Skip to main content
تشغيل أي مهارة في Manus
بنقرة واحدة

macaroon-capability-credentials

النجوم١
التفرعات٠
آخر تحديث٦ يوليو ٢٠٢٦ في ١٠:٢٣

Implement macaroons (Birgisson et al. 2014) as unforgeable, attenuate-only bearer capability credentials, with cross-language byte-parity. Use for capability tokens, bearer-credential attenuation, third-party caveats + discharge gates, delegation chains, "rent-paid"/compulsion caveats, or keeping a Rust and a TypeScript macaroon impl byte-identical via shared test vectors. Covers HMAC-chained first-party caveats, the two vid (verification-id) constructions (HMAC commitment vs AES-GCM sealing) and when to use each, per-hop verification soundness, request-binding, constant-time + fail-closed verification, and the structured caveat grammar. Pairs with agentic-zero-trust-security and rust-kernel-ffi. NOT for: OAuth/OIDC/JWT web-session auth, centralized token servers, or confining a malicious same-UID process (that needs OS/VM isolation — macaroons make the gate unforgeable, not the holder confined).

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

SKILL.md
readonly