delegate()
Delegate authority to another agent with restricted permissions.
Delegate authority to another agent using cryptographic token delegation. This allows an agent to grant temporary, restricted access to a sub-agent for executing specific subtasks.
client.delegate(
intent_token: IntentToken,
delegate_public_key: str,
validity_seconds: int = 3600,
allowed_actions: list = None,
subtask: dict = None
) -> DelegationResultParameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| intent_token | IntentToken | Yes | - | Parent agent's intent token to delegate |
| delegate_public_key | str | Yes | - | Ed25519 public key of delegate agent (hex format) |
| validity_seconds | int | No | 3600 | Delegation token validity in seconds |
| allowed_actions | list | No | None | List of allowed actions (defaults to all from parent token) |
| subtask | dict | No | None | Optional subtask plan structure |
Returns
DelegationResult containing:
{
"delegation_id": str, # Unique delegation identifier
"delegated_token": IntentToken, # New token for delegate agent
"delegate_public_key": str, # Public key of delegate
"expires_at": float, # Unix timestamp of expiration
"trust_delta": dict, # Trust update applied
"status": str # Delegation status
}Raises
- DelegationException: If delegation creation fails
- InvalidTokenException: If parent token is invalid or expired
- AuthenticationError: If IAP endpoint is unreachable
Flow
- Parent agent creates main plan and gets token
- Parent calls delegate() with delegate's public key
- SDK → CSRG-IAP POST /delegation/create
- IAP creates new token with:
- Restricted permissions (if allowed_actions specified)
- Delegate's public key bound cryptographically
- Shorter validity period
- Delegated token returned to parent
- Parent sends delegated token to sub-agent
- Sub-agent uses delegated token for authorized actions only
Example
Basic Delegation
from cryptography.hazmat.primitives.asymmetric import ed25519
from cryptography.hazmat.primitives import serialization
# Generate keypair for delegate agent
delegate_private_key = ed25519.Ed25519PrivateKey.generate()
delegate_public_key = delegate_private_key.public_key()
# Convert public key to hex format
pub_key_bytes = delegate_public_key.public_bytes(
encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw
)
pub_key_hex = pub_key_bytes.hex()
# Delegate authority
delegation_result = client.delegate(
intent_token=parent_token,
delegate_public_key=pub_key_hex,
validity_seconds=1800, # 30 minutes
allowed_actions=["book_venue", "arrange_catering"]
)
print(f"✅ Delegation created: {delegation_result.delegation_id}")
print(f"Delegated token: {delegation_result.delegated_token.token_id}")
# Send delegated token to sub-agent
sub_agent_client.invoke(
"events-mcp",
"book_venue",
delegation_result.delegated_token,
{"venue_id": "v123", "date": "2026-04-15"}
)Delegation Chain (Hierarchical)
# Level 1: Manager delegates to Team Lead
lead_delegation = manager_client.delegate(
manager_token,
delegate_public_key=team_lead_pubkey,
validity_seconds=7200
)
# Level 2: Team Lead delegates to Specialist
specialist_delegation = team_lead_client.delegate(
lead_delegation.delegated_token, # Use delegated token
delegate_public_key=specialist_pubkey,
validity_seconds=3600,
allowed_actions=["execute_subtask"] # Further restricted
)Security Properties
- Cryptographically Bound: Delegation is signed with IAP's Ed25519 key
- Non-transferable: Delegate cannot re-delegate without explicit permission
- Time-Limited: Delegated tokens expire faster than parent tokens
- Action-Restricted: Delegate can only execute allowed actions
- Auditable: All delegations logged with delegation_id and trust_delta
- Revocable: Parent token expiration invalidates all delegations