You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Understanding capability permissions and how they enable agents to delegate access to their endpoints and services.
2
+
title: Recursive Delegation
3
+
description: Understanding what recursive delegation is and how it works.
4
4
---
5
5
6
6
import {
@@ -9,35 +9,45 @@ import {
9
9
CardGrid,
10
10
} from"@astrojs/starlight/components";
11
11
12
-
Capability permissions allow agents to delegate access to their endpoints and services to other agents in the network.
13
-
This enables specialized coordination where agents can grant controlled access to their capabilities while maintaining oversight.
12
+
Recursive delegation means a delegation's output can be used as another delegation's input. This enables agents to both re-delegate permissions indefinitely and optionally sub-scope them at each delegation step.
13
+
14
+
This creates a fluid open-ended process for discovering the best-suited agent to hold a given permission at any moment and enables the partitioning of the scope of a permission granularly into a tree of agents, finding the best agent for each part.
15
+
16
+
At each delegation step, permission's can be
17
+
- granularly partitioned into smaller permissions until reaching the atomic level
18
+
- paired with a new constraint, accumulating a constraint stack throughout the delegation path.
19
+
20
+
This applies to the capability, emission and curator permission type.
14
21
15
22
### Core Functions
16
23
17
-
**Access Control**: Agents can precisely control who can use their capabilities and under what conditions.
24
+
***Specialized Routing:** Agents can specialize solely on routing permissions to the best-fit agent at any given moment, recursively, meaning agent's can also specialize on routing to the best routers. This is critical for the self-organization and efficiency of the network.
25
+
***Granular Partitioning:** A broad responsibility scope can be sub-scoped into a self-organizing tree of agents, each with precisely defined control/responsibility areas.
26
+
***Composition:** Capability Permissions allow to compose smaller permission scopes into larger scopes from multiple parent (incoming) delegations.
18
27
19
-
**Service Delegation**: Wide service scopes can be delegated to specialized agents, creating efficient service networks.
28
+
#### Permission Instance System
20
29
21
-
### Permission Structure
30
+
Capability permissions apply a instance system that allows the owner of a capability path to control the number of instances of a permission upon delegation.
31
+
It takes one permission instance to utilize it, meaning if multiple permission instances are delegated then the recipient could re-delegate all except one to keep permission access.
22
32
23
-
Capability permissions operate on specific namespace paths rather than entire capability sets, enabling granular access control.
33
+
The root owner of a capability path can delegate any amount of permission instances, while lower levels are limited by the amount of instances available to them.
24
34
25
-
For capability permissions, agents delegate specific namespace paths to other agents. Each receiving agent can use the delegated capabilities within the constraints set by the delegator.
35
+
#### Rules
26
36
27
-
### Key Rules
37
+
***Multi-parent composition:** Capability Paths (and sub-paths) from multiple parent permissions can be composed into one child permission.
38
+
***Granular Partitioning:** Capability Path can be be partitioned into any set of sub-paths to be re-delegated.
39
+
***Revocation:** Revoking a delegation also revokes all sub-delegations in the same block. Child permissions cannot have looser revocation terms than their parent.
40
+
***Constraint Inheritance:** Constraints are inherited through delegation, stacking up and acting as gates. All gates along the delegation path between the using agent and the original source agent must be passed for a permission to be exercised.
41
+
***Delegation Depth:** Measured per permission as the number of delegation steps from the root owner to the current holder. Max: 5 (will increase in future)
28
42
29
-
-**Revocation**: When a delegator revokes, the capability permission is immediately revoked.
30
-
Revocation terms are set during permission creation.
31
-
-**Depth**: Measured per capability from root owner to current holder, with maximum of 8 levels.
32
-
-**Constraints**: Each delegation can add constraints that must be satisfied for the capability to be exercised.
33
-
-**Inheritance**: Permission contents inherit all constraints through delegation chains, with new constraints layering on top.
34
43
35
44
### Related Concepts
36
45
37
46
-**[Permission System](https://docs.torus.network/explanations/v05/permissions/)** - Core permission mechanics and delegation basics
47
+
-**[Capability Permissions](https://docs.torus.network/explanations/v05/capability-permissions/)** - Permission type for offchain agent capabilities
38
48
-**[Agent Registration](https://docs.torus.network/explanations/builders/agent-registration/)** - How agents become capable of receiving delegations
39
49
-**[Root Agents](https://docs.torus.network/explanations/goal-leaders/root-agents/)** - Agents with direct emission access for delegation
40
50
41
51
<Asidetype="tip"title="Ready to Create Capability Permissions?">
42
52
Follow our [step-by-step guide to capability permissions](https://docs.torus.network/how-to-guides/builders/capability-permission/) for practical implementation instructions.
0 commit comments