277: Clarify the test example to match the model in this section.

The test on line 274 references tool_resource:slack_send_message/XGA14FG, but the model defined in this section (lines 236-250) only includes task, agent, and tool types—it doesn't define tool_resource. This mixing of concepts from the earlier "Tool authorization" section may confuse readers.

Consider either:

1. Changing line 274 to use tool:slack_send_message to match this section's model, or
2. Adding a note explaining that this example combines patterns from multiple sections

📝 Suggested clarification

Option 1: Update the test to match the current section's model:

     check: 
       - user: task:1
-        object: tool_resource:slack_send_message/XGA14FG
+        object: tool:slack_send_message
         assertions:
           can_call : true

Option 2: Add an explanatory comment above the test:

+<!-- This example combines the agent binding pattern with the tool_resource pattern from the earlier section -->
 ```yaml
 tests:
   - tuples:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/content/modeling/agents/task-based-authorization.mdx` around lines 266 -
277, The test uses tool_resource:slack_send_message/XGA14FG which doesn't exist
in this section's model (only task, agent, and tool types are defined); either
change the check to reference tool:slack_send_message so it matches the
task/agent/tool model (replace tool_resource:... with tool:slack_send_message),
or add a one-line note above the test explaining that this example intentionally
mixes the tool_resource pattern from the earlier "Tool authorization" section
with the current task/agent/tool model. Ensure references to task, agent,
tool_resource, and tool:slack_send_message in the file are consistent after the
change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/content/modeling/agents/task-based-authorization.mdx`:
- Around line 266-277: The test uses tool_resource:slack_send_message/XGA14FG
which doesn't exist in this section's model (only task, agent, and tool types
are defined); either change the check to reference tool:slack_send_message so it
matches the task/agent/tool model (replace tool_resource:... with
tool:slack_send_message), or add a one-line note above the test explaining that
this example intentionally mixes the tool_resource pattern from the earlier
"Tool authorization" section with the current task/agent/tool model. Ensure
references to task, agent, tool_resource, and tool:slack_send_message in the
file are consistent after the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf4952a4-800a-46e5-8b5b-9be1f8df8cc4

📥 Commits

Reviewing files that changed from the base of the PR and between 5455fe1 and c601121.

📒 Files selected for processing (3)

• docs/content/modeling/agents/overview.mdx
• docs/content/modeling/agents/task-based-authorization.mdx
• docs/sidebars.js