Expand description
Canonical scope vocabulary for Ratify Protocol v1.
MUST stay in lock-step with Go’s scope.go, TS’s scope.ts, and Python’s scope.py.
Constants§
- CUSTOM_
SCOPE_ PREFIX - Any scope string starting with CUSTOM_SCOPE_PREFIX is accepted by validate_scopes, passes through expand_scopes unchanged, and is treated as non-sensitive unless the application opts in via out-of-band policy.
- SCOPE_
ACTUATE_ MOTOR - SCOPE_
ACTUATE_ SWITCH - SCOPE_
ACTUATE_ VALVE - SCOPE_
COMMS_ CALENDAR_ READ - SCOPE_
COMMS_ CALENDAR_ WRITE - SCOPE_
COMMS_ EMAIL_ DELETE - SCOPE_
COMMS_ EMAIL_ READ - SCOPE_
COMMS_ EMAIL_ SEND - SCOPE_
COMMS_ MESSAGE_ DELETE - SCOPE_
COMMS_ MESSAGE_ READ - SCOPE_
COMMS_ MESSAGE_ SEND - SCOPE_
CONTRACT_ READ - SCOPE_
CONTRACT_ SIGN - SCOPE_
DATA_ DELETE - SCOPE_
DATA_ EXPORT - SCOPE_
DATA_ READ - SCOPE_
DATA_ SHARE - SCOPE_
DATA_ WRITE - SCOPE_
DRONE_ CAPTURE - SCOPE_
DRONE_ DELIVER - SCOPE_
DRONE_ FLY - SCOPE_
EXECUTE_ CODE - SCOPE_
EXECUTE_ TOOL - SCOPE_
FILES_ READ - SCOPE_
FILES_ WRITE - SCOPE_
GENERATE_ CONTENT - SCOPE_
GENERATE_ DEEPFAKE - SCOPE_
IDENTITY_ DELEGATE - SCOPE_
IDENTITY_ PROVE - SCOPE_
INFRASTRUCTURE_ ACCESS - SCOPE_
INFRASTRUCTURE_ CONTROL - SCOPE_
INFRASTRUCTURE_ MONITOR - SCOPE_
MEETING_ ATTEND - SCOPE_
MEETING_ CHAT - SCOPE_
MEETING_ RECORD - SCOPE_
MEETING_ SHARE_ SCREEN - SCOPE_
MEETING_ SPEAK - SCOPE_
MEETING_ VIDEO - SCOPE_
PAYMENTS_ AUTHORIZE - SCOPE_
PAYMENTS_ RECEIVE - SCOPE_
PAYMENTS_ SEND - SCOPE_
PHYSICAL_ ACTUATE - SCOPE_
PHYSICAL_ ENTER - SCOPE_
PHYSICAL_ EXIT - SCOPE_
PHYSICAL_ MANIPULATE - SCOPE_
ROBOT_ INTERACT - SCOPE_
ROBOT_ MOVE - SCOPE_
ROBOT_ OPERATE - SCOPE_
TRANSACT_ PURCHASE - SCOPE_
TRANSACT_ SELL - SCOPE_
VEHICLE_ CHARGE - SCOPE_
VEHICLE_ OPERATE - SCOPE_
VEHICLE_ TRANSPORT
Functions§
- expand_
scopes - Replace wildcard scopes with their constituent non-sensitive scopes. Deduplicates and returns lex-sorted. Custom scopes pass through unchanged.
- has_
scope - intersect_
scopes - Set of scopes in every input list after wildcard expansion. Lex-sorted.
- is_
sensitive - True if the scope is flagged as sensitive. Custom scopes are non-sensitive by default; applications may enforce policy out-of-band.
- validate_
scopes - Return an error message if any scope is invalid; None if all valid. Custom scopes (prefix “custom:”) are accepted as valid extensions.