FusionAuth vs Rivet
Side-by-side trajectory, velocity, and editorial themes.
FusionAuth is in security-hardening mode, tightening API-key and OAuth boundaries
FusionAuth's recent releases center on security hardening and standards support: OAuth resource scoping (RFC 8707), and a series of breaking changes that lock down API-key scope on webhook and installation-wide endpoints. Interspersed are routine point releases and bug fixes; the two most recent tags captured only boilerplate upgrade text, not substantive notes.
The throughline is shrinking the blast radius of credentials — tenant-scoped keys can no longer reach installation-wide operations, and webhook endpoints now demand global keys. FusionAuth is prioritizing correctness and standards compliance over headline features, consistent with an identity vendor managing trust.
Expect continued standards adoption (OAuth/OIDC RFCs) and further API-key scoping refinements; the cadence suggests steady point releases rather than a large feature launch.
Rivet pivots from actor backend to a coding-agent OS, and is building the ecosystem to match.
Rivet began as an actor and serverless backend platform — RivetKit, Rivet Actors, Rivet Compute — and has spent the last month reorienting around agentOS, a WebAssembly-based Linux environment for running coding agents without a heavy sandbox. The June and July releases show both threads running in parallel: native language SDKs (Rust, Effect) for Actors, and a fast-maturing agentOS that now has its own package registry.
The center of gravity is shifting from hosting stateful actors to being the runtime coding agents execute inside. agentOS went from a v0.2 sandbox alternative to shipping a package registry and a sub-millisecond package manager in under two weeks, a sign Rivet wants to own the developer surface around agent execution, not just the compute underneath it.
Expect agentOS to keep accreting ecosystem pieces — more registry content and tighter orchestration — while the Actors SDKs settle toward maintenance. A likely next move is deeper coupling between agentOS and Rivet Compute so agents run on Rivet's own cloud.
See more alternatives to FusionAuth →
See more alternatives to Rivet →