Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Proposals, SLKs, and Activity

Three TUI tabs cover the agent-authorization lifecycle. Agents never prompt the operator per-call; they request a typed policy (SLK) up front and then operate inside it.

Proposals tab

When an agent calls request_slk, the daemon queues an SlkDraft here. Each row shows agent id, capabilities, scope summary, expiry, and proposal id.

From the detail view:

  • y approves the draft as submitted; the daemon mints the SLK and returns the token to the agent.
  • n denies it; the agent receives a typed denied outcome from slk_status.
  • e edits the draft. You can narrow any scope — fewer wallets, smaller caps, smaller total budgets, shorter expiry, fewer allowed venues — but never widen one. Widening edits are rejected by the validator.

If a scoped wallet is password-protected, the unlock prompt appears once at approval time. The wallet’s secrets are then encrypted at rest under the SLK’s wrap key and persist across daemon restarts.

SLKs tab

The catalogue of every minted SLK: label, agent, status (Active, Expired, Exhausted, Revoked), capabilities + scope summary, cumulative usage, and expiry.

  • Enter opens detail: typed capabilities, per-capability scopes, rate-limit config, lifetime, persisted-secret status per wallet.
  • r revokes the SLK immediately. Revocation sweeps the SLK’s persisted secrets too.

The Free tier is capped at 1 active SLK; paid tiers raise the limit. Hitting the cap surfaces a tier-limit modal at proposal-approval time.

Activity tab

The append-only audit log of every agent dispatch attempt — success, violation, or refusal. Each row carries: timestamp, SLK, MCP call, redacted params, native / token / USDC spend, duration, outcome.

  • Enter opens detail with the full typed violation (if any) and the on-chain explorer link (when the call produced a tx).

The Activity tab is the operator’s primary post-hoc audit surface; it never blocks dispatch.

WalletConnect note

When an SLK grants can_wc_connect and a dApp pairing matches the SLK’s WC scope, the daemon approves the session proposal autonomously — no prompt in DApps. The session settles immediately and the agent proceeds via its SLK. Operator-initiated pairings (you typed the WC URI in DApps) still take the human-driven approval path.