IntentToken
Token structure returned by get_intent_token().
IntentToken
Returned by get_intent_token().
{
"success": bool,
"token": str, # JWT format: header.payload.signature
"plan_hash": str, # SHA-256: "sha256:abc123..."
"merkle_root": str, # SHA-256: "sha256:def456..."
"expires_at": int, # Unix timestamp
"issued_at": int # Unix timestamp
}interface IntentToken {
tokenId: string; // Unique identifier (intent_reference)
planHash: string; // CSRG hash of the canonical plan
planId?: string; // Plan ID from IAP
signature: string; // Ed25519 signature from IAP
issuedAt: number; // Unix timestamp
expiresAt: number; // Unix timestamp
policy: Record<string, any>; // Policy manifest
compositeIdentity: string; // Composite identity hash
stepProofs: Array<any>; // Merkle proofs for each step
totalSteps: number; // Total number of steps
rawToken: Record<string, any>; // Full raw token payload
jwtToken?: string; // JWT token for verify-step endpoint
}
// Helper functions
namespace IntentToken {
function isExpired(token: IntentToken): boolean;
function timeUntilExpiry(token: IntentToken): number;
}Token JWT Payload
{
"iss": "armoriq-csrg-iap",
"sub": "user_001",
"aud": "armoriq-proxy",
"iat": 1737454200,
"exp": 1737457800,
"plan_hash": "sha256:...",
"merkle_root": "sha256:...",
"policy": {"allow": ["*"], "deny": []},
"identity": {
"user_id": "user_001",
"agent_id": "my_agent",
"api_key_id": "key_789"
}
}