@orangecheck/agent-signer / CreateDelegationInput
Interface: CreateDelegationInput
Defined in: src/index.ts:51
Properties
| Property | Type | Description | Defined in |
|---|---|---|---|
<a id="property-agentaddress"></a> agentAddress | string | - | src/index.ts:53 |
<a id="property-bond"></a> bond? | DelegationBond | null | - | src/index.ts:55 |
<a id="property-expiresat"></a> expiresAt? | Date | Explicit expires_at overrides ttlMs. | src/index.ts:60 |
<a id="property-issuedat"></a> issuedAt? | Date | - | src/index.ts:56 |
<a id="property-nonce"></a> nonce? | string | 32-hex. Defaults to crypto.getRandomValues(16-byte) rendered as hex. | src/index.ts:62 |
<a id="property-principal"></a> principal | SignerRef | - | src/index.ts:52 |
<a id="property-privatescopes"></a> privateScopes? | { envelopeExpiresAt?: Date | null; hint?: string; recipients: PrivateScopeRecipient[]; } | v1.2 private-scope (PRIVATE-SCOPE.md). When supplied, the resulting delegation envelope omits the public scopes field and instead carries scopes_encrypted — an OC Lock envelope wrapping the canonical scope list, sealed to one or more recipient device keys. The principal signs BOTH the inner OC Lock envelope (via the signMessage callback already provided on principal) AND the outer OC Agent canonical message. Recipients MUST include at least the agent's device. Additional recipients (compliance auditors, third-party verifiers) are optional. | src/index.ts:80 |
privateScopes.envelopeExpiresAt? | Date | null | Optional expiry on the OC Lock envelope. Independent of the delegation's expires_at; usually left unset. | src/index.ts:92 |
privateScopes.hint? | string | Optional human hint stored in the OC Lock envelope. | src/index.ts:89 |
privateScopes.recipients | PrivateScopeRecipient[] | Devices authorized to read the scope set. Each is { address, device_id, device_pk } matching OC Lock's DeviceRecord shape. The same signMessage callback on principal is used to sign the inner OC Lock envelope. | src/index.ts:87 |
<a id="property-revocationholders"></a> revocationHolders? | RevocationHolder[] | Default ['principal']. | src/index.ts:64 |
<a id="property-revocationref"></a> revocationRef? | string | null | Optional Nostr pointer to a revocation event. Non-cryptographic. | src/index.ts:66 |
<a id="property-scopemode"></a> scopeMode? | "strict" | "permissive" | Default 'strict'. 'permissive' allows unregistered scopes / constraint keys. | src/index.ts:68 |
<a id="property-scopes"></a> scopes | string[] | - | src/index.ts:54 |
<a id="property-ttlms"></a> ttlMs? | number | Duration from issuedAt in ms. Default 7 days. MAX 365 days per SPEC §4.4. | src/index.ts:58 |