Agent-First Authentication and Authorization

AI agents should authenticate as first-class software users, not borrowed human sessions or service accounts. Agent-first auth preserves the agent, delegator, task, resource, approval boundary, and audit trail for each action. This solves the problem of a single token failing to explain an agent's real authority for developer work.