Skip to main content
Cowork is a multi-agent runtime that supervises several agents running concurrently. Authsome pairs naturally: give each agent role its own AUTHSOME_HOME so credentials never bleed between roles.

Per-agent isolation

Use a separate home directory per agent role. Each home gets its own identity, vault, daemon, and audit log.
AUTHSOME_HOME=~/.authsome-pr-bot   authsome onboard
AUTHSOME_HOME=~/.authsome-reviewer authsome onboard

AUTHSOME_HOME=~/.authsome-pr-bot   authsome login github
AUTHSOME_HOME=~/.authsome-reviewer authsome login github --connection read
An agent running with AUTHSOME_HOME=~/.authsome-pr-bot cannot reach credentials in ~/.authsome-reviewer. For multiple accounts on the same provider within one role, use multiple connections inside a single home instead of splitting homes.

Run each agent under its own proxy

AUTHSOME_HOME=~/.authsome-pr-bot \
  authsome run -- python pr_bot.py

AUTHSOME_HOME=~/.authsome-reviewer \
  authsome run -- python reviewer.py
Each agent’s HTTP_PROXY points at its own daemon instance, each backed by a different vault. The agents cannot read each other’s credentials even if one is compromised.

Multi-agent best practices

  • One home directory per role, not one per developer. A developer with two agents should still use two homes.
  • Audit each home separately. Audit events are scoped to the daemon backing that home.
  • Rotate after compromise of one agent only. Other homes are unaffected.

Troubleshooting

SymptomFix
Two agents accidentally share credentialsThey’re using the same AUTHSOME_HOME. Split them.
Port 7998 conflictsOnly one daemon can bind the default port per machine. Use separate hosts, containers, or configure a non-default port for secondary homes.