Coracle creates a key on some nsecBunker someone runs (they could choose providers via NIP-89)

Then coracle, because it’s calling the “create_or_auth_key” with a new identifier would get its local key automatically approved to all scopes (sign anything, encrypt, decrypt, etc)