Skip to main content
The gateway now ships in the praisonai-bot package. praisonai serve gateway still works exactly as documented here; for a standalone install see praisonai-bot Migration.
Operator scopes grant teammates least-privilege access to a shared Gateway — read-only dashboards, send-but-not-approve operators, or full admins — without handing over the whole keys.
The user assigns scoped roles; each operator reaches only the gateway actions their role allows.

Quick Start

1

Single-operator (no scopes — unchanged)

Today’s setup keeps working. Authenticated clients receive all scopes when no policy is configured.
2

Multi-operator (scoped tokens)

Map each operator token to the scopes they need in gateway.yaml, then run your agent as usual.
When no auth_scopes policy is configured, every successfully authenticated client is granted all scopes — identical to today’s binary auth behaviour. Single-operator setups need no changes.

How It Works

  1. Client connects with a bearer token.
  2. Gateway resolves scopes via GatewayConfig.resolve_scopes(token).
  3. Each HTTP route and WebSocket action checks the required scope.
  4. Outbound events are filtered — approval events only reach clients with the approvals scope.

Scope Reference

Which scope should this operator have?


Configuration

YAML — flat mapping

Python


Scope-Gated Routes


Common Patterns

Read-only dashboard viewer[read] for status and transcripts without send or approve rights. Send but not approve[read, write] for operators who reply to users but cannot resolve tool approvals. Approvals-only on-call[read, approvals] for security-sensitive approval resolution without channel admin rights. Full admin[admin] for SREs who need pause/resume/reconnect plus all other capabilities.

Error Handling

HTTP 403 when scope check fails:
WebSocket message without write scope:

Granting approvals is effectively remote command execution — never assign it casually. On a loopback-bound gateway, local non-proxied requests bypass auth by default and are granted all operator scopes — intended for local development only. External binds (0.0.0.0, LAN IPs) are unaffected and still require a token with the correct scopes. Set ALLOW_LOOPBACK_BYPASS=false to opt back into strict auth on loopback, or true to force-enable the bypass even on an external bind (unsafe — never do this in production). See Bind-Aware Auth.

Best Practices

Start every operator with [read] and expand only when their role requires it.
Issue separate tokens per operator so you can revoke one role without rotating everyone.
Combine approvals scope with /api/approval/allowlist for defence-in-depth on tool execution.
Prefer explicit scope lists over [admin] unless the operator truly needs channel control.

Bind-Aware Auth

Token requirements when binding to external interfaces

Gateway Overview

Multi-channel gateway architecture and setup