This walkthrough builds a delegation chain and verifies it offline. It needs no hardware TEE and no network. It exercises the part of cA2A that is built today: attenuated delegation and offline chain verification.
pip install ca2a-runtimeThe repo ships a generator that produces a valid three-hop chain (admin narrows to read+write narrows to read):
python scripts/gen_example_chain.py
# wrote examples/minimal/chain.jsonEach hop is a signed DelegationCredential. The scope of each hop is a subset of its parent, continuity is preserved (each issuer is the previous subject), and each hop links to its parent by credential_id.
ca2a verify-chain --chain examples/minimal/chain.json
# {"verified": true, "hops": 3, "leaf_scope": ["cap:read"]}Verification checks four invariants and fails on the first violation:
- Signature on every hop against the issuer's Ed25519 public key.
- Continuity: each hop's issuer is the previous hop's subject.
- Attenuation: each hop's scope is a subset of its parent's scope.
- Anti-replay:
parent_idlinks to the previouscredential_idand everycredential_idis unique.
Edit examples/minimal/chain.json so a child hop adds a capability its parent did not hold, then re-run:
ca2a verify-chain --chain examples/minimal/chain.json
# {"verified": false, "code": "SCOPE_ESCALATION", "error": "hop 1 scope exceeds parent grant"}from ca2a_runtime.delegation import DelegationCredential, new_keypair, verify_chain
root_priv, root_pub = new_keypair()
mid_priv, mid_pub = new_keypair()
_, leaf_pub = new_keypair()
root = DelegationCredential("c0", root_pub, mid_pub, frozenset({"cap:a", "cap:b"}), 0).sign(root_priv)
child = DelegationCredential("c1", mid_pub, leaf_pub, frozenset({"cap:a"}), 1, parent_id="c0").sign(mid_priv)
verify_chain([root, child]) # raises on any violationThe runtime peer path (accepting a delegation credential on a live inbound A2A call, attesting the peer, sealing the payload) is under construction. See ROADMAP.md and LIMITATIONS.md.