> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Zero Trust

> How Oculus applies zero-trust principles to AI agent access control — every request is verified, nothing is trusted by default.

Oculus is built on a zero-trust model. No agent, user, or service is trusted by default — every request must be authenticated and authorized regardless of where it originates.

## Core principles

**Verify every request.** Every token issuance and API call is authenticated. There is no concept of a "trusted internal network" in production. The dev auth bypass (`DEV_TENANT_ID`) is explicitly restricted to `127.0.0.1`, `::1`, and the Docker bridge subnet (`172.17.0.0/16`) — it cannot be reached from cloud infrastructure.

**Deny by default.** Policies are deny-by-default. An agent with no policy assigned cannot issue tokens. A policy must explicitly `allow` an action for it to succeed — there is no implicit allow.

**Least privilege.** Tokens are scoped to specific actions and resources. The scope is validated against the policy at issuance time. High-risk scopes (`*:write`, `*:delete`, `*:admin`) receive shorter token lifetimes automatically.

**Tenant isolation.** All data is isolated at the database layer using PostgreSQL Row-Level Security. Every query is automatically scoped to the current tenant — a misconfigured application query cannot leak cross-tenant data.

## Token revocation propagation

When a token is revoked, the revocation is written to the database immediately. The revocation propagates to the in-memory cache within **15 seconds** (one Redis TTL cycle). During this window, a revoked token may still pass validation at services that cache the token status locally. Design your systems to tolerate this propagation window or use synchronous revocation checks for high-sensitivity operations.

## What zero trust does not cover

Zero trust is a posture, not a guarantee. Oculus enforces authentication and authorization at the API boundary. It does not:

* Inspect the content of agent requests (only the action and scope)
* Prevent a compromised agent from using its legitimately issued token
* Replace network security controls (firewalls, VPCs, mTLS between services)

Use Oculus as one layer in a defence-in-depth strategy.
