Features / Identity

Identity-aware everything.

Nightshift is identity-aware end to end. Every agent run, every artifact written, and every connector call is bound to a real principal. Users come from your IdP. Agents get scoped service accounts. Groups gate the share dialog. The audit log writes itself.

Demo coming soon

One identity model, all the way down.

Users authenticate via OIDC and land in the IAM data store with a stable subject ID. Group claims map to scopes. Each agent run inherits an identity that is checked against the Storage, Secrets, and Workers services on every call. A Purchasing agent cannot read Accounting artifacts even by accident, and every artifact carries the principal that produced it. Same model in single-tenant, multi-tenant, and air-gapped deployments.

Related features

Kubernetes NativeRuns on any Kubernetes cluster, anywhereLearn more Agent AgnosticAny model, any framework, any providerLearn more StorageS3, GCS, MinIO, or any S3-compatible storeLearn more

Ready to deploy?

Install Nightshift into your own cluster with a single Helm chart.

Star on GitHub Get in touch