Skip to main content

Content-addressed delegation references for the AlgoVoi substrate (tamper-evident, chainable; L1 frozen)

Reason this release was yanked:

software issue

Project description

algovoi-delegation-ref

Content-addressed delegation references for the AlgoVoi substrate. An agent delegates authority to another agent for a scope and a validity window; the delegation_ref is the content hash of that delegation envelope, so any tamper (widening the scope, extending the expiry, swapping the delegate) changes the ref and is detectable offline. Delegations chain (A→B→C) via prev_delegation_ref, giving a tamper-evident delegation chain.

This is the inverse of an opaque delegation token (an arbitrary label that does not change when the delegation's content is altered). Additive over the frozen substrate (Apache-2.0); no new cryptography:

delegation_ref = "sha256:" + SHA-256(JCS(RFC 8785)({
    delegate_id, delegator_id, not_after_ms, not_before_ms,
    prev_delegation_ref, scope }))

with integer-millisecond validity bounds.

Install

pip install algovoi-delegation-ref

Use

from algovoi_delegation_ref import delegation_ref, tamper_detected, verify_chain

root = {
    "delegator_id": "did:web:org.example",
    "delegate_id":  "did:web:agent-1.example",
    "scope":        "payments:usdc:<=100",
    "not_before_ms": 1716494400000,
    "not_after_ms":  1716498000000,
    "prev_delegation_ref": "",
}
ref = delegation_ref(root)
tamper_detected(ref, root)                              # False (matches)
tamper_detected(ref, {**root, "scope": "payments:usdc:*"})   # True (scope widened)

# chain a sub-delegation and verify integrity end to end
sub = {**root, "delegator_id": "did:web:agent-1.example",
       "delegate_id": "did:web:agent-2.example",
       "scope": "payments:usdc:<=50", "prev_delegation_ref": ref}
verify_chain([root, sub])    # -> [root_ref, sub_ref]; raises on a broken link

Envelope key order does not matter (JCS absorbs it). A non-integer validity bound (e.g. an RFC-3339 string) is rejected, not hashed.

Conformance

conformance/delegation_ref_v1/: 3 positives (root, reordered-key, chain link), 5 negatives (scope / expiry / delegate / chain-link tamper, plus a rejected malformed bound), and two invariants (key-order, chain integrity). The verifier imports only the standard library plus rfc8785 (no algovoi import):

pip install rfc8785
python conformance/delegation_ref_v1/verify.py

Adopters

Build on algovoi-delegation-ref, pin ==0.1.0, anchor a canonical vector hash, and keep the NOTICE, and you qualify for a free v0 licence key for algovoi-mandate-auditor. The gate is scripts/check_v0_adoption.py (dependency + canonical hash anchor + NOTICE + version pin → ISSUE_V0_KEY). Apply: email chopmob@gmail.com.

License

Apache-2.0. Copyright 2026 AlgoVoi. Preserve the NOTICE in any distribution.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

algovoi_delegation_ref-0.1.1.tar.gz (8.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

algovoi_delegation_ref-0.1.1-py3-none-any.whl (9.7 kB view details)

Uploaded Python 3

File details

Details for the file algovoi_delegation_ref-0.1.1.tar.gz.

File metadata

  • Download URL: algovoi_delegation_ref-0.1.1.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.10

File hashes

Hashes for algovoi_delegation_ref-0.1.1.tar.gz
Algorithm Hash digest
SHA256 d56f867afcef95d7e0d5837c12559c8c9511f589be50289ea8a43e4e258ff8db
MD5 4c0f49553a8d80ccb013bf24749e42be
BLAKE2b-256 1f5a6b505550373043fb4848651e6215843b528bb0a1f2e05ffd622a86776028

See more details on using hashes here.

File details

Details for the file algovoi_delegation_ref-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for algovoi_delegation_ref-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e56609dec1d6f3af34fd7b3a48219e40802231bf6e25e4ddc66c1d01ec25ca4a
MD5 e880b1fce0b18498a29589c85c77f710
BLAKE2b-256 c08c53d37d39db37847ca75676fb90713a9647311d958ce446b91b93a02ef2db

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page