Delegation Capability Tokens: Cryptographic Permission Delegation for Autonomous AI Agents

AI agents increasingly operate with broad permissions: file access, API calls, code execution, and network requests. When Agent A spawns Agent B for a subtask, there is no standard mechanism to limit what permissions B receives, prove what permissions were delegated, audit the chain of delegation, or enforce that B cannot escalate beyond A's permissions. We present Delegation Capability Tokens (DCT), a cryptographic token format and protocol for delegating fine-grained permissions between AI agents with: Monotonic Attenuation — Delegated tokens can only have fewer permissions than parent Cryptographic Binding — Ed25519 signatures prevent forgery Time Bounding — Tokens expire, limiting exposure window Chain Tracking — Parent token IDs create audit trail Re-delegation Limits — Control depth of delegation chains DCT combines ideas from capability-based security (Dennis & Van Horn, 1966), Macaroons (Birgisson et al., 2014), and Biscuits, providing a simple yet powerful foundation for trustworthy multi-agent systems.