Content-addressed delegation references for the AlgoVoi substrate (tamper-evident, chainable; L1 frozen)
Reason this release was yanked:
software issue
Project description
algovoi-delegation-ref
Content-addressed delegation references for the AlgoVoi substrate. An agent
delegates authority to another agent for a scope and a validity window; the
delegation_ref is the content hash of that delegation envelope, so any tamper
(widening the scope, extending the expiry, swapping the delegate) changes the ref
and is detectable offline. Delegations chain (A→B→C) via prev_delegation_ref,
giving a tamper-evident delegation chain.
This is the inverse of an opaque delegation token (an arbitrary label that does not change when the delegation's content is altered). Additive over the frozen substrate (Apache-2.0); no new cryptography:
delegation_ref = "sha256:" + SHA-256(JCS(RFC 8785)({
delegate_id, delegator_id, not_after_ms, not_before_ms,
prev_delegation_ref, scope }))
with integer-millisecond validity bounds.
Install
pip install algovoi-delegation-ref
Use
from algovoi_delegation_ref import delegation_ref, tamper_detected, verify_chain
root = {
"delegator_id": "did:web:org.example",
"delegate_id": "did:web:agent-1.example",
"scope": "payments:usdc:<=100",
"not_before_ms": 1716494400000,
"not_after_ms": 1716498000000,
"prev_delegation_ref": "",
}
ref = delegation_ref(root)
tamper_detected(ref, root) # False (matches)
tamper_detected(ref, {**root, "scope": "payments:usdc:*"}) # True (scope widened)
# chain a sub-delegation and verify integrity end to end
sub = {**root, "delegator_id": "did:web:agent-1.example",
"delegate_id": "did:web:agent-2.example",
"scope": "payments:usdc:<=50", "prev_delegation_ref": ref}
verify_chain([root, sub]) # -> [root_ref, sub_ref]; raises on a broken link
Envelope key order does not matter (JCS absorbs it). A non-integer validity bound (e.g. an RFC-3339 string) is rejected, not hashed.
Conformance
conformance/delegation_ref_v1/: 3 positives (root, reordered-key, chain link),
5 negatives (scope / expiry / delegate / chain-link tamper, plus a rejected
malformed bound), and two invariants (key-order, chain integrity). The verifier
imports only the standard library plus rfc8785 (no algovoi import):
pip install rfc8785
python conformance/delegation_ref_v1/verify.py
Adopters
Build on algovoi-delegation-ref, pin ==0.1.0, anchor a canonical vector hash,
and keep the NOTICE, and you qualify for a free v0 licence key for
algovoi-mandate-auditor. The gate is scripts/check_v0_adoption.py
(dependency + canonical hash anchor + NOTICE + version pin → ISSUE_V0_KEY).
Apply: email chopmob@gmail.com.
License
Apache-2.0. Copyright 2026 AlgoVoi. Preserve the NOTICE in any distribution.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file algovoi_delegation_ref-0.1.1.tar.gz.
File metadata
- Download URL: algovoi_delegation_ref-0.1.1.tar.gz
- Upload date:
- Size: 8.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d56f867afcef95d7e0d5837c12559c8c9511f589be50289ea8a43e4e258ff8db
|
|
| MD5 |
4c0f49553a8d80ccb013bf24749e42be
|
|
| BLAKE2b-256 |
1f5a6b505550373043fb4848651e6215843b528bb0a1f2e05ffd622a86776028
|
File details
Details for the file algovoi_delegation_ref-0.1.1-py3-none-any.whl.
File metadata
- Download URL: algovoi_delegation_ref-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e56609dec1d6f3af34fd7b3a48219e40802231bf6e25e4ddc66c1d01ec25ca4a
|
|
| MD5 |
e880b1fce0b18498a29589c85c77f710
|
|
| BLAKE2b-256 |
c08c53d37d39db37847ca75676fb90713a9647311d958ce446b91b93a02ef2db
|