ERC-8102: Permissioned Pull

recurmj · December 10, 2025, 9:56am

Update: RIP-001 Canonical Revision (Alignment with RIP-000)

Following community feedback and the publication of RIP-000: The One-Shot Authorization Flaw, I have published a fully updated version of RIP-001: The Permissioned-Pull Primitive.

What changed:

1. Framing cleanup

All philosophical or narrative framing has been removed.

RIP-001 is now strictly:

architectural,
normative,
minimal,
and aligned 1:1 with the problem defined in RIP-000

(“durable, revocable, portable authorization” as the missing primitive).

This brings RIP-001 fully in line with Ethereum EIP expectations.

2. ERC-A / ERC-B split merged into RIP-001

Earlier drafts (ERC-A for the Authorization object, ERC-B for the Pull Executor) were originally suggested by EF reviewers to modularize the standard.

Those drafts remain available for comparison, but RIP-001 now supersedes them as the canonical specification:

It incorporates:
- the Authorization struct
- the executor interface
- revocation semantics
- EIP-712 domain rules
- nonce usage guarantees
- error conditions and event expectations

This keeps the standard cohesive and removes fragmentation for reviewers.

A later ERC submission may still choose the A/B split, but RIP-001 is now the authoritative spec the ERC will be derived from.

3. Alignment with RIP-000

RIP-001 now explicitly positions itself as the concrete solution to the architectural gap identified in RIP-000:

one-shot authorization cannot express durable, revocable, portable consent.

RIP-001 defines the minimal primitive required to fill that gap.

No over-claiming, no references to unrelated system failures, strictly scoped to the absence of persistent authorization.

RIP-000 post:

4. Canonical Standard Draft

The new RIP-001 draft is now:

fully self-contained
normative
ready for ERC conversion
cleanly implementable
consistent with the Recur Consent Layer terminology introduced in RIP-000

This is now the version I will maintain going forward. All prior drafts (ERC-A/B, early versions, prototype specs) are preserved but are no longer authoritative.

Link to updated RIP-001:

github.com/recurmj/recur-standard

docs/RIP-001.md

main

# RIP-001: The Permissioned-Pull Standard  
**Category:** Standards Track (Core Primitive)  
**Author:** Recur Labs   
**Status:** Draft (canonical post-RIP-000 alignment)  
**Created:** 2025  
**Replaces:** ERC-A / ERC-B split drafts (superseded by unified RIP-001)  
**Depends on:** EIP-712  

---

## Abstract

RIP-001 defines the **Permissioned-Pull Standard**, a durable authorization primitive that enables safe, scoped, revocable, grantee-initiated transfers of ERC-20 tokens.

A **grantor** signs an off-chain *Authorization object* describing:
- who may pull,
- which token,
- how much per pull,
- when the authorization is valid,
- and a unique nonce for replay protection.

This file has been truncated. show original

Feedback especially from wallet authors, AA implementers, security researchers, and protocol developers is very welcome before locking the ERC version.