WorkOS vs Depot
Side-by-side trajectory, velocity, and editorial themes.
WorkOS keeps shipping fine-grained identity primitives — for both humans and agents.
The cadence is steady and surgical: small, well-scoped releases across auth (user-scoped API keys, change-email API), authorization (FGA custom roles scoped to resource types, Groups API), admin operability (IT contacts, dashboard metadata editing), and directory enrichment. The recent MCP Auth resource-indicator support and a Node SDK feature-flags runtime client show the platform leaning toward agent/AI use cases and into developer tooling.
WorkOS is widening the identity surface in two directions at once. For humans, it's filling in long-tail B2B IAM gaps — granular API key scoping, self-serve email change, group-level org memberships, custom roles per resource. For agents, it's quietly building MCP Auth as a first-class control point. The two threads will meet at the application authorization layer, where the same FGA model can decide what a user or an agent is allowed to do.
Expect more MCP Auth surface area (token binding, scoped scopes, audit) and continued FGA depth — likely policy-language ergonomics or relationship-based filtering. Feature flags will likely gain server-side targeting and richer SDK coverage beyond Node.
Depot is rounding out Depot CI into a credible GitHub Actions alternative, and just shipped nested virtualization.
Eight of the last ten changelog entries are Depot CI updates: a new workflow summary page, environment-aware secret and variable variants, CLI commands for metrics, JSON status output, live log streaming, workflow listing and inspection, run cancel/rerun/retry/dispatch, and a DEPOT_JOB_URL env var in every job. Registry got pull-through cache improvements with provider presets. The dominant theme is filling in the feature surface a serious CI platform needs.
Depot is methodically closing the gap between its CI product and the incumbents. The recent run reads like a checklist: workflow UX, secrets, metrics, log streaming, scriptable CLI surface — the table-stakes ergonomics teams expect before migrating off GitHub Actions or CircleCI. The May 20 nested virtualization release expands what kinds of workloads Depot CI can host at all, not just how nicely it hosts them, which is a different and more aggressive move.
Expect more workload-expansion moves following the nested virtualization release — likely Android-specific tooling, deeper matrix/sharding UX (the workflow page already groups matrix failures), and continued CLI parity work. The secrets-and-variables variant model looks set up to grow into broader policy-as-code for CI configuration.
See more alternatives to WorkOS →
See more alternatives to Depot →