Skip to content

The Ward: Extension of Authority

"A sovereign mind must have boundaries. The Ward is the circle of salt that defines who may speak to the Daemon and what powers they may wield. It transforms a single-user tool into a multi-tenant citadel."

The Ward is the IAM (Identity and Access Management) Extension of the LychD system. It is the implementation of ADR 38 (IAM)—the security layer that enforces authentication and scoped authorization across the Vessel.

While The Veil secures the perimeter, The Ward secures the soul. It ensures that family members, automated peers, and external APIs can interact with the Lich without gaining the omnipotence of the Magus.

I. The Sigil (Identity)

In the philosophy of the Ward, a user is not a "User"; they are a bearer of a Sigil. A Sigil is a cryptographic token (API Key or JWT) bound to a specific identity in the Phylactery.

  • The Master Sigil: Created during the Summoning. It possesses the * (Universal) scope, granting total dominion over the Sepulcher.
  • Guest Sigils: Created by the Master for specific entities. Each is bound to a restrictive list of Scopes.
    • chat.read: Can read history but not speak.
    • chat.write: Can interact with Agents.
    • system.admin: Can trigger Evolution.

II. The Middleware (Enforcement)

The Ward grafts itself onto the Vessel's request lifecycle as a global middleware.

  1. Extraction: It intercepts every HTTP and WebSocket request, extracting the Sigil from the Authorization header or X-Lych-Sigil token.
  2. Validation: It verifies the cryptographic signature against the system's secret.
  3. Scope Check: Before the request reaches an endpoint, the Ward verifies that the Sigil possesses the required scope for that specific route handler.
  4. Rejection: If the check fails, the Ward returns 403 Forbidden instantly, preventing the unprivileged entity from touching the core logic.
# Usage in an Extension Router
@get("/admin/restart", guards=[RequiresScope("system.admin")])
async def restart_system() -> Response:
    ...

III. Capability Gating (The Dispatcher's Filter)

The Ward extends its protection into the cognitive realm via the Dispatcher.

  • The Filter: When an Agent is summoned, the Ward inspects the active Sigil.
  • The Mask: It physically removes sensitive tools from the Agent's arsenal if the user lacks the scope.
    • Example: A Guest user asks "Delete all files." The Agent cannot even attempt this, because the file_system.delete tool was filtered out of its context before the LLM was even invoked.

IV. Symbiosis with The Veil

The Ward and The Veil work in tandem to secure the threshold.

  • Public Shielding: The Veil is configured to reject any request to /api/* that does not carry a valid Sigil format, stopping DDoS attacks at the edge.
  • Inner Circle Bypass: Traffic originating from the Tether (VPN) is often granted a "Trusted Context," allowing the Master to bypass explicit login rituals when connecting from a bonded device.

V. Management (The Rituals)

The Ward exposes CLI commands via The CLI for Sigil management.

  • lychd ward mint <name> --scopes "chat.*,vision.*": Generates a new API Key.
  • lychd ward revoke <name>: Instantly banishes a Sigil, terminating all active sessions.
  • lychd ward audit: Displays a log of which Sigils accessed which resources, sourced from the Oculus traces.