Runtime Function Auth + Validation

Runtime functions check identity, scope, payloads, and callbacks before writes.

Wever Labs functions carry intake, dispatch, execution, provider activation, pilot state, receipts, callbacks, and audit events. This rail gives each function a common validation path before it writes to Supabase or advances an operating workflow.

Auth validation schema TokenOps example Function

Validation path

request
  ├─ method_allowed
  ├─ bearer_token
  ├─ agent_scope
  ├─ tool_allowed
  ├─ schema_version
  ├─ callback_url
  ├─ payload_required_fields
  └─ audit_event

How it works

Function writes pass through one validation rail.

Each runtime endpoint can use the same checks before creating intake records, Work Orders, execution commands, provider events, result contracts, receipts, callbacks, ledgers, or attestations.

Authenticate

Confirm request method, bearer token, access-key reference, and trusted agent or client context.

Authorize

Check tool scope, run contract, credential envelope, and allowed runtime action before advancing work.

Validate

Inspect required fields, schema version, task token, Work Order ID, provider event, callback URL, and payload shape.

Persist

Write accepted records through server-side service-role functions and return an explicit response envelope.

Audit

Record accepted, rejected, failed, retried, and overridden function activity for console and proof trails.

Runtime checks

Validation protects the activation path.

The validation rail keeps function behavior consistent across TokenOps, FinanceOps, and EnergyOps without burying the OS in one-off endpoint logic.

Identity

Trusted request context

Requests bind to agent ID, client ID, credential envelope, access-key reference, task token, and allowed tool.

Payload

Schema and field checks

Runtime functions check schema version, required IDs, tool type, provider reference, callback URL, and result envelope shape.

Response

Consistent envelopes

Accepted, rejected, persisted, failed, and pending states return a machine-readable response contract.

Audit

Validation event trail

Each important auth or validation decision can be written as an audit event tied to task, Work Order, tool, and agent.

Continue through the OS

Auth and validation bind into controlled pilot execution.

Move from validation into runtime function wiring, service-role policy, callback delivery, or TokenOps pilot execution.

FunctionsOpen Runtime Function Wiring PolicyOpen RLS Policy Pack ReturnOpen Callback Delivery Rail