Nexus
GitHub ↗

Nexus

Nexus is a zero-trust agent auth framework for managing agent identity, scope enforcement at credential layer, and auth orchestration across multiple providers. Developers focus on shipping agent code fully protected.
Scroll to explore

Agent Identity · Credentials · Auth Orchestration

Why your AI agents need Nexus.

Auth Topology · Live

AGENTreport-agentttl: 30mAGENTresearch-agentobo: analyst@acmeAGENTpipeline-agentscope: 2 customNEXUSIdentityHubzero-trust● 3 agents activePROVIDERgoogledrive.readonlyPROVIDERgithubrepos.readPROVIDERacme.apicustom scope
3
agents
3
providers
0
plaintext
Agent Identity and Delegation
CAPABILITY .01

Agent Identity and Delegation

Every agent has a registered identity with a defined scope boundary. On Behalf Of lets human-triggered agents carry the user's delegated permission — time-bound, auditable, with no raw credentials shared.

Learn more →
Scope Enforcement at the Credential Layer
CAPABILITY .02

Scope Enforcement at the Credential Layer

Register an agent with exactly the scopes it needs. Nexus enforces this at session request time — the agent can never exceed its registered boundary, whether those are provider OAuth scopes or your organization's own permission names.

Learn more →
One Interface for Every Provider
CAPABILITY .03

One Interface for Every Provider

Without Nexus, every new provider means another OAuth implementation, another refresh loop, another credential store. Register providers once. Every agent uses the same call regardless of what's behind it.

Learn more →

Auth Orchestration

Stop writing auth layers.
Start shipping agent code.

Every new provider used to mean another OAuth implementation, another refresh loop, another credential store. Nexus eliminates that wall entirely.

We had 14 separate OAuth integrations before Nexus. Now agents request a session and we never think about token refresh again.

Platform Engineer
Multi-provider SaaS

The OBO delegation alone saved us three sprints. Agents carry the user's permission without us building a custom delegation layer.

Backend Lead
Enterprise workflow automation

We stopped worrying about credential rotation the day we moved to Nexus. One provider registration, every agent gets scoped tokens.

DevOps Engineer
Agent infrastructure team

You define your agents' access.
Nexus authenticates, delegates, and enforces it.

On Behalf Of

Agents act on behalf of the user, not as themselves. Nexus validates the delegation and stamps every session with their identity.

  • User permission validated by your backend, never decoded by the agent
  • Session stamped with acting_for, tenant_id, and clearance_level
  • Agent cannot glide or flare unless a permitted user authorizes it
Read the guide →
Custom Scopes
Provider Scopes
Provider Registration
on_behalf_of.py
from nexus import NexusClient
nexus = NexusClient(gateway_url="https://nexus-gateway.acme.com")
obo = nexus.request_obo_session(
agent_id="ops-agent",
provider="internal-ops",
scopes=["acme:gliding"],
user_context_token=request.headers["X-User-Token"],
)
print(obo.acting_for)
print(obo.tenant_id)
print(obo.clearance_level)
result = internal_ops.glide(
customer_ids=payload["ids"],
tenant_id=obo.tenant_id,
)
nexus.close_agent_session(obo.session_id)

Quick Start

Up in minutes.

Install the package, register an agent identity, delegate a scoped token, and define your first custom scope. The entire auth surface for your agent is handled from one client.

Getting started guide →API reference →View on GitHub ↗
from nexus import NexusClient
import httpx
nexus = NexusClient(gateway_url="https://nexus-gateway.acme.com")
session = nexus.request_agent_session(
agent_id="crm-agent",
provider="salesforce",
scopes=["crm:contacts:read"],
)
response = httpx.get(
"https://api.salesforce.com/v1/contacts",
headers={"Authorization": f"Bearer {session.access_token}"},
)
nexus.close_agent_session(session.session_id)
Go

Nexus is powered by Go — one runtime for agent identity, auth orchestration, and every provider your agents will ever touch.

View on GitHub
Get packages:GoTypeScriptPython
OSS UPDATES

OSS
updates

Keep up to date with the latest releases, features, and community updates in the Nexus ecosystem.

View all updates

Loading updates…

Start using Nexus today.

Read the docsGitHub