Skip to main content

Identities

An ID is the identity Catalyst issues to a workload. Every workload you run is given an ID:

  • An application — any service, API, or job.
  • An agent — a durable AI agent.
  • An MCP server — a tool/data server an agent connects to.

The ID is the unit you build security boundaries around. Components, policies, and MCP access are all expressed in terms of workloads: you allow-list which workloads may invoke a target, which components a workload may use, and which agents may reach which MCP servers. Because the boundary is the identity rather than a network address or a shared secret, the same rules hold no matter where the workload runs.

Cryptographic identity

Catalyst issues each workload a SPIFFE-based, cryptographically verifiable identity — a short-lived X.509 SVID, automatically rotated — used by the data plane to mutually authenticate every call between workloads and to backing infrastructure, with no shared secrets.

A workload binds to its ID using an API token at startup, but the SPIFFE identity is what secures runtime communication. The token identifies which workload it is; the SVID is what every downstream hop verifies. See Security for the full identity and trust-boundary model.

What attaches to an ID

At the identity level you control:

  • Access and resiliency policies — see Policies.
  • Components the workload may use — see Components.
  • MCP access — which agents may reach which MCP servers — see MCP.

For day-2 operations on IDs, see Manage IDs. For how IDs bind to MCP authentication, see MCP authentication.