Understanding the foundational primitives that power Phantom's agentic authorization.
Traditional API keys are dangerous: they're long-lived, broadly scoped, and if leaked, expose your entire system. Ghost Tokens solve this by being temporary, opaque, and intent-specific.
Intent Binding
Each token is cryptographically bound to a specific mission intent. A token for "book flight" cannot be used to "delete data".
Opaque Reference
The token doesn't contain credentials. It's a pointer to a permission set that Phantom validates server-side.
Instant Revocation
If an agent misbehaves, the token "vanishes"—all pending actions fail immediately, no propagation delay.
// Issue a Ghost Token for a specific intent
const token = await Phantom.issue(agent, {
intent: 'Find flight receipt in Gmail',
constraints: {
maxAccess: '5 minutes',
scope: 'gmail.readonly',
maxActions: 10
}
});
// Token expires automatically after 5 minutes or 10 actions
// If leaked, it can only read Gmail, not modify/deletePermission systems fail when they drift out of sync with reality. Shadow Sync ensures Phantom's authorization graph mirrors your database and billing systems in real-time.
Database Events
When you create a document with userId: 123, Shadow Sync automatically creates the edge resource:doc_456#owner@user:123 in Phantom's graph.
// In your app
await prisma.document.create({
data: { id: 456, userId: 123 }
});
// Shadow Sync automatically runs
await phantom.graph.addEdge({
from: 'user:123',
relation: 'owner',
to: 'resource:doc_456'
});Billing Events
Stripe webhooks update entitlements instantly. When a subscription is canceled, all related permissions cascade and revoke.
// Stripe webhook received: subscription_deleted
await phantom.entitlements.remove({
user: 'user:123',
entitlement: 'pro_features'
});
// All active agent missions with 'pro_features' required
// are paused and require re-authorizationAgents can spawn thousands of concurrent tasks. Without Shadow Sync, checking permissions would require hitting your database on every action. Shadow Sync maintains a high-speed Redis cache that updates within 50ms of source changes, enabling sub-millisecond permission checks.
Traditional authorization asks "Can the user do this?" But for agents, we need a deeper question: "Does this action align with the mission intent?"
User has read_files permission. Agent can read ANY file, including sensitive ones.
// Mission: "Summarize meeting notes"
// Agent action: Read /secrets/api_keys.txt
// ❌ Allowed by RBAC, but clearly wrong!Agent can only read files relevant to the stated mission intent.
// Mission: "Summarize meeting notes"
// Agent action: Read /secrets/api_keys.txt
// ✓ BLOCKED - Low alignment with missionContext Extraction
Phantom pulls the mission context from the Temporal workflow state.
Alignment Scoring
Gemini-3-Flash analyzes whether the requested action advances the mission goal.
Policy Resolution
Combines alignment score with graph permissions. Low alignment = BLOCK, even if technically allowed.
Gemini-3-Flash processes intent verification in under 400ms, making it viable for production agent systems.
{
"mission": "Research Paris travel options",
"action": "read_file:/home/banking/statements.pdf",
"alignment_score": 0.12,
"decision": "BLOCK",
"reason": "Accessing financial documents unrelated to travel research",
"latency_ms": 287
}Agent tasks can take hours or days. Traditional session-based auth fails here. Durable Missions, powered by Temporal workflows, ensure permissions persist for the lifecycle of long-running agent tasks.
Session tokens expire
A research agent working on a 3-day legal case analysis shouldn't lose access mid-task. Durable Missions don't expire based on time—they persist for the mission lifecycle.
Workflows pause and resume
Temporal workflows can pause (waiting for human approval, external API, etc.) and resume days later with full permission context intact.
Atomic rollback on failure
If a mission fails or is terminated, Temporal can atomically reverse all actions. Phantom tracks which compensating actions to run—no manual cleanup code.
const mission = await Phantom.createDurableMission({
userId: 'user_123',
intent: 'Deep legal research on patent case',
durable: true,
timeout: '7 days',
compensations: {
'download_file': (ctx) => ctx.cleanup.deleteTemp(),
'api_call': (ctx) => ctx.cleanup.reverseCharge()
}
});
await mission.run(async (ctx) => {
// Day 1: Download 500 legal documents
const docs = await ctx.action('download_files', {...});
// Day 2-4: Agent processes documents (long running)
const analysis = await ctx.action('analyze_documents', {...});
// Day 5: Pause for human review
await ctx.waitForApproval();
// Day 6-7: Generate final report
return await ctx.action('generate_report', {...});
});
// If mission fails on Day 3, Phantom automatically:
// 1. Stops all pending actions
// 2. Runs compensations (delete temp files, reverse charges)
// 3. Logs full audit trailFor high-risk actions (spending > $100, deleting critical data), Durable Missions can pause and send approval requests. The user has 48 hours to approve via the Phantom dashboard or mobile app. If denied, the workflow terminates and compensations run automatically.
These four concepts work together to provide production-grade authorization for AI agents:
Ghost Tokens ensure leaked credentials have minimal blast radius
Shadow Sync keeps permissions accurate across thousands of concurrent agents
Intent-Aware Reasoning prevents agents from doing technically-allowed-but-wrong actions
Durable Missions enable long-running agent workflows with safe failure recovery