missionsPhase 13

Permission Endpoint

The permission endpoint enables agents to request permission from the PS for actions **not governed by a remote resource** — tool calls, file writes, sending messages on behalf of the user. The spec says this MAY be used **with or without a mission** (§1015), and the without-mission case is the more important pitch: it lets the PS govern agent behavior **before any resources support AAuth**, giving users one chokepoint that sees every sensitive local action. The PS decides each request against its standing user policy and, if needed, defers to the user via the same `202 + AAuth-Requirement: interaction` pattern other AAuth endpoints use. Only `action` is required (§1025); `description`, `parameters`, and `mission` are optional. Toggle **With Mission** above to see how `approved_tools` (§1303) bypasses the endpoint entirely and how the request binds to a mission log.

§ Permission Endpoint

POST https://ps.example/permission200

Agent signs the request with its agent token via Signature-Key: sig=jwt (§1021). No mission is bound — the request body has no `mission` field.

Only `action` is required (§1025). `description` and `parameters` are optional but recommended so the PS (and the user, if asked) can see what's being attempted.

Without a mission, the PS evaluates against the user's **standing policy** at the PS — "always allow SendEmail to my own domain" is a reasonable default.

PS decides immediately and returns 200 `permission: "granted"` (§1055, §1068). PS SHOULD still record the request even without a mission (§1075).

1 / 5

speed

Step 1: POST /permission (SendEmail) → 200 granted by standing policy

Request / response

Permission Flow (No Mission)

→

POSThttps://ps.example/permission

Content-Type?

application/json

Signature-KeyAAuth?

sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQ…

Signature-InputAAuth?

sig=("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed2…

SignatureAAuth?

sig=:Tk9NSVNTSU9OU0VOREVNQUlMR1JBTlRFRFBPTElDWUFMTE9XU09XTkRPTUFJTlNJR05BVFVSRUJ…

Body

{
  "action": "SendEmail",
  "description": "Email the draft Q2 wrap-up to the user's own address.",
  "parameters": {
    "to": "user@example.com",
    "subject": "Draft: Q2 wrap-up"
  }
}

HTTP Signaturescheme=jwt

Covered Components

@method

@authority

@path

signature-key

Signature Base

"@method": POST

"@authority": ps.example

"@path": /permission

"signature-key": sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQrand0In0…"

"@signature-params": sig=("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed25519"

Signature-Key Header

sig=jwt;jwt="eyJhbGciOiJFZERTQSIsImtpZCI6ImFnZW50LWtleS0xIiwidHlwIjoiYWEtYWdlbnQrand0In0…"

Signature-Input Header

sig=("@method" "@authority" "@path" "signature-key");created=1700000000;alg="ed25519"

Agent Tokenaa-agent+jwt

Header

{"alg":"EdDSA",
"kid":"agent-key-1",
"typ"?Token type identifier. aa-agent+jwt = Agent Token, aa-resource+jwt = Resource Token, aa-auth+jwt = Auth Token:"aa-agent+jwt"
}

Payload

{"iss"?Issuer — who created and signed this token:"https://agent.example",
"sub"?Subject — who or what the token is about:"aauth:local@agent.example",
"dwk"?Discovery Well-Known — the metadata document path for key discovery (e.g. aauth-agent.json):"aauth-agent.json",
"jti"?JWT ID — unique identifier for this token (prevents replay):"a6ae301d-1dc7-4b75-8f8b-5612197664a7",
"cnf"?Confirmation — proof-of-possession claim binding this token to a key:{"jwk"?JSON Web Key — the public key bound to this token:
},
"iat"?Issued At — Unix timestamp when the token was created:1776222894,
"exp"?Expiration — Unix timestamp after which the token is invalid:1776226494,
"ps"?Person Server URL — the PS that represents this agent's user:"https://ps.example"
}

sig: 8byvGd-PR3uOLeS_HYOpbW7OD_8whUuD…