FlowRelay
Agent Access
Agent Access
Agent Access lets a merchant create scoped, revocable authority for a trusted agent to inspect and prepare recovery through the same safeguards as humans.
What Agent Access is for #
Agent Access lets a merchant authorize a trusted agent to inspect setup, receipts, recovery options, diagnostics, and governed action previews through scoped FlowRelay operations.
What stays human-controlled #
Billing approval, grant changes, Shopify Flow workflow edits, support submission, secret handling, raw data access, and authority expansion stay under human control unless separately authorized.
Agent jobs #
Choose authority based on the job, not the agent's convenience.
| Job | Typical access |
|---|---|
| Explain what happened to an event | Read setup, event history, receipts, and safe diagnostics context. |
| Prepare recovery | Preview replay or diagnostics action intents without executing outside the grant. |
| Execute a recovery action | Execute only the approved governed action with idempotency and audit. |
Operating rules
Use these controls to keep agent access scoped and reversible.
- 01Open Agent Access from FlowRelay inside the merchant-authorized Shopify app context.
- 02Choose the lowest useful authority tier and scope for the work the agent is allowed to perform.
- 03Set an expiry that matches the task, then create or review the grant from the human admin surface.
- 04Have the agent start from the docs index, Markdown pages, and /agent/v1/manifest before using API, CLI, or MCP.
- 05Keep billing approval, grant changes, Shopify Flow edits, secrets, raw data, and support requests under explicit human control unless separately authorized.