Skip to main content

Content-addressed delegation references for the AlgoVoi substrate (tamper-evident, chainable; L1 frozen)

Reason this release was yanked:

software issue

Project description

algovoi-delegation-ref

Content-addressed delegation references for the AlgoVoi substrate. An agent delegates authority to another agent for a scope and a validity window; the delegation_ref is the content hash of that delegation envelope, so any tamper — widening the scope, extending the expiry, swapping the delegate — changes the ref and is detectable offline. Delegations chain (A→B→C) via prev_delegation_ref, giving a tamper-evident delegation chain.

This is the inverse of an opaque delegation token (an arbitrary label that does not change when the delegation's content is altered). Additive over the frozen substrate (Apache-2.0); no new cryptography:

delegation_ref = "sha256:" + SHA-256(JCS(RFC 8785)({
    delegate_id, delegator_id, not_after_ms, not_before_ms,
    prev_delegation_ref, scope }))

with integer-millisecond validity bounds.

Install

pip install algovoi-delegation-ref

Use

from algovoi_delegation_ref import delegation_ref, tamper_detected, verify_chain

root = {
    "delegator_id": "did:web:org.example",
    "delegate_id":  "did:web:agent-1.example",
    "scope":        "payments:usdc:<=100",
    "not_before_ms": 1716494400000,
    "not_after_ms":  1716498000000,
    "prev_delegation_ref": "",
}
ref = delegation_ref(root)
tamper_detected(ref, root)                              # False — matches
tamper_detected(ref, {**root, "scope": "payments:usdc:*"})   # True — scope widened

# chain a sub-delegation and verify integrity end to end
sub = {**root, "delegator_id": "did:web:agent-1.example",
       "delegate_id": "did:web:agent-2.example",
       "scope": "payments:usdc:<=50", "prev_delegation_ref": ref}
verify_chain([root, sub])    # -> [root_ref, sub_ref]; raises on a broken link

Envelope key order does not matter (JCS absorbs it). A non-integer validity bound (e.g. an RFC-3339 string) is rejected, not hashed.

Conformance

conformance/delegation_ref_v1/ — 3 positives (root, reordered-key, chain link), 5 negatives (scope / expiry / delegate / chain-link tamper, plus a rejected malformed bound), and two invariants (key-order, chain integrity). The verifier imports only the standard library plus rfc8785 (no algovoi import):

pip install rfc8785
python conformance/delegation_ref_v1/verify.py

Adopters

Build on algovoi-delegation-ref, pin ==0.1.0, anchor a canonical vector hash, and keep the NOTICE, and you qualify for a free v0 licence key for algovoi-mandate-auditor. The gate is scripts/check_v0_adoption.py (dependency + canonical hash anchor + NOTICE + version pin → ISSUE_V0_KEY). Apply: email chopmob@gmail.com.

License

Apache-2.0. Copyright 2026 AlgoVoi. Preserve the NOTICE in any distribution.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

algovoi_delegation_ref-0.1.0.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

algovoi_delegation_ref-0.1.0-py3-none-any.whl (9.8 kB view details)

Uploaded Python 3

File details

Details for the file algovoi_delegation_ref-0.1.0.tar.gz.

File metadata

  • Download URL: algovoi_delegation_ref-0.1.0.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for algovoi_delegation_ref-0.1.0.tar.gz
Algorithm Hash digest
SHA256 1a7f4062ed3c2a85aee6b0358fac827fcc5b8c4277422fd885233d1f7dd47692
MD5 c870735eb2c646db1e73e6c50914808d
BLAKE2b-256 0380151fb9c7f902e7b6b6e3fc6a9322e5b1e6f8942985996149a571457ac1da

See more details on using hashes here.

File details

Details for the file algovoi_delegation_ref-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for algovoi_delegation_ref-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1941c41dde231d890ade75cd5e3539dd02dde3845bc117df911aa80a6137c3e2
MD5 08f5b1fa26fb2368886f06fe3d1059ea
BLAKE2b-256 448f186182645ed9e545eb0e37c6ad60ee888cab872ecdd4a6f736bd17898f0e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page