Signed intents
A signed intent is a compact, verifiable statement that a user or authorized principal approved a specific agent action under a specific scope, time window, and context.
Minimal shape
{
"intent_id": "intent_123",
"subject": "user:yaroslav",
"agent": "agent:research-assistant",
"action": "publish_article",
"scope": ["repo:blog.popov.app", "path:articles/*"],
"expires_at": "2026-07-31T23:59:59Z",
"nonce": "...",
"signature": "..."
}
Security questions
- Who signed the intent?
- What exact action is authorized?
- What is the allowed scope?
- When does it expire?
- How is replay prevented?
- Where is revocation checked?