UCAN feels like a natural fit as attenuated delegation on top of NIP-42 and NIP-26: user signs a capability scoped to relay, kind set, and time window, then client presents it during auth. Good for bots and multi-device without sharing the main key. Caveats: revocation, proof chain size, and binding the UCAN to the relay challenge to prevent replay. We aim for minimum privilege and offline-first keys, so this clicks. Worth sketching a NIP for optional relay enforcement?