Maybe I'm not getting it either, but it looks like you're imagining a scenario where you deploy multiple instances of the agent, one per user, and then each one gets a different access level based on a key. Is this correct?
Not imagining it, using it in prod. Not sure how you define "multiple instances" here but basically, one agent with multiple concurrent conversations. Access level is based on the point of ingress to the agent, limitations are mechanical (tool access) and semantic (affecting posture, not a true security boundary but you can inflence behavior per entrypoint).
in my case, we're using Docker containers to spwan Hermes instances, so it is easier to define what an instance is. And we need a container per user, because, without modifications, if multiple users talk to the same Hermes instance then they can access each other's conversations by asking the agent.