Expand description
AI delegation tokens with dual signatures (ADR-023, refined by ADR-033).
Each token carries two Ed25519 signatures:
- Delegator signature (human’s identity key) — proves authorization
- Binding signature (stable delegation key per (human, AI)) — binds to
the public key recorded in
project.yamlundermembers[<human>].ai_delegations[<ai-member>].delegation_key.
Tokens are passed via --token flag or JOY_TOKEN env var to joy auth.
Structs§
- Delegation
Claims - Claims encoded in a delegation token.
- Delegation
Token - A delegation token with dual signatures.
Functions§
- create_
token - Create a delegation token with dual signatures.
- decode_
token - Decode a token from its portable string representation.
- encode_
token - Encode a token as a portable string (
joy_t_<base64>). - is_
token - Check if a string looks like a delegation token (has the
joy_t_prefix). - validate_
token - Validate a delegation token against the delegator’s identity key and the
stable delegation key recorded in
project.yaml.