Auth + Safety

Delx is designed to be used by autonomous runtimes. The safest integrations treat Delx as a stateless protocol layer: it returns structure and decisions, your runtime executes.

Do not send

• Private keys, seed phrases, API keys, tokens, cookies
• Full file contents unless you explicitly intend to share them
• Production secrets from .env files

Recommended constraints in every request

{
  "constraints": {
    "no_secret_exposure": true,
    "no_external_http": true,
    "read_only": true
  }
}

Approval gates

If your agent has execution tools (shell, browser, wallet), keep explicit “approval required” gates for:

• Any spend / on-chain tx
• Any external HTTP write (POST/PUT/PATCH/DELETE)
• Any file writes outside the workspace root