Wire specification

Delego is also an open protocol. The wire specification is the source of truth; the Python package is the reference implementation. It exists so that independent authorizers, brokers, and auditors — written by different people, in different languages — agree byte-for-byte.

What the spec covers

• Canonicalization — the deterministic byte encoding everything else hashes and signs over.
• Proposed Action & hashing — the action_fingerprint (method + host + path + canonicalized query + params) and the intent_hash derived from the human instruction.
• Policy & decisions — the policy schema and the fixed forbidden → rules → default evaluation producing allow / needs_approval / deny.
• Approval binding — the confused-deputy guard: an approval bound to the exact action fingerprint and intent, single-use (authorization properties P1–P4).
• Receipt & audit chain — the Ed25519-signed, hash-chained receipt format and verification, including external head-anchoring.
• Authorization token — an optional profile a broker can verify (specified in 0.3).

Status & versioning

The spec is at v0.3, and the reference implementation implements protocol 0.3. Beyond the 0.1–0.2 core, 0.3 brings hardening clauses — policy-schema validation, the P1–P4 authorization properties, head-anchoring as the required rollback defense, and the authorization-token profile — and one breaking change: the URL query string is folded into the action_fingerprint preimage, so two requests that differ only in their query are different actions and an approval for one cannot release the other. Each prior protocol version keeps a document of record in the spec repo’s versions/ directory.

Conformance

The Conformance Test Kit ships authoritative vectors generated by the reference implementation — action → hashes, policy + action → decision, and signed chains (valid and tampered). A conformant implementation must reproduce them.