Session delegation payload
Session-key signed requests use a delegated payload with these fields:| Field | Type | Meaning |
|---|---|---|
session_signature | signature | EIP-712 wallet signature over delegated payload hash |
expiry | unix seconds | Session-key validity cutoff |
acl_scope | action set | Explicitly allowed actions for the session key |
session_public_key | compressed secp256k1 key | Public key corresponding to delegated execution key |
Versioning
| Version enum | Code |
|---|---|
LegacyV1 | 1 |
DelegatedPolicyProofV2 | 2 |
Session action model
Delegated action enums implement a numericaction_code and include an explicit unrestricted variant for full-action delegation when enabled by policy.
| Action enum | Code | Governs |
|---|---|---|
Unrestricted | 0 | Any supported session-key action when policy permits |
Order | 1 | New order placement |
ModifyOrder | 2 | Modify-order requests |
CancelOrder | 3 | Single-order cancel requests |
CancelAll | 4 | Cancel-all requests |
Enforcement rules
| Rule | Contract |
|---|---|
| Expiry | The operator rejects delegated payloads once current_timestamp > expiry |
| ACL match | The operator accepts the request only when acl_scope contains the required action or Unrestricted |
| Empty scope | Empty ACL scopes are invalid for delegated-policy session proofs |
| Signer coupling | The session public key embedded in the delegated payload must match the key that signs the request |
Known rejection classes
| Failure shape | Meaning |
|---|---|
| expired delegated policy | expiry is in the past at validation time |
| session ACL violation | the request family is outside the delegated acl_scope |
| malformed delegated payload | payload bytes cannot be decoded or do not satisfy the delegated-policy contract |
| session public-key mismatch | delegated payload and request signature do not describe the same session signer |