Namespaces
A namespace is Routeplane’s isolation primitive. API keys, policies, and usage data are all scoped to a single namespace. On a self-hosted or local node you can run multiple namespaces to separate projects, environments, or agent deployments from one another.
Credential model: namespace-scoped keys
Section titled “Credential model: namespace-scoped keys”Every credential issued by Routeplane is namespace-scoped — baked to exactly one namespace at issuance. That scope is permanent; it cannot be widened after the fact.
| Capability | Namespace-scoped credential |
|---|---|
| Invoke inference | Yes |
| Manage keys within the namespace | Yes |
| Manage policies within the namespace | Yes |
| Read usage within the namespace | Yes |
| Reach another namespace | No |
Because no credential spans namespaces, a compromised key or misbehaving agent can affect only the namespace it was issued for. The blast radius is bounded by design.
Listing and inspecting namespaces
Section titled “Listing and inspecting namespaces”To see which namespace your current session is bound to:
routeplane cloud status # shows the signed-in account and its bound namespaceTo list all namespaces on the node:
routeplane cloud namespace list # all namespaces; active one markedns_01jxyz… default (active)ns_01jabc… productionns_01jdef… stagingSee the CLI reference for the full routeplane cloud surface.
Managing keys inside a namespace
Section titled “Managing keys inside a namespace”A credential has full autonomy over the namespace it is bound to. It can mint sub-keys, list existing keys, and revoke them — without ever gaining access to another namespace.
routeplane cloud keys mint --name my-agent \ --scope "inference:invoke keys:read policy:read usage:read"routeplane cloud keys listrouteplane cloud keys revoke <id>[!NOTE]
routeplane cloud keys mintis the recommended way for an agent to provision sub-keys for its own tools. The minted key is baked to the same namespace as the caller and cannot upscale its scopes beyond the caller’s.
Policies
Section titled “Policies”Guardrail, rate-limit, and preset policy bindings are also namespace-scoped. A credential can read and write policies within its namespace:
routeplane cloud policy listrouteplane cloud policy bind <policy-id> --principal-type api_key --principal-id <key-id>routeplane cloud budget create --name daily-cap --window day --limit-micro-usd 5000000See Guardrails and Presets for details on authoring policies.
Usage reporting
Section titled “Usage reporting”Per-namespace usage is attributed at request time and queryable from the CLI:
routeplane cloud usage # last 30 daysrouteplane cloud usage --from 2026-05-01T00:00:00Z --to 2026-06-01T00:00:00Zrouteplane cloud requests --limit 25 # paginated request logAn agent or CI job using a namespace-scoped credential can only read usage for its own namespace — cross-namespace aggregation requires a wider credential issued by the node operator.