Issue a passport, run actions against it, delegate to a sub-agent, and revoke the whole chain. No install, no signup — every token below is really signed with Ed25519.
A human grants an agent a scoped, budget-capped credential.
You define your own vocabulary — permissions are just resource:action strings.
The SDK doesn't ship a fixed list; flights:search means whatever your app decides.
Risk is inferred from the verb (:read low, :write/:send medium,
:delete/:* high), or you register it in a ScopeRegistry.
Every action is checked against the passport before it runs.
Sub-agents inherit a narrower passport — scope can never widen.
Revoking a parent kills every passport beneath it, instantly.