Skip to main content

Signed intents

A signed intent is a compact, verifiable statement that a user or authorized principal approved a specific agent action under a specific scope, time window, and context.

Minimal shape

{
"intent_id": "intent_123",
"subject": "user:yaroslav",
"agent": "agent:research-assistant",
"action": "publish_article",
"scope": ["repo:blog.popov.app", "path:articles/*"],
"expires_at": "2026-07-31T23:59:59Z",
"nonce": "...",
"signature": "..."
}

Security questions

  • Who signed the intent?
  • What exact action is authorized?
  • What is the allowed scope?
  • When does it expire?
  • How is replay prevented?
  • Where is revocation checked?