LoginSign Up
← Back to DevOps
Weekly · DevOps · Week of May 25, 2026

Agent identity hit GA across the stack — Auth0, Vault, and Speakeasy shipped MCP plumbing; Vercel hosted Claude agents.

agent-identitymcp-platformagent-runtimebaas-sprintsupply-chain-securityenterprise-rbac
Y
By Yahya Tür
LinkedIn ↗
Generated 1h agoDrawn from 12 products

The week in development

The single directional move this week was agent identity moving from sketch to product. Auth0 made Auth for MCP generally available, packaging CIMD client registration, On-Behalf-Of token exchange, and OAuth resource-parameter compatibility into a single SKU. HashiCorp announced native AI-agent support in Vault — trusted identities for non-human actors, delegated authorization, and end-to-end tracing of what an agent did with whose credentials. Speakeasy's Gram shipped issuer-gated remote MCP with per-server OAuth and a mid-task re-auth relay. The auth layer that teams have been hand-rolling for agents since MCP arrived is now three vendors deep, and the pattern is consistent: each MCP server becomes its own OAuth issuer, agents broker re-auth without losing run state, and credentials are scoped per agent per tool call.

The parallel arc was the agent runtime itself. Vercel turned Sandbox into a hosted execution target for Claude Managed Agents, moving Sandbox from demo surface to production deployment target. Workato pushed its Genies out of DMs and into Slack channels with thread context and in-channel authenticated actions. Tigris kept hammering on agent-native storage primitives — agent-shell, Agent Kit, and S2-Lite durable streams — recasting the S3-compatible object store as session state for agents. The identity and runtime stories rhyme: in both, the work is no longer about whether agents can act, but how to make them act with accountability and a place to keep their state.

Leaders

  • Auth0 — Auth for MCP went GA, bundling CIMD client registration, OBO token exchange, and OAuth resource-parameter compatibility. The control plane that used to be hand-rolled for AI agents is now a product, and the supporting work (session-bound refresh tokens in beta, step-up auth on the Account API) extends the same direction.
  • HashiCorp — Vault got first-party AI-agent identity: trusted identities, delegated authorization, and end-to-end tracing — reframing Vault from secrets store to control plane for non-human actors. Terraform Enterprise 2.0 landed the same week as the franchise's first major refresh under IBM.
  • Speakeasy — Gram shipped eight numbered releases in seven days, with issuer-gated remote MCP and OAuth-for-assistant-tools as the directional release. Each MCP server is now a first-class OAuth issuer; assistants can hand a user-facing re-auth link back through their output tools and resume the run when the user signs in.
  • Vercel — Vercel Sandbox is now a hosted runtime for Claude Managed Agents, moving from code-execution toy to production deployment target. Flat Rate CDN entered Limited Beta for Pro teams — the first real test of predictable pricing without forcing customers onto Enterprise.
  • GitHub — Staged publishing for npm hit GA, paired with new install-time gates (--allow-file, --allow-remote, --allow-directory). The npm release flow is now a two-phase process with explicit consumption boundaries — the clearest move yet toward treating npm as a security-first registry rather than a passive package host.
  • Appwrite — Database relationships graduated from beta with a 12-18x performance overhaul on reads, writes, and joins. The capability went from possible-but-rough to first-class in a release window that also brought Bun and Deno as Sites build runtimes, a Rust runtime for Functions, and a Codex plugin.

Wildcards

  • Stirling-PDF — Group signing arrived in alpha, both visual and certificate-based, alongside server-side file sharing. A single-user PDF utility just took its first step into multi-party signing workflows — open-source pressure on the lower end of the Adobe Acrobat market, shipped quietly through a self-hosted release.
  • Appsmith — v2.0 landed with bundled MongoDB 7 and a mandatory upgrade path through v1.99 first. No headline AI features, no builder-AI narrative — a deliberate platform-substrate move at a moment when every other low-code competitor is racing toward AI generation.

Themes that compounded

  • MCP is being absorbed into existing identity and integration stacks rather than living as a standalone protocol — Auth0, Speakeasy, Workato, Weaviate, and Vercel all point this way.
  • Agent runtimes are becoming a hostable product: Vercel Sandbox running Claude agents, Tigris agent-shell, Workato Genies in Slack channels.
  • The BaaS and developer-platform tier is in a feature-gap-closing sprint — Appwrite's relationships GA, multi-runtime expansion, and Codex plugin all in one window.
  • Supply-chain and policy plumbing are moving up the stack: GitHub's staged npm publishing GA, Speakeasy's collections RBAC and typed webhooks, Workato's RBAC 2.0 and on-prem agent updates.
  • Kubernetes 1.36 formalized gang scheduling with PodGroup, making AI/ML batch workloads a first-class control-plane citizen rather than an out-of-tree concern.

Watch this week

The next shoe to drop is whether agent-identity primitives start interlocking across vendors. Auth0's CIMD registration, Speakeasy's per-server OAuth issuers, and Vault's agent identities are nominally compatible — the question is which agent framework or IDE assistant wires them together first. Watch for Speakeasy's Risk Overview and Risk Policies graduating from beta, Auth0's online refresh tokens moving toward GA, and Workato's Genie channel surface extending beyond Slack to Microsoft Teams given the Teams Conversations MCP server landed two weeks ago. On the runtime side, expect tighter integration between Vercel Sandbox, Tigris agent-shell, and the major coding-assistant CLIs — the substrate is in place, the question is who claims the default.