get_intent_token()
Requests a cryptographically signed token from ArmorIQ for executing your plan.
client.get_intent_token(
plan_capture: PlanCapture,
policy: dict = None,
validity_seconds: float = 60.0
) -> IntentTokenParameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| plan_capture | PlanCapture | Yes | - | Captured plan from capture_plan() |
| policy | dict | No | {"allow": ["*"], "deny": []} | Authorization policy (see Policy Specification) |
| validity_seconds | float | No | None | Token validity in seconds |
Policy Specification
See the dedicated Policy Specification page for the full policy structure and ways to define policies.
Flow
- SDK → ArmorIQ Proxy POST /token/issue with X-API-Key
- Proxy validates API key (bcrypt) and builds identity bundle
- CSRG-IAP converts plan to Merkle tree structure
- CSRG-IAP calculates SHA-256 hash from canonical representation
- CSRG-IAP signs token with Ed25519
- Token with hash and merkle_root returned to SDK via proxy
Returns
dict containing:
{
"success": bool, # Always True if no exception
"token": str, # JWT token string
"plan_hash": str, # SHA-256 of plan
"merkle_root": str, # Merkle tree root
"expires_at": int, # Unix timestamp
"issued_at": int # Unix timestamp
}Raises
- AuthenticationError: If API key is invalid
- TokenIssuanceError: If token creation fails
- NetworkError: If proxy is unreachable
Example
# Basic usage - LLM generates plan
captured_plan = client.capture_plan(
llm="gpt-4",
prompt="Analyze the dataset"
)
token_response = client.get_intent_token(captured_plan)
token = token_response["token"]
# Custom expiration
token_response = client.get_intent_token(
plan_capture=captured_plan,
validity_seconds=7200 # 2 hours
)
# With policy
token_response = client.get_intent_token(
plan_capture=captured_plan,
policy={
"allow": ["analytics-mcp/*", "data-mcp/fetch_*"],
"deny": ["data-mcp/delete_*"]
},
validity_seconds=1800 # 30 minutes
)
# Check expiration
import time
if time.time() < token_response["expires_at"]:
print("Token is valid")
else:
print("Token expired, get new one")