4.5 No Direct Key Access & Fine-Grained Authorization

A core security principle is: Agents should never directly access or hold users' long-term private keys. Instead, each operation is authorized via a one-time, task-scoped session key. These session keys possess extremely precise permissions. For example, an agent authorized to "purchase dataset Y from specific data provider X" receives a signing key valid only for supplier X, the exact amount (e.g., 100 $OR), and a strictly defined acquisition time window (e.g., the next 10 minutes). When the task completes or the time window expires, the key becomes cryptographically invalid immediately. Even if such a session key is fully compromised, it affects only that specific, strictly constrained transaction.

Permission scope is defined at the task level, not at a broad agent level. Both users and agents can create these scoped authorizations—users can delegate permission for a specific task to an agent, and that agent can, if necessary, further delegate subtasks to more specialized sub-agents or external services. This fine-grained, composable authorization goes beyond simple daily spending limits. It can be refined to individual API endpoints, specific data types (e.g., "can only read market data, cannot write"), time-based conditions (e.g., "valid only on trading days 9:30-16:00"), or event-based triggers. This extreme granularity makes large-scale, widespread compromise mathematically impossible because even if an attacker obtains numerous keys, each key's utility is strictly confined to a minimal scope.