Expand description
Per-delegator AI delegation tokens with dual signatures (ADR-023).
Each token carries two Ed25519 signatures:
- Delegator signature (human’s identity key) — proves authorization
- Token binding signature (one-time token_key) — binds to project.yaml entry
Tokens are passed via --token flag or JOY_TOKEN env var to joy auth.
Structs§
- Create
Token Result - Result of creating a token: the encoded token string + the public key to store.
- Delegation
Claims - Claims encoded in a delegation token.
- Delegation
Token - A delegation token with dual signatures.
Functions§
- create_
token - Create a delegation token with dual signatures.
- decode_
token - Decode a token from its portable string representation.
- encode_
token - Encode a token as a portable string (
joy_t_<base64>). - is_
token - Check if a string looks like a delegation token (has the
joy_t_prefix). - validate_
token - Validate a delegation token against both the delegator’s key and the token_key.