Skip to main content
Use agent-delegation so an account can approve what an agent is allowed to do. Registration (agent-identity) alone does not grant those permissions. In API payloads, the field name is controllerWallet. It represents the approving account wallet (the account that signs this step). See Agent concepts. Verifier ID: agent-delegation Typical path: complete delegation in the hosted verify flow or with neus_agent_create in MCP.

Basic delegation

const proof = await client.verify({
  verifier: 'agent-delegation',
  data: {
    controllerWallet: '0x...',  // Must match signer (approving account)
    controllerChainRef: 'eip155:8453',
    agentWallet: '0x...',
    agentChainRef: 'eip155:8453',
    scope: 'global',
    permissions: ['read-proofs'],
  },
  walletAddress: controllerWallet,
});

Advanced delegation

Use this section for payment-scoped delegation, spend caps, or extra policy fields.

maxSpend (optional)

maxSpend is a whole-number string in token base units (no decimal separator, 1–78 digits). This matches common on-chain amount encoding and avoids floating-point rounding issues.
  • USDC (typical payments:x402): six decimal places — e.g. 25 USDC → "25000000". Use toAgentDelegationMaxSpend('25', 6) from @neus/sdk.
  • Native ETH-style assets: eighteen decimal places — e.g. 1 ETH → "1000000000000000000".
Token metadata is not stored on the proof; resolve the cap using your scope and product defaults. 
import { toAgentDelegationMaxSpend } from '@neus/sdk';

await client.verify({
  verifier: 'agent-delegation',
  data: {
    controllerWallet: '0x...',
    controllerChainRef: 'eip155:8453',
    agentWallet: '0x...',
    agentChainRef: 'eip155:8453',
    scope: 'payments:x402',
    permissions: ['execute', 'read'],
    maxSpend: toAgentDelegationMaxSpend('100.50', 6),
    allowedPaymentTypes: ['x402'],
    receiptDisclosure: 'summary',
    expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
    instructions: 'Policy instructions for the delegated agent',
    skills: ['market-data']
  },
  walletAddress: controllerWallet,
});

Fields

FieldRequiredDescription
controllerWalletYesApproving account wallet. Must match signer.
controllerChainRefYes in data, or set chain or chainId on the verification request for both walletsCAIP-2 chain for the controller
agentWalletYesAgent wallet address
agentChainRefYes in data, or set chain or chainId on the verification request for both walletsCAIP-2 chain for the agent
agentIdNoReference to a registered agent identity
scopeNoPermission scope (default is often global; payment agents may use a narrower scope)
permissionsNoAllowed actions (execute, read, etc.)
maxSpendNoWhole-number string: spend cap in token base units. See above.
allowedPaymentTypesNoAllowed payment rails for delegated spend
receiptDisclosureNosummary, full, or none
expiresAtNoExpiration timestamp (Unix ms)
instructionsNoPolicy instructions (max 4000 chars)
skillsNoSkill identifiers granted to the agent
Proof responses may include CAIP-10 controllerAccountId and agentAccountId. See agent-delegation verifier doc.

What You Get Back

You receive a proof receipt ID that can be reused for agent policy checks and delegated actions.

Checking access

Use proof checks or MCP neus_agent_link (readiness check) from your app — you typically do not need raw REST from the default integration path.

Security Best Practices

  • Always set expiresAt for time-limited delegation
  • Use maxSpend to limit financial exposure
  • Regularly audit delegation proofs
  • Revoke unused delegations

Revocation

await client.revokeOwnProof(proofId, wallet);