Expand description
AI delegation tokens with dual signatures (ADR-023, refined by ADR-033 and ADR-041).
Each token carries two Ed25519 signatures:
- Delegator signature (human’s identity key) — proves authorization
- Binding signature (stable delegation key per (human, AI)) — binds to
the public key recorded in
project.yamlundermembers[<human>].ai_delegations[<ai-member>].delegation_verifier.
Tokens carry a scopes claim (ADR-041 §3). The default ["auth"] lets
the AI run joy commands as the AI member. With --crypt (["auth", "crypt"]) the token additionally embeds the delegation private key as
a 32-byte Ed25519 seed so the AI can unwrap zone keys for the duration
of the token’s TTL.
Tokens are passed via --token flag or JOY_TOKEN env var to joy auth.
Structs§
- Delegation
Claims - Claims encoded in a delegation token.
- Delegation
Token - A delegation token with dual signatures.
- Token
Issue Params - Identity and policy fields for a token issuance.
- Token
Signing Keys - Cryptographic material used to sign a delegation token.
Constants§
- SCOPE_
AUTH - Scope value for ordinary AI command authentication (default).
- SCOPE_
CRYPT - Scope value indicating the token additionally carries the delegation private key for Crypt unwrap (ADR-041).
Functions§
- create_
token - Create a delegation token with dual signatures.
- decode_
token - Decode a token from its portable string representation.
- encode_
token - Encode a token as a portable string (
joy_t_<base64>). - is_
token - Check if a string looks like a delegation token (has the
joy_t_prefix). - validate_
token - Validate a delegation token against the delegator’s identity key and the
stable delegation key recorded in
project.yaml.