12 , delegation

Delegation

In multi-agent systems, one agent often needs to delegate work to another. A supervisor agent might delegate search tasks to a research worker, or refund approval to a finance sub-agent. Without governance, delegation is a security hole , the sub-agent inherits all of the supervisor's permissions and can do anything the supervisor can do.

Faramesh's delegation model enforces monotonic scope narrowing. When a supervisor delegates to a sub-agent, it can only grant a subset of its own permissions. The delegate can never exceed the delegator's scope. And if the delegate sub-delegates further, the same rule applies , each step in the chain can only narrow, never widen. This is enforced with cryptographic tokens, not with trust.

Every delegation is a signed token that carries the granted scope, the ceiling (maximum budget/permissions), a TTL (how long the delegation is valid), and a chain pointer to the delegator's own token. At decision time, Faramesh walks the chain and verifies every link. A forged, expired, or scope-exceeding token results in an immediate DENY , before the policy engine even evaluates the request.

Delegation algebra

Delegations follow a monotonic narrowing rule: each step in the chain can only reduce scope, never expand it. A delegate who has refund/issue capped at $2000 cannot grant a sub-delegate more than $2000.

Grant a delegation

Grant a delegation to another principal with a scope and ceiling.

faramesh delegate grant \
  support-bot finance-team \
  --scope refund/issue \
  --ceiling 2000 \
  --ttl 24h

List delegations

Show all active delegations.

faramesh delegate list <agent-id>

Revoke a delegation

Immediately revoke a delegation. All sub-delegations in the chain are also invalidated.

faramesh delegate revoke <from-agent> <to-agent>

Inspect the delegation chain

Trace the full delegation chain from root to leaf, showing scope narrowing at each level.

faramesh delegate chain <agent-id>