Skip to Content
👋 Hey there! Welcome to the ZenZ Docs. Got issue? Report here
📑 DocumentationIdentityCapability Methods

Capability Management

Tools for issuing and managing capabilities and delegations in privacy-protected manner

Types

export interface CapabilityConstraints { expires_at?: number; custom_constraints?: any; } export interface Proof { proof_type: string; created: number; proof_purpose: string; verification_method: string; proof_value: any; } export interface Capability { id: string; parent_id: string; issuer: string; subject: string; resource: string; actions: string[]; constraints: CapabilityConstraints; can_delegate: boolean; delegation_depth: number; proof: Proof; created_at: number; revoked_at: number; }

grant_capability

Description: Issues and anchors a new capability on-chain for a specific subject and resource.

Input Schema:

  • id (string): Unique capability UUID.
  • parent_id(string): The ID of the parent capability
  • issuer (string): The identity granting the permission.
  • subject (string): The recipient identity.
  • resource (string): The resource URI (e.g., storage://user/docs/*).
  • actions (array[string]): List of allowed actions (e.g., read, write).
  • constraints (CapabilityConstraints): Optional object containing expiresAt and custom (JSON bytes).
  • can_delegate (boolean): Determine if receipent can delegate the capability to others
  • delegation_depth (number): Determine the depth of delegation
  • proof (Proof): the proof of this grant capability action

Note: You shall be using the same above method for delegating the current capability being the parent_id, and unique capability ID for this particular delegation.

get_capability

Description: Fetch capability details

Input Schema:

  • id (string): Unique capability UUID.

revoke_capability

Description: Revokes the capability from the subject by issuer

Input Schema:

  • id (string): Unique capability UUID.
Last updated on: