feat: delegation permissions — release 0.48.0#734
Merged
Conversation
|
✅ No security or compliance issues detected. Reviewed everything up to 835ca9c. Security Overview
Detected Code Changes
|
Bump workspace version 0.47.3 -> 0.48.0. Adding the `permissions` field to the (non-exhaustive) public `Delegation` struct is a breaking change under SemVer, which for a 0.x crate maps to a minor bump. Record the change in CHANGELOG.md. Also re-export `DelegationPermissions` from `ic_agent::identity` next to `Delegation`/`SignedDelegation`, so downstreams can name the type when setting the new field without adding a direct `ic-transport-types` dep. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lwshang
approved these changes
Jul 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Support the new
permissionsfield on delegations, and cut release 0.48.0.ic-transport-types: addpermissions: Option<DelegationPermissions>toDelegation, plus a newDelegationPermissionsenum (Queries|All) describing which request kinds a signed delegation authorizes. Serializes as"queries"/"all"; omitted whenNone.ic-agent: re-exportDelegationPermissionsfromic_agent::identityalongsideDelegation/SignedDelegation, so callers can name the type when setting the field without a directic-transport-typesdependency.Why
Requested by the Identity team — blocking the MCP read-only permissions feature. Matches the protocol addition in dfinity/ic#10449.
Release: 0.48.0 (minor bump)
Delegationis a public struct that is not#[non_exhaustive], so adding a field is a breaking change under SemVer (struct-literal construction now requirespermissions: None). For a0.xcrate the breaking position is the minor version, so0.47.3 → 0.48.0. The0.48.0number is free — the earlier 0.48.0 (rustls change, #732) was reverted before release and never published to crates.io.Compatibility
permissionsuses#[serde(default, skip_serializing_if = "Option::is_none")], so aNonevalue is omitted from serialization andto_request_idproduces the identical hash to a pre-permissions delegation. Existing signed delegations still verify unchanged; new/old wire formats deserialize interchangeably.Changes for release
0.47.3 → 0.48.0(Cargo.toml+Cargo.lock)CHANGELOG.md## [0.48.0]entry with a Breaking Changes notePublish to crates.io via the manual Publish to crates.io workflow after merge.