Delegation
Delegation lets one agent grant scoped, expiring access to a specific memory CID for another agent.
Issue a Capability Token
ts
import { delegate } from 'engramjs'
const { tokenCid, token } = await delegate(
sdk,
memoryCid,
'did:key:z6MkhRecipientDid',
{ ttlHours: 24 }
)The returned tokenCid is what you share with the receiving agent.
Verify Token Before Access
ts
import { verifyDelegation } from 'engramjs'
const verifiedToken = await verifyDelegation(
sdk,
tokenCid,
'did:key:z6MkhRecipientDid'
)Verification checks:
- token signature validity
- recipient DID match
- expiry timestamp
Operational Guidance
- Keep TTL short for inter-agent handoffs
- Avoid wildcard delegation patterns
- Rotate sharing patterns per workflow stage
- Log token issuance and verification outcomes
Failure Cases
Expect and handle:
DelegationVerificationErrorDelegationExpiredError
Treat both as hard authorization failures and request a fresh delegation token.