Expand description
DPoP (Demonstration of Proof-of-Possession) for Chio tool invocations.
A DPoP proof is a signed canonical JSON object that binds a single tool
invocation to the agent’s keypair. It prevents stolen-token replay by
requiring the agent to prove possession of the private key corresponding
to capability.subject on every invocation.
Proof fields:
schema: constant"chio.dpop_proof.v1"capability_id: token ID of the capability being invokedtool_server: server_id of the target tool servertool_name: name of the tool being calledaction_hash: SHA-256 hash of the serialized tool argumentsnonce: caller-chosen random string (replay prevention)issued_at: Unix seconds when the proof was createdagent_key: hex-encoded public key of the signer (Ed25519 by default;p256:/p384:prefix under the FIPS crypto path)
Verification steps (in order):
- Schema check – must equal
DPOP_SCHEMA - Sender constraint –
agent_keymust equalcapability.subject - Binding fields – capability_id, tool_server, tool_name, action_hash all match
- Freshness –
issued_at + proof_ttl_secs >= nowandissued_at <= now + max_clock_skew_secs - Signature – verified through the signing backend negotiated between
agent and kernel; dispatches off the algorithm carried by
agent_keyand the proof’ssignaturefield - Nonce replay – nonce must not have been seen within the TTL window
Structs§
- Dpop
Config - Configuration for DPoP proof verification.
- Dpop
Nonce Store - In-memory LRU nonce replay store.
- Dpop
Proof - A signed DPoP proof ready for transmission.
- Dpop
Proof Body - The signable body of a DPoP proof.
Constants§
- DPOP_
SCHEMA - Schema identifier for Chio DPoP proofs.
Functions§
- is_
supported_ dpop_ schema - verify_
dpop_ proof - Verify a DPoP proof against the given capability and invocation context.