Proposal: Rework the existing closed PR #24 into three smaller, reviewable changes aligned with the Product Constitution and governance boundaries.\n\nGoals:\n- Keep product UX and daemon control-plane boundaries intact (no open, unauthenticated mutation routes on metrics mux).\n- Provide persistent, auditable delegation store (SQLite) for grants before adding transport surface.\n- Ensure transport surface follows existing SDK/admin authentication patterns (standing-admin-token / policy-admin-token), not new unauthenticated HTTP endpoints on metrics port.\n\nPlanned split PRs:\n1) — core delegation model + persistent store (SQLite) + comprehensive unit tests + DB migrations + docs. Acceptance: on-disk persistence in , unit tests for Issue/Verify/Revoke/Chain, no daemon route changes.\n2) — authenticated transport wiring: SDK socket and/or MCP gateway integration, using or existing patterns, not metrics mux. Acceptance: routes only behind admin token, integration tests that exercise signed tokens + auth.\n3) — CLI surface (Create, inspect, verify, and revoke delegation tokens that allow one agent
to act on behalf of another within a governed chain of trust.
Usage:
faramesh delegate [command]
Available Commands:
chain Show the full delegation chain for an agent
grant Grant delegation from one agent to another
inspect Inspect a delegation token's metadata
list List delegations for an agent
revoke Revoke delegation between two agents
verify Verify whether a delegation token is currently valid
Flags:
-h, --help help for delegate
Use "faramesh delegate [command] --help" for more information about a command.) and docs/usage examples, only after #1 and #2 merged.\n\nMust haves for all PRs:\n- Alignment with PRODUCT_CONSTITUTION.md: no mechanism-first UX leakage, evidence-first audit trail.\n- Clear migration path and compatibility notes.\n- Reviewer checklist: security review, legal check for token format, and product-signoff.\n\nRequest: please assign core maintainers and tag with and .
Proposal: Rework the existing closed PR #24 into three smaller, reviewable changes aligned with the Product Constitution and governance boundaries.\n\nGoals:\n- Keep product UX and daemon control-plane boundaries intact (no open, unauthenticated mutation routes on metrics mux).\n- Provide persistent, auditable delegation store (SQLite) for grants before adding transport surface.\n- Ensure transport surface follows existing SDK/admin authentication patterns (standing-admin-token / policy-admin-token), not new unauthenticated HTTP endpoints on metrics port.\n\nPlanned split PRs:\n1) — core delegation model + persistent store (SQLite) + comprehensive unit tests + DB migrations + docs. Acceptance: on-disk persistence in , unit tests for Issue/Verify/Revoke/Chain, no daemon route changes.\n2) — authenticated transport wiring: SDK socket and/or MCP gateway integration, using or existing patterns, not metrics mux. Acceptance: routes only behind admin token, integration tests that exercise signed tokens + auth.\n3) — CLI surface (Create, inspect, verify, and revoke delegation tokens that allow one agent
to act on behalf of another within a governed chain of trust.
Usage:
faramesh delegate [command]
Available Commands:
chain Show the full delegation chain for an agent
grant Grant delegation from one agent to another
inspect Inspect a delegation token's metadata
list List delegations for an agent
revoke Revoke delegation between two agents
verify Verify whether a delegation token is currently valid
Flags:
-h, --help help for delegate
Use "faramesh delegate [command] --help" for more information about a command.) and docs/usage examples, only after #1 and #2 merged.\n\nMust haves for all PRs:\n- Alignment with PRODUCT_CONSTITUTION.md: no mechanism-first UX leakage, evidence-first audit trail.\n- Clear migration path and compatibility notes.\n- Reviewer checklist: security review, legal check for token format, and product-signoff.\n\nRequest: please assign core maintainers and tag with and .