Add PermissionDelegation feature (#5354)

This change implements the account permission delegation described in XLS-75d, see https://github.com/XRPLF/XRPL-Standards/pull/257. * Introduces transaction-level and granular permissions that can be delegated to other accounts. * Adds `DelegateSet` transaction to grant specified permissions to another account. * Adds `ltDelegate` ledger object to maintain the permission list for delegating/delegated account pair. * Adds an optional `Delegate` field in common fields, allowing a delegated account to send transactions on behalf of the delegating account within the granted permission scope. The `Account` field remains the delegating account; the `Delegate` field specifies the delegated account. The transaction is signed by the delegated account.
2025-11-20 02:55:50 +00:00 · 2025-05-08 06:14:02 -04:00
parent 9ec2d7f8ff
commit 2db2791805
49 changed files with 2976 additions and 91 deletions
--- a/include/xrpl/protocol/ErrorCodes.h
+++ b/include/xrpl/protocol/ErrorCodes.h
@@ -120,7 +120,7 @@ enum error_code_i {
    rpcSRC_ACT_MALFORMED = 65,
    rpcSRC_ACT_MISSING = 66,
    rpcSRC_ACT_NOT_FOUND = 67,
-    // unused                  68,
+    rpcDELEGATE_ACT_NOT_FOUND = 68,
    rpcSRC_CUR_MALFORMED = 69,
    rpcSRC_ISR_MALFORMED = 70,
    rpcSTREAM_MALFORMED = 71,
--- a/include/xrpl/protocol/Indexes.h
+++ b/include/xrpl/protocol/Indexes.h
@@ -279,6 +279,10 @@ amm(Asset const& issue1, Asset const& issue2) noexcept;
 Keylet
 amm(uint256 const& amm) noexcept;

+/** A keylet for Delegate object */
+Keylet
+delegate(AccountID const& account, AccountID const& authorizedAccount) noexcept;
+
 Keylet
 bridge(STXChainBridge const& bridge, STXChainBridge::ChainType chainType);

--- a/include/xrpl/protocol/Permissions.h
+++ b/include/xrpl/protocol/Permissions.h
@@ -0,0 +1,97 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of rippled: https://github.com/ripple/rippled
+    Copyright (c) 2025 Ripple Labs Inc.
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose  with  or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL ,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#ifndef RIPPLE_PROTOCOL_PERMISSION_H_INCLUDED
+#define RIPPLE_PROTOCOL_PERMISSION_H_INCLUDED
+
+#include <xrpl/protocol/TxFormats.h>
+
+#include <optional>
+#include <string>
+#include <unordered_map>
+#include <unordered_set>
+
+namespace ripple {
+/**
+ * We have both transaction type permissions and granular type permissions.
+ * Since we will reuse the TransactionFormats to parse the Transaction
+ * Permissions, only the GranularPermissionType is defined here. To prevent
+ * conflicts with TxType, the GranularPermissionType is always set to a value
+ * greater than the maximum value of uint16.
+ */
+enum GranularPermissionType : std::uint32_t {
+#pragma push_macro("PERMISSION")
+#undef PERMISSION
+
+#define PERMISSION(type, txType, value) type = value,
+
+#include <xrpl/protocol/detail/permissions.macro>
+
+#undef PERMISSION
+#pragma pop_macro("PERMISSION")
+};
+
+enum Delegation { delegatable, notDelegatable };
+
+class Permission
+{
+private:
+    Permission();
+
+    std::unordered_map<std::uint16_t, Delegation> delegatableTx_;
+
+    std::unordered_map<std::string, GranularPermissionType>
+        granularPermissionMap_;
+
+    std::unordered_map<GranularPermissionType, std::string> granularNameMap_;
+
+    std::unordered_map<GranularPermissionType, TxType> granularTxTypeMap_;
+
+public:
+    static Permission const&
+    getInstance();
+
+    Permission(const Permission&) = delete;
+    Permission&
+    operator=(const Permission&) = delete;
+
+    std::optional<std::uint32_t>
+    getGranularValue(std::string const& name) const;
+
+    std::optional<std::string>
+    getGranularName(GranularPermissionType const& value) const;
+
+    std::optional<TxType>
+    getGranularTxType(GranularPermissionType const& gpType) const;
+
+    bool
+    isDelegatable(std::uint32_t const& permissionValue) const;
+
+    // for tx level permission, permission value is equal to tx type plus one
+    uint32_t
+    txToPermissionType(const TxType& type) const;
+
+    // tx type value is permission value minus one
+    TxType
+    permissionToTxType(uint32_t const& value) const;
+};
+
+}  // namespace ripple
+
+#endif
--- a/include/xrpl/protocol/Protocol.h
+++ b/include/xrpl/protocol/Protocol.h
@@ -155,6 +155,10 @@ std::size_t constexpr maxPriceScale = 20;
 */
 std::size_t constexpr maxTrim = 25;

+/** The maximum number of delegate permissions an account can grant
+ */
+std::size_t constexpr permissionMaxSize = 10;
+
 }  // namespace ripple

 #endif
--- a/include/xrpl/protocol/TxFlags.h
+++ b/include/xrpl/protocol/TxFlags.h
@@ -120,6 +120,13 @@ constexpr std::uint32_t tfTrustSetMask =
    ~(tfUniversal | tfSetfAuth | tfSetNoRipple | tfClearNoRipple | tfSetFreeze |
      tfClearFreeze | tfSetDeepFreeze | tfClearDeepFreeze);

+// valid flags for granular permission
+constexpr std::uint32_t tfTrustSetGranularMask = tfSetfAuth | tfSetFreeze | tfClearFreeze;
+
+// bits representing supportedGranularMask are set to 0 and the bits
+// representing other flags are set to 1 in tfPermissionMask.
+constexpr std::uint32_t tfTrustSetPermissionMask = (~tfTrustSetMask) & (~tfTrustSetGranularMask);
+
 // EnableAmendment flags:
 constexpr std::uint32_t tfGotMajority                      = 0x00010000;
 constexpr std::uint32_t tfLostMajority                     = 0x00020000;
@@ -155,6 +162,8 @@ constexpr std::uint32_t const tfMPTokenAuthorizeMask  = ~(tfUniversal | tfMPTUna
 constexpr std::uint32_t const tfMPTLock                   = 0x00000001;
 constexpr std::uint32_t const tfMPTUnlock                 = 0x00000002;
 constexpr std::uint32_t const tfMPTokenIssuanceSetMask  = ~(tfUniversal | tfMPTLock | tfMPTUnlock);
+constexpr std::uint32_t const tfMPTokenIssuanceSetGranularMask = tfMPTLock | tfMPTUnlock;
+constexpr std::uint32_t const tfMPTokenIssuanceSetPermissionMask = (~tfMPTokenIssuanceSetMask) & (~tfMPTokenIssuanceSetGranularMask);

 // MPTokenIssuanceDestroy flags:
 constexpr std::uint32_t const tfMPTokenIssuanceDestroyMask  = ~tfUniversal;
--- a/include/xrpl/protocol/TxFormats.h
+++ b/include/xrpl/protocol/TxFormats.h
@@ -59,7 +59,7 @@ enum TxType : std::uint16_t
 #pragma push_macro("TRANSACTION")
 #undef TRANSACTION

-#define TRANSACTION(tag, value, name, fields) tag = value,
+#define TRANSACTION(tag, value, name, delegatable, fields) tag = value,

 #include <xrpl/protocol/detail/transactions.macro>

--- a/include/xrpl/protocol/detail/features.macro
+++ b/include/xrpl/protocol/detail/features.macro
@@ -32,6 +32,7 @@
 // If you add an amendment here, then do not forget to increment `numFeatures`
 // in include/xrpl/protocol/Feature.h.

+XRPL_FEATURE(PermissionDelegation,       Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (PayChanCancelAfter,         Supported::yes, VoteBehavior::DefaultNo)
 // Check flags in Credential transactions
 XRPL_FIX    (InvalidTxFlags,             Supported::yes, VoteBehavior::DefaultNo)
--- a/include/xrpl/protocol/detail/ledger_entries.macro
+++ b/include/xrpl/protocol/detail/ledger_entries.macro
@@ -460,6 +460,18 @@ LEDGER_ENTRY(ltPERMISSIONED_DOMAIN, 0x0082, PermissionedDomain, permissioned_dom
    {sfPreviousTxnLgrSeq,   soeREQUIRED},
 }))

+/** A ledger object representing permissions an account has delegated to another account.
+    \sa keylet::delegate
+ */
+LEDGER_ENTRY(ltDELEGATE, 0x0083, Delegate, delegate, ({
+    {sfAccount,              soeREQUIRED},
+    {sfAuthorize,            soeREQUIRED},
+    {sfPermissions,          soeREQUIRED},
+    {sfOwnerNode,            soeREQUIRED},
+    {sfPreviousTxnID,        soeREQUIRED},
+    {sfPreviousTxnLgrSeq,    soeREQUIRED},
+}))
+
 #undef EXPAND
 #undef LEDGER_ENTRY_DUPLICATE

--- a/include/xrpl/protocol/detail/permissions.macro
+++ b/include/xrpl/protocol/detail/permissions.macro
@@ -0,0 +1,68 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of rippled: https://github.com/ripple/rippled
+    Copyright (c) 2025 Ripple Labs Inc.
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose  with  or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL ,  DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#if !defined(PERMISSION)
+#error "undefined macro: PERMISSION"
+#endif
+
+/**
+ * PERMISSION(name, type, txType, value)
+ *
+ * This macro defines a permission:
+ * name: the name of the permission.
+ * type: the GranularPermissionType enum.
+ * txType: the corresponding TxType for this permission.
+ * value: the uint32 numeric value for the enum type.
+ */
+
+/** This permission grants the delegated account the ability to authorize a trustline. */
+PERMISSION(TrustlineAuthorize, ttTRUST_SET, 65537)
+
+/** This permission grants the delegated account the ability to freeze a trustline. */
+PERMISSION(TrustlineFreeze, ttTRUST_SET, 65538)
+
+/** This permission grants the delegated account the ability to unfreeze a trustline. */
+PERMISSION(TrustlineUnfreeze, ttTRUST_SET, 65539)
+
+/** This permission grants the delegated account the ability to set Domain. */
+PERMISSION(AccountDomainSet, ttACCOUNT_SET, 65540)
+
+/** This permission grants the delegated account the ability to set EmailHashSet. */
+PERMISSION(AccountEmailHashSet, ttACCOUNT_SET, 65541)
+
+/** This permission grants the delegated account the ability to set MessageKey. */
+PERMISSION(AccountMessageKeySet, ttACCOUNT_SET, 65542)
+
+/** This permission grants the delegated account the ability to set TransferRate. */
+PERMISSION(AccountTransferRateSet, ttACCOUNT_SET, 65543)
+
+/** This permission grants the delegated account the ability to set TickSize. */
+PERMISSION(AccountTickSizeSet, ttACCOUNT_SET, 65544)
+
+/** This permission grants the delegated account the ability to mint payment, which means sending a payment for a currency where the sending account is the issuer. */
+PERMISSION(PaymentMint, ttPAYMENT, 65545)
+
+/** This permission grants the delegated account the ability to burn payment, which means sending a payment for a currency where the destination account is the issuer */
+PERMISSION(PaymentBurn, ttPAYMENT, 65546)
+
+/** This permission grants the delegated account the ability to lock MPToken. */
+PERMISSION(MPTokenIssuanceLock, ttMPTOKEN_ISSUANCE_SET, 65547)
+
+/** This permission grants the delegated account the ability to unlock MPToken. */
+PERMISSION(MPTokenIssuanceUnlock, ttMPTOKEN_ISSUANCE_SET, 65548)
--- a/include/xrpl/protocol/detail/sfields.macro
+++ b/include/xrpl/protocol/detail/sfields.macro
@@ -112,6 +112,7 @@ TYPED_SFIELD(sfEmitGeneration,           UINT32,    46)
 TYPED_SFIELD(sfVoteWeight,               UINT32,    48)
 TYPED_SFIELD(sfFirstNFTokenSequence,     UINT32,    50)
 TYPED_SFIELD(sfOracleDocumentID,         UINT32,    51)
+TYPED_SFIELD(sfPermissionValue,          UINT32,    52)

 // 64-bit integers (common)
 TYPED_SFIELD(sfIndexNext,                UINT64,     1)
@@ -278,6 +279,7 @@ TYPED_SFIELD(sfRegularKey,               ACCOUNT,    8)
 TYPED_SFIELD(sfNFTokenMinter,            ACCOUNT,    9)
 TYPED_SFIELD(sfEmitCallback,             ACCOUNT,   10)
 TYPED_SFIELD(sfHolder,                   ACCOUNT,   11)
+TYPED_SFIELD(sfDelegate,                 ACCOUNT,   12)

 // account (uncommon)
 TYPED_SFIELD(sfHookAccount,              ACCOUNT,   16)
@@ -327,6 +329,7 @@ UNTYPED_SFIELD(sfSignerEntry,            OBJECT,    11)
 UNTYPED_SFIELD(sfNFToken,                OBJECT,    12)
 UNTYPED_SFIELD(sfEmitDetails,            OBJECT,    13)
 UNTYPED_SFIELD(sfHook,                   OBJECT,    14)
+UNTYPED_SFIELD(sfPermission,             OBJECT,    15)

 // inner object (uncommon)
 UNTYPED_SFIELD(sfSigner,                 OBJECT,    16)
@@ -377,3 +380,4 @@ UNTYPED_SFIELD(sfAuthAccounts,           ARRAY,     25)
 UNTYPED_SFIELD(sfAuthorizeCredentials,   ARRAY,     26)
 UNTYPED_SFIELD(sfUnauthorizeCredentials, ARRAY,     27)
 UNTYPED_SFIELD(sfAcceptedCredentials,    ARRAY,     28)
+UNTYPED_SFIELD(sfPermissions,            ARRAY,     29)
--- a/include/xrpl/protocol/detail/transactions.macro
+++ b/include/xrpl/protocol/detail/transactions.macro
@@ -22,14 +22,14 @@
 #endif

 /**
- * TRANSACTION(tag, value, name, fields)
+ * TRANSACTION(tag, value, name, delegatable, fields)
 *
 * You must define a transactor class in the `ripple` namespace named `name`,
 * and include its header in `src/xrpld/app/tx/detail/applySteps.cpp`.
 */

 /** This transaction type executes a payment. */
-TRANSACTION(ttPAYMENT, 0, Payment, ({
+TRANSACTION(ttPAYMENT, 0, Payment, Delegation::delegatable, ({
    {sfDestination, soeREQUIRED},
    {sfAmount, soeREQUIRED, soeMPTSupported},
    {sfSendMax, soeOPTIONAL, soeMPTSupported},
@@ -41,7 +41,7 @@ TRANSACTION(ttPAYMENT, 0, Payment, ({
 }))

 /** This transaction type creates an escrow object. */
-TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate, ({
+TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate, Delegation::delegatable, ({
    {sfDestination, soeREQUIRED},
    {sfAmount, soeREQUIRED},
    {sfCondition, soeOPTIONAL},
@@ -51,7 +51,7 @@ TRANSACTION(ttESCROW_CREATE, 1, EscrowCreate, ({
 }))

 /** This transaction type completes an existing escrow. */
-TRANSACTION(ttESCROW_FINISH, 2, EscrowFinish, ({
+TRANSACTION(ttESCROW_FINISH, 2, EscrowFinish, Delegation::delegatable, ({
    {sfOwner, soeREQUIRED},
    {sfOfferSequence, soeREQUIRED},
    {sfFulfillment, soeOPTIONAL},
@@ -61,7 +61,7 @@ TRANSACTION(ttESCROW_FINISH, 2, EscrowFinish, ({


 /** This transaction type adjusts various account settings. */
-TRANSACTION(ttACCOUNT_SET, 3, AccountSet, ({
+TRANSACTION(ttACCOUNT_SET, 3, AccountSet, Delegation::notDelegatable, ({
    {sfEmailHash, soeOPTIONAL},
    {sfWalletLocator, soeOPTIONAL},
    {sfWalletSize, soeOPTIONAL},
@@ -75,20 +75,20 @@ TRANSACTION(ttACCOUNT_SET, 3, AccountSet, ({
 }))

 /** This transaction type cancels an existing escrow. */
-TRANSACTION(ttESCROW_CANCEL, 4, EscrowCancel, ({
+TRANSACTION(ttESCROW_CANCEL, 4, EscrowCancel, Delegation::delegatable, ({
    {sfOwner, soeREQUIRED},
    {sfOfferSequence, soeREQUIRED},
 }))

 /** This transaction type sets or clears an account's "regular key". */
-TRANSACTION(ttREGULAR_KEY_SET, 5, SetRegularKey, ({
+TRANSACTION(ttREGULAR_KEY_SET, 5, SetRegularKey, Delegation::notDelegatable, ({
    {sfRegularKey, soeOPTIONAL},
 }))

 // 6 deprecated

 /** This transaction type creates an offer to trade one asset for another. */
-TRANSACTION(ttOFFER_CREATE, 7, OfferCreate, ({
+TRANSACTION(ttOFFER_CREATE, 7, OfferCreate, Delegation::delegatable, ({
    {sfTakerPays, soeREQUIRED},
    {sfTakerGets, soeREQUIRED},
    {sfExpiration, soeOPTIONAL},
@@ -96,14 +96,14 @@ TRANSACTION(ttOFFER_CREATE, 7, OfferCreate, ({
 }))

 /** This transaction type cancels existing offers to trade one asset for another. */
-TRANSACTION(ttOFFER_CANCEL, 8, OfferCancel, ({
+TRANSACTION(ttOFFER_CANCEL, 8, OfferCancel, Delegation::delegatable, ({
    {sfOfferSequence, soeREQUIRED},
 }))

 // 9 deprecated

 /** This transaction type creates a new set of tickets. */
-TRANSACTION(ttTICKET_CREATE, 10, TicketCreate, ({
+TRANSACTION(ttTICKET_CREATE, 10, TicketCreate, Delegation::delegatable, ({
    {sfTicketCount, soeREQUIRED},
 }))

@@ -112,13 +112,13 @@ TRANSACTION(ttTICKET_CREATE, 10, TicketCreate, ({
 /** This transaction type modifies the signer list associated with an account. */
 // The SignerEntries are optional because a SignerList is deleted by
 // setting the SignerQuorum to zero and omitting SignerEntries.
-TRANSACTION(ttSIGNER_LIST_SET, 12, SignerListSet, ({
+TRANSACTION(ttSIGNER_LIST_SET, 12, SignerListSet, Delegation::notDelegatable, ({
    {sfSignerQuorum, soeREQUIRED},
    {sfSignerEntries, soeOPTIONAL},
 }))

 /** This transaction type creates a new unidirectional XRP payment channel. */
-TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate, ({
+TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate, Delegation::delegatable, ({
    {sfDestination, soeREQUIRED},
    {sfAmount, soeREQUIRED},
    {sfSettleDelay, soeREQUIRED},
@@ -128,14 +128,14 @@ TRANSACTION(ttPAYCHAN_CREATE, 13, PaymentChannelCreate, ({
 }))

 /** This transaction type funds an existing unidirectional XRP payment channel. */
-TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund, ({
+TRANSACTION(ttPAYCHAN_FUND, 14, PaymentChannelFund, Delegation::delegatable, ({
    {sfChannel, soeREQUIRED},
    {sfAmount, soeREQUIRED},
    {sfExpiration, soeOPTIONAL},
 }))

 /** This transaction type submits a claim against an existing unidirectional payment channel. */
-TRANSACTION(ttPAYCHAN_CLAIM, 15, PaymentChannelClaim, ({
+TRANSACTION(ttPAYCHAN_CLAIM, 15, PaymentChannelClaim, Delegation::delegatable, ({
    {sfChannel, soeREQUIRED},
    {sfAmount, soeOPTIONAL},
    {sfBalance, soeOPTIONAL},
@@ -145,7 +145,7 @@ TRANSACTION(ttPAYCHAN_CLAIM, 15, PaymentChannelClaim, ({
 }))

 /** This transaction type creates a new check. */
-TRANSACTION(ttCHECK_CREATE, 16, CheckCreate, ({
+TRANSACTION(ttCHECK_CREATE, 16, CheckCreate, Delegation::delegatable, ({
    {sfDestination, soeREQUIRED},
    {sfSendMax, soeREQUIRED},
    {sfExpiration, soeOPTIONAL},
@@ -154,19 +154,19 @@ TRANSACTION(ttCHECK_CREATE, 16, CheckCreate, ({
 }))

 /** This transaction type cashes an existing check. */
-TRANSACTION(ttCHECK_CASH, 17, CheckCash, ({
+TRANSACTION(ttCHECK_CASH, 17, CheckCash, Delegation::delegatable, ({
    {sfCheckID, soeREQUIRED},
    {sfAmount, soeOPTIONAL},
    {sfDeliverMin, soeOPTIONAL},
 }))

 /** This transaction type cancels an existing check. */
-TRANSACTION(ttCHECK_CANCEL, 18, CheckCancel, ({
+TRANSACTION(ttCHECK_CANCEL, 18, CheckCancel, Delegation::delegatable, ({
    {sfCheckID, soeREQUIRED},
 }))

 /** This transaction type grants or revokes authorization to transfer funds. */
-TRANSACTION(ttDEPOSIT_PREAUTH, 19, DepositPreauth, ({
+TRANSACTION(ttDEPOSIT_PREAUTH, 19, DepositPreauth, Delegation::delegatable, ({
    {sfAuthorize, soeOPTIONAL},
    {sfUnauthorize, soeOPTIONAL},
    {sfAuthorizeCredentials, soeOPTIONAL},
@@ -174,14 +174,14 @@ TRANSACTION(ttDEPOSIT_PREAUTH, 19, DepositPreauth, ({
 }))

 /** This transaction type modifies a trustline between two accounts. */
-TRANSACTION(ttTRUST_SET, 20, TrustSet, ({
+TRANSACTION(ttTRUST_SET, 20, TrustSet, Delegation::delegatable, ({
    {sfLimitAmount, soeOPTIONAL},
    {sfQualityIn, soeOPTIONAL},
    {sfQualityOut, soeOPTIONAL},
 }))

 /** This transaction type deletes an existing account. */
-TRANSACTION(ttACCOUNT_DELETE, 21, AccountDelete, ({
+TRANSACTION(ttACCOUNT_DELETE, 21, AccountDelete, Delegation::notDelegatable, ({
    {sfDestination, soeREQUIRED},
    {sfDestinationTag, soeOPTIONAL},
    {sfCredentialIDs, soeOPTIONAL},
@@ -190,7 +190,7 @@ TRANSACTION(ttACCOUNT_DELETE, 21, AccountDelete, ({
 // 22 reserved

 /** This transaction mints a new NFT. */
-TRANSACTION(ttNFTOKEN_MINT, 25, NFTokenMint, ({
+TRANSACTION(ttNFTOKEN_MINT, 25, NFTokenMint, Delegation::delegatable, ({
    {sfNFTokenTaxon, soeREQUIRED},
    {sfTransferFee, soeOPTIONAL},
    {sfIssuer, soeOPTIONAL},
@@ -201,13 +201,13 @@ TRANSACTION(ttNFTOKEN_MINT, 25, NFTokenMint, ({
 }))

 /** This transaction burns (i.e. destroys) an existing NFT. */
-TRANSACTION(ttNFTOKEN_BURN, 26, NFTokenBurn, ({
+TRANSACTION(ttNFTOKEN_BURN, 26, NFTokenBurn, Delegation::delegatable, ({
    {sfNFTokenID, soeREQUIRED},
    {sfOwner, soeOPTIONAL},
 }))

 /** This transaction creates a new offer to buy or sell an NFT. */
-TRANSACTION(ttNFTOKEN_CREATE_OFFER, 27, NFTokenCreateOffer, ({
+TRANSACTION(ttNFTOKEN_CREATE_OFFER, 27, NFTokenCreateOffer, Delegation::delegatable, ({
    {sfNFTokenID, soeREQUIRED},
    {sfAmount, soeREQUIRED},
    {sfDestination, soeOPTIONAL},
@@ -216,25 +216,25 @@ TRANSACTION(ttNFTOKEN_CREATE_OFFER, 27, NFTokenCreateOffer, ({
 }))

 /** This transaction cancels an existing offer to buy or sell an existing NFT. */
-TRANSACTION(ttNFTOKEN_CANCEL_OFFER, 28, NFTokenCancelOffer, ({
+TRANSACTION(ttNFTOKEN_CANCEL_OFFER, 28, NFTokenCancelOffer, Delegation::delegatable, ({
    {sfNFTokenOffers, soeREQUIRED},
 }))

 /** This transaction accepts an existing offer to buy or sell an existing  NFT. */
-TRANSACTION(ttNFTOKEN_ACCEPT_OFFER, 29, NFTokenAcceptOffer, ({
+TRANSACTION(ttNFTOKEN_ACCEPT_OFFER, 29, NFTokenAcceptOffer, Delegation::delegatable, ({
    {sfNFTokenBuyOffer, soeOPTIONAL},
    {sfNFTokenSellOffer, soeOPTIONAL},
    {sfNFTokenBrokerFee, soeOPTIONAL},
 }))

 /** This transaction claws back issued tokens. */
-TRANSACTION(ttCLAWBACK, 30, Clawback, ({
+TRANSACTION(ttCLAWBACK, 30, Clawback, Delegation::delegatable, ({
    {sfAmount, soeREQUIRED, soeMPTSupported},
    {sfHolder, soeOPTIONAL},
 }))

 /** This transaction claws back tokens from an AMM pool. */
-TRANSACTION(ttAMM_CLAWBACK, 31, AMMClawback, ({
+TRANSACTION(ttAMM_CLAWBACK, 31, AMMClawback, Delegation::delegatable, ({
    {sfHolder, soeREQUIRED},
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
@@ -242,14 +242,14 @@ TRANSACTION(ttAMM_CLAWBACK, 31, AMMClawback, ({
 }))

 /** This transaction type creates an AMM instance */
-TRANSACTION(ttAMM_CREATE, 35, AMMCreate, ({
+TRANSACTION(ttAMM_CREATE, 35, AMMCreate, Delegation::delegatable, ({
    {sfAmount, soeREQUIRED},
    {sfAmount2, soeREQUIRED},
    {sfTradingFee, soeREQUIRED},
 }))

 /** This transaction type deposits into an AMM instance */
-TRANSACTION(ttAMM_DEPOSIT, 36, AMMDeposit, ({
+TRANSACTION(ttAMM_DEPOSIT, 36, AMMDeposit, Delegation::delegatable, ({
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
    {sfAmount, soeOPTIONAL},
@@ -260,7 +260,7 @@ TRANSACTION(ttAMM_DEPOSIT, 36, AMMDeposit, ({
 }))

 /** This transaction type withdraws from an AMM instance */
-TRANSACTION(ttAMM_WITHDRAW, 37, AMMWithdraw, ({
+TRANSACTION(ttAMM_WITHDRAW, 37, AMMWithdraw, Delegation::delegatable, ({
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
    {sfAmount, soeOPTIONAL},
@@ -270,14 +270,14 @@ TRANSACTION(ttAMM_WITHDRAW, 37, AMMWithdraw, ({
 }))

 /** This transaction type votes for the trading fee */
-TRANSACTION(ttAMM_VOTE, 38, AMMVote, ({
+TRANSACTION(ttAMM_VOTE, 38, AMMVote, Delegation::delegatable, ({
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
    {sfTradingFee, soeREQUIRED},
 }))

 /** This transaction type bids for the auction slot */
-TRANSACTION(ttAMM_BID, 39, AMMBid, ({
+TRANSACTION(ttAMM_BID, 39, AMMBid, Delegation::delegatable, ({
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
    {sfBidMin, soeOPTIONAL},
@@ -286,20 +286,20 @@ TRANSACTION(ttAMM_BID, 39, AMMBid, ({
 }))

 /** This transaction type deletes AMM in the empty state */
-TRANSACTION(ttAMM_DELETE, 40, AMMDelete, ({
+TRANSACTION(ttAMM_DELETE, 40, AMMDelete, Delegation::delegatable, ({
    {sfAsset, soeREQUIRED},
    {sfAsset2, soeREQUIRED},
 }))

 /** This transactions creates a crosschain sequence number */
-TRANSACTION(ttXCHAIN_CREATE_CLAIM_ID, 41, XChainCreateClaimID, ({
+TRANSACTION(ttXCHAIN_CREATE_CLAIM_ID, 41, XChainCreateClaimID, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfSignatureReward, soeREQUIRED},
    {sfOtherChainSource, soeREQUIRED},
 }))

 /** This transactions initiates a crosschain transaction */
-TRANSACTION(ttXCHAIN_COMMIT, 42, XChainCommit, ({
+TRANSACTION(ttXCHAIN_COMMIT, 42, XChainCommit, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfXChainClaimID, soeREQUIRED},
    {sfAmount, soeREQUIRED},
@@ -307,7 +307,7 @@ TRANSACTION(ttXCHAIN_COMMIT, 42, XChainCommit, ({
 }))

 /** This transaction completes a crosschain transaction */
-TRANSACTION(ttXCHAIN_CLAIM, 43, XChainClaim, ({
+TRANSACTION(ttXCHAIN_CLAIM, 43, XChainClaim, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfXChainClaimID, soeREQUIRED},
    {sfDestination, soeREQUIRED},
@@ -316,7 +316,7 @@ TRANSACTION(ttXCHAIN_CLAIM, 43, XChainClaim, ({
 }))

 /** This transaction initiates a crosschain account create transaction */
-TRANSACTION(ttXCHAIN_ACCOUNT_CREATE_COMMIT, 44, XChainAccountCreateCommit, ({
+TRANSACTION(ttXCHAIN_ACCOUNT_CREATE_COMMIT, 44, XChainAccountCreateCommit, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfDestination, soeREQUIRED},
    {sfAmount, soeREQUIRED},
@@ -324,7 +324,7 @@ TRANSACTION(ttXCHAIN_ACCOUNT_CREATE_COMMIT, 44, XChainAccountCreateCommit, ({
 }))

 /** This transaction adds an attestation to a claim */
-TRANSACTION(ttXCHAIN_ADD_CLAIM_ATTESTATION, 45, XChainAddClaimAttestation, ({
+TRANSACTION(ttXCHAIN_ADD_CLAIM_ATTESTATION, 45, XChainAddClaimAttestation, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},

    {sfAttestationSignerAccount, soeREQUIRED},
@@ -340,7 +340,7 @@ TRANSACTION(ttXCHAIN_ADD_CLAIM_ATTESTATION, 45, XChainAddClaimAttestation, ({
 }))

 /** This transaction adds an attestation to an account */
-TRANSACTION(ttXCHAIN_ADD_ACCOUNT_CREATE_ATTESTATION, 46, XChainAddAccountCreateAttestation, ({
+TRANSACTION(ttXCHAIN_ADD_ACCOUNT_CREATE_ATTESTATION, 46, XChainAddAccountCreateAttestation, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},

    {sfAttestationSignerAccount, soeREQUIRED},
@@ -357,31 +357,31 @@ TRANSACTION(ttXCHAIN_ADD_ACCOUNT_CREATE_ATTESTATION, 46, XChainAddAccountCreateA
 }))

 /** This transaction modifies a sidechain */
-TRANSACTION(ttXCHAIN_MODIFY_BRIDGE, 47, XChainModifyBridge, ({
+TRANSACTION(ttXCHAIN_MODIFY_BRIDGE, 47, XChainModifyBridge, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfSignatureReward, soeOPTIONAL},
    {sfMinAccountCreateAmount, soeOPTIONAL},
 }))

 /** This transactions creates a sidechain */
-TRANSACTION(ttXCHAIN_CREATE_BRIDGE, 48, XChainCreateBridge, ({
+TRANSACTION(ttXCHAIN_CREATE_BRIDGE, 48, XChainCreateBridge, Delegation::delegatable, ({
    {sfXChainBridge, soeREQUIRED},
    {sfSignatureReward, soeREQUIRED},
    {sfMinAccountCreateAmount, soeOPTIONAL},
 }))

 /** This transaction type creates or updates a DID */
-TRANSACTION(ttDID_SET, 49, DIDSet, ({
+TRANSACTION(ttDID_SET, 49, DIDSet, Delegation::delegatable, ({
    {sfDIDDocument, soeOPTIONAL},
    {sfURI, soeOPTIONAL},
    {sfData, soeOPTIONAL},
 }))

 /** This transaction type deletes a DID */
-TRANSACTION(ttDID_DELETE, 50, DIDDelete, ({}))
+TRANSACTION(ttDID_DELETE, 50, DIDDelete, Delegation::delegatable, ({}))

 /** This transaction type creates an Oracle instance */
-TRANSACTION(ttORACLE_SET, 51, OracleSet, ({
+TRANSACTION(ttORACLE_SET, 51, OracleSet, Delegation::delegatable, ({
    {sfOracleDocumentID, soeREQUIRED},
    {sfProvider, soeOPTIONAL},
    {sfURI, soeOPTIONAL},
@@ -391,18 +391,18 @@ TRANSACTION(ttORACLE_SET, 51, OracleSet, ({
 }))

 /** This transaction type deletes an Oracle instance */
-TRANSACTION(ttORACLE_DELETE, 52, OracleDelete, ({
+TRANSACTION(ttORACLE_DELETE, 52, OracleDelete, Delegation::delegatable, ({
    {sfOracleDocumentID, soeREQUIRED},
 }))

 /** This transaction type fixes a problem in the ledger state */
-TRANSACTION(ttLEDGER_STATE_FIX, 53, LedgerStateFix, ({
+TRANSACTION(ttLEDGER_STATE_FIX, 53, LedgerStateFix, Delegation::notDelegatable, ({
    {sfLedgerFixType, soeREQUIRED},
    {sfOwner, soeOPTIONAL},
 }))

 /** This transaction type creates a MPTokensIssuance instance */
-TRANSACTION(ttMPTOKEN_ISSUANCE_CREATE, 54, MPTokenIssuanceCreate, ({
+TRANSACTION(ttMPTOKEN_ISSUANCE_CREATE, 54, MPTokenIssuanceCreate, Delegation::delegatable, ({
    {sfAssetScale, soeOPTIONAL},
    {sfTransferFee, soeOPTIONAL},
    {sfMaximumAmount, soeOPTIONAL},
@@ -410,24 +410,24 @@ TRANSACTION(ttMPTOKEN_ISSUANCE_CREATE, 54, MPTokenIssuanceCreate, ({
 }))

 /** This transaction type destroys a MPTokensIssuance instance */
-TRANSACTION(ttMPTOKEN_ISSUANCE_DESTROY, 55, MPTokenIssuanceDestroy, ({
+TRANSACTION(ttMPTOKEN_ISSUANCE_DESTROY, 55, MPTokenIssuanceDestroy, Delegation::delegatable, ({
    {sfMPTokenIssuanceID, soeREQUIRED},
 }))

 /** This transaction type sets flags on a MPTokensIssuance or MPToken instance */
-TRANSACTION(ttMPTOKEN_ISSUANCE_SET, 56, MPTokenIssuanceSet, ({
+TRANSACTION(ttMPTOKEN_ISSUANCE_SET, 56, MPTokenIssuanceSet, Delegation::delegatable, ({
    {sfMPTokenIssuanceID, soeREQUIRED},
    {sfHolder, soeOPTIONAL},
 }))

 /** This transaction type authorizes a MPToken instance */
-TRANSACTION(ttMPTOKEN_AUTHORIZE, 57, MPTokenAuthorize, ({
+TRANSACTION(ttMPTOKEN_AUTHORIZE, 57, MPTokenAuthorize, Delegation::delegatable, ({
    {sfMPTokenIssuanceID, soeREQUIRED},
    {sfHolder, soeOPTIONAL},
 }))

 /** This transaction type create an Credential instance */
-TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate, ({
+TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate, Delegation::delegatable, ({
    {sfSubject, soeREQUIRED},
    {sfCredentialType, soeREQUIRED},
    {sfExpiration, soeOPTIONAL},
@@ -435,41 +435,47 @@ TRANSACTION(ttCREDENTIAL_CREATE, 58, CredentialCreate, ({
 }))

 /** This transaction type accept an Credential object */
-TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept, ({
+TRANSACTION(ttCREDENTIAL_ACCEPT, 59, CredentialAccept, Delegation::delegatable, ({
    {sfIssuer, soeREQUIRED},
    {sfCredentialType, soeREQUIRED},
 }))

 /** This transaction type delete an Credential object */
-TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete, ({
+TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete, Delegation::delegatable, ({
    {sfSubject, soeOPTIONAL},
    {sfIssuer, soeOPTIONAL},
    {sfCredentialType, soeREQUIRED},
 }))

 /** This transaction type modify a NFToken */
-TRANSACTION(ttNFTOKEN_MODIFY, 61, NFTokenModify, ({
+TRANSACTION(ttNFTOKEN_MODIFY, 61, NFTokenModify, Delegation::delegatable, ({
    {sfNFTokenID, soeREQUIRED},
    {sfOwner, soeOPTIONAL},
    {sfURI, soeOPTIONAL},
 }))

 /** This transaction type creates or modifies a Permissioned Domain */
-TRANSACTION(ttPERMISSIONED_DOMAIN_SET, 62, PermissionedDomainSet, ({
+TRANSACTION(ttPERMISSIONED_DOMAIN_SET, 62, PermissionedDomainSet, Delegation::delegatable, ({
    {sfDomainID, soeOPTIONAL},
    {sfAcceptedCredentials, soeREQUIRED},
 }))

 /** This transaction type deletes a Permissioned Domain */
-TRANSACTION(ttPERMISSIONED_DOMAIN_DELETE, 63, PermissionedDomainDelete, ({
+TRANSACTION(ttPERMISSIONED_DOMAIN_DELETE, 63, PermissionedDomainDelete, Delegation::delegatable, ({
    {sfDomainID, soeREQUIRED},
 }))

+/** This transaction type delegates authorized account specified permissions */
+TRANSACTION(ttDELEGATE_SET, 64, DelegateSet, Delegation::notDelegatable, ({
+    {sfAuthorize, soeREQUIRED},
+    {sfPermissions, soeREQUIRED},
+}))
+
 /** This system-generated transaction type is used to update the status of the various amendments.

    For details, see: https://xrpl.org/amendments.html
 */
-TRANSACTION(ttAMENDMENT, 100, EnableAmendment, ({
+TRANSACTION(ttAMENDMENT, 100, EnableAmendment, Delegation::notDelegatable, ({
    {sfLedgerSequence, soeREQUIRED},
    {sfAmendment, soeREQUIRED},
 }))
@@ -477,7 +483,7 @@ TRANSACTION(ttAMENDMENT, 100, EnableAmendment, ({
 /** This system-generated transaction type is used to update the network's fee settings.
    For details, see: https://xrpl.org/fee-voting.html
 */
-TRANSACTION(ttFEE, 101, SetFee, ({
+TRANSACTION(ttFEE, 101, SetFee, Delegation::notDelegatable, ({
    {sfLedgerSequence, soeOPTIONAL},
    // Old version uses raw numbers
    {sfBaseFee, soeOPTIONAL},
@@ -494,7 +500,7 @@ TRANSACTION(ttFEE, 101, SetFee, ({

    For details, see: https://xrpl.org/negative-unl.html
 */
-TRANSACTION(ttUNL_MODIFY, 102, UNLModify, ({
+TRANSACTION(ttUNL_MODIFY, 102, UNLModify, Delegation::notDelegatable, ({
    {sfUNLModifyDisabling, soeREQUIRED},
    {sfLedgerSequence, soeREQUIRED},
    {sfUNLModifyValidator, soeREQUIRED},
--- a/include/xrpl/protocol/jss.h
+++ b/include/xrpl/protocol/jss.h
@@ -145,6 +145,7 @@ JSS(attestations);
 JSS(attestation_reward_account);
 JSS(auction_slot);            // out: amm_info
 JSS(authorized);              // out: AccountLines
+JSS(authorize);               // out: delegate
 JSS(authorized_credentials);   // in: ledger_entry DepositPreauth
 JSS(auth_accounts);           // out: amm_info
 JSS(auth_change);             // out: AccountInfo
@@ -699,7 +700,7 @@ JSS(write_load);              // out: GetCounts
 #pragma push_macro("TRANSACTION")
 #undef TRANSACTION

-#define TRANSACTION(tag, value, name, fields) JSS(name);
+#define TRANSACTION(tag, value, name, delegatable, fields) JSS(name);

 #include <xrpl/protocol/detail/transactions.macro>