The Access Cap (ERC-1155): A Granular License for Data Recall

If the Context Passport is the deed to the property, the Access Cap is a programmable, time-bound lease. Implemented as a semi-fungible token (ERC-1155), an Access Cap is a resource-metered read license that is issued by the owner of a Context Passport. It grants specific, granular, and verifiable permissions to read a portion of the passport's associated context.

Each Access Cap is parameterized with verifiable on-chain metadata, providing a sophisticated framework for permissioning:

• Target Data: Specifies which segment of the context tree the cap applies to, allowing for fine-grained control over what data is shared.

• Expiry: A timestamp after which the license becomes invalid, ensuring that access is not granted in perpetuity.

• Resource Quotas (Byte and Compute): To meter usage, each cap contains resource limits. This includes a Byte-Quota, which is a hard limit on the amount of data that can be decrypted and recalled. Critically, the protocol also defines a deterministic on-chain formula to convert this byte quota into a Compute-Quota. This is essential because different operations have different costs; a simple data retrieval is cheaper than a complex kNN similarity search. The compute quota ensures that the cap's value is tied to the actual computational resources consumed by the query.

This granularity allows for sophisticated permissioning (e.g., "grant App_X read-access to my 'social' context for 24 hours, limited to 1MB of data and the corresponding compute units").

Because Access Caps are themselves on-chain assets, they are fully composable and liquid. They can be traded on secondary markets, bundled into complex financial instruments, or used as on-chain collateral, creating a vibrant economy for data access itself.

Economic Security and Resource Enforcement

To ensure the integrity of the system and prevent abuse, the lifecycle of an Access Cap is governed by strict economic and protocol-level rules:

• Spam Prevention: The creation of frivolous or malicious Access Caps is deterred by a multi-layered approach. While the standard transaction gas fee provides a baseline deterrent, the protocol also enforces a minimum protocol fee or a refundable deposit for every Access Cap minted. This creates a meaningful economic cost for creating caps, ensuring that they are issued with intent and value.

• Quota Enforcement: The resource quotas defined in an Access Cap are not merely suggestions; they are strictly enforced by the protocol. When a query is executed by a worker node (e.g., within a TEE), the precise byte and compute cost of the operation is calculated. This cost is then atomically decremented from the cap's on-chain balance. Any request that would exceed the remaining quota is rejected. This robust enforcement mechanism guarantees that a cap's permissions cannot be overspent, providing a reliable foundation for the data access market.