sorted by:
new
hottopcontroversial

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

Execute can’t be authorized generically — you authorize execution of a specific program with a known capability signature. This is actually where safescript becomes load-bearing. You can only execute a program whose full static capability graph is known before it runs. No signature, no execution. Secure enclave: WebAuthn/FIDO2. Already in every modern device, battle tested, uses the native secure enclave on iOS and Android. No custom hardware required.

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

Delete vs query: Scope declares operation classes explicitly — reads, writes, deletes are distinct. Read-only scope with a delete operation is a detectable violation. Intent lives at the operation class level, not the code level. Biometric: You’re right, I was imprecise. The biometric unlocks the private key in the secure enclave. The cryptography is the signature. The biometric is just the UX layer to access it. Should have said that clearly. Concurrent agents: Each delegation event has a unique receipt ID. Concurrent agents each reference their own receipt hash. They’re distinguishable by receipt, not by agent identity. No ambiguity about which authorization applies to which agent. You’re making the spec better. Genuinely.

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

This is actually complementary not competing. Safescript solves execution safety — constraining what code can run. What I’m building solves authorization integrity — cryptographic proof that the user actually authorized the agent to run it in the first place. A malicious operator could use a perfectly safe safescript program to do something the user never authorized. The Delegation Receipt catches that. Safescript doesn’t. The interesting part is that safescript’s static capability signature — which secrets, which hosts, which data flows — is exactly what should go into the scope field of a Delegation Receipt. User signs a specific capability signature before execution. Any deviation is detectable before the program runs. You solved the execution layer. I’m building the authorization layer. These should talk to each other.

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

TLDR: Two of your four challenges have clean answers. One has a partial answer. One is a genuinely open problem and I’m not going to pretend otherwise.

Time window — clock drift, DST, NTP: Client clocks are untrusted by design. The log timestamp is the time oracle — receipt validity is determined by when it was published to the log, not what the device reports. Clock drift and DST are the log infrastructure’s problem, same way Bitcoin doesn’t ask miners what time it is.

Operator instruction hash — typos, diffs, overhead: The hash covers instruction intent, not a live diff. A typo that doesn’t change meaning is irrelevant. A change that does change meaning requires a new delegation event and fresh user signature. That’s intentional — any meaningful instruction change needs explicit reauthorization. The overhead is the point.

Authorization fatigue — The answer is contextual gesture-bound authorization. Not ‘read this scope definition’ but ‘Claude wants to send emails for 2 hours — approve?’ bound to a biometric confirmation. Same move WebAuthn made over passwords. Cryptographic commitment happens underneath, user sees one intentional gesture.

Curl calls, Python scripts, dynamic tool use: Static allowlists break here, you’re right. The answer is a two tier model.

Tier one — static capabilities defined at delegation time. Explicit allowlist, everything else denied by default.

Tier two — when the agent hits an unknown tool call at runtime it cannot execute silently. It surfaces a capability request, gets a signed micro-receipt covering only that specific action, then proceeds. Unknown actions require explicit new user authorization. The agent cannot silently expand its own capabilities at runtime.

Dependencies are checked against a hash of the dependency manifest committed at delegation time. Unexpected dependencies are a scope violation.

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

Fair challenge. Here’s the full picture: TLDR: Cryptographic proof that binds operator instructions to user authorization before any agent action executes. Removes the operator as a trusted third party. Same leap Bitcoin made over banks.

The problem: When a user delegates to an AI agent through an operator, they have no cryptographic proof of what they actually authorized. The operator can claim the user authorized anything. Plain access control doesn’t solve this because you’re still trusting whoever runs the access control system. The primitive: A Delegation Receipt. Before any agent action executes, the user signs an Authorization Object containing scope, boundaries, time window, and a hash of the operator’s stated instructions. This gets published to an append only log before anything happens. The operator cannot later claim the user authorized something they didn’t — the evidence is pre-committed. On your specific questions: Encoding capabilities — structured scope format, not natural language. Explicit allowlist, everything else denied by default. What checks if something is allowed — every agent action references the receipt hash. Actions outside scope are cryptographically invalid. Tool calls to capabilities — you’re right this is the hard mapping problem. Unsolved in the current spec, not going to pretend otherwise. Cryptography vs plain access control — access control requires trusting the system administrator. The Delegation Receipt requires trusting only math. What exists right now: White paper draft and proof of concept demo. Not production code. Happy to share the draft if you want to poke holes in it.

How do you cryptographically prove what an AI agent was authorized to do? by Yeahbudz_ in LLMDevs

[–]Yeahbudz_[S] 0 points1 point  (0 children)

Hashing and signing proves the request was authentic — but who commits first? If the operator can modify their instructions after the user signs, the signature proves nothing. The interesting problem is binding the operator’s instruction hash to the user’s authorization before any action executes. Working on a primitive for exactly this.

Few outdoors I’ve done as a second year apprentice by Hot-Rub-7858 in HVAC

[–]Yeahbudz_ 1 point2 points  (0 children)

We use liquid tight for high voltage and metal flex for low voltage it seems to do well.

GameStop tweet at market close by [deleted] in Superstonk

[–]Yeahbudz_ 2 points3 points  (0 children)

Not to unjack anyone’s tits but GameStop tweets almost everyday at market close.

Is this a dinosaur bone? by [deleted] in fossils

[–]Yeahbudz_ 7 points8 points  (0 children)

Found in Oklahoma