Connector auth: shared, per-user, and delegated

Every connector resolves a credential in one of two ways - admin-connected or delegated - and delegated connectors then apply an identity mode. This decides whose account a tool call runs as.

Admin-connected vs delegated

• Admin-connected: an admin authenticates the connector once and every call uses that one credential. Per-request identity headers are ignored.
• Delegated: the caller supplies identity per request via X-Org-Id and (for per-user) X-User-Id, and the gateway acts on their behalf - so one agent key can serve many tenants and users.

Identity modes (delegated connectors)

• Shared (org): one org-wide credential for every caller.
• Per-user: each caller acts as themselves using their own stored token; if they have not connected, the call returns an authorization link.
• Either: the caller picks - defaults to per-user when an end user (X-User-Id) is present, otherwise shared.

How the credential is chosen

• Admin-connected → the connector's one stored credential.
• Delegated + shared → the org credential.
• Delegated + per-user → the X-User-Id's own stored token (or an auth link if missing).
• Delegated + either → per-user when X-User-Id is present, else shared; overridable per call.

On "either" connectors a single call can override the choice by passing a reserved "_identity" argument of "org" or "user"; it is stripped before the request reaches the downstream server. Pinned modes (shared or per-user) reject a conflicting override.