NEUS Docs | Trust Infrastructure for Apps and Agents

Grant scoped authority to an agent. Identity alone (agent-identity) does not include permissions. Verifier ID: agent-delegation controllerWallet is the approving account — the address that signs this step. See Agent concepts.

Setup

Check

neus_context → neus_agent_link

Create

neus_agent_create. Leave out controllerWallet when the signed-in profile account should approve.

Confirm

neus_agent_link until linked: true

Or finish on NEUS via hosted verify.

SDK

await client.verify({
  verifier: 'agent-delegation',
  data: {
    controllerWallet: '0x...',
    agentWallet: '0x...',
    scope: 'global',
    permissions: ['read-proofs'],
  },
  walletAddress: '0x...',
});

App link

One-time user approval so your backend can create proofs without asking them to sign every request. This is not the same as publishing a gate in Hub (billing for hosted checks). See Integrations.

User signs in on NEUS
User approves delegation once
Your app stores the qHash
Your backend calls verification with x-neus-app — no per-request signature

await client.verify({
  verifier: 'agent-delegation',
  data: {
    controllerWallet: userWallet,
    agentWallet: userWallet,
    scope: 'app-link',
    permissions: [
      'app:your-app-id',
      'origin:https://yourapp.com',
    ],
    expiresAt: Date.now() + 90 * 24 * 60 * 60 * 1000,
  },
  walletAddress: userWallet,
});

Permissions:

app:<appId> — matches your x-neus-app header
origin:<url> — restrict to your domain
origin:* — any origin

Send x-neus-app: your-app-id and Origin: https://yourapp.com on verification requests.

Payment delegation

maxSpend is a whole-number string in token base units. For USDC (6 decimals), 25 USDC = "25000000". Use toAgentDelegationMaxSpend('25', 6) from @neus/sdk.

import { toAgentDelegationMaxSpend } from '@neus/sdk';

await client.verify({
  verifier: 'agent-delegation',
  data: {
    controllerWallet: '0x...',
    agentWallet: '0x...',
    scope: 'payments:x402',
    permissions: ['execute', 'read'],
    maxSpend: toAgentDelegationMaxSpend('100.50', 6),
    allowedPaymentTypes: ['x402'],
    receiptDisclosure: 'summary',
    expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
  },
  walletAddress: '0x...',
});

Fields

Field	Required	Description
`controllerWallet`	Yes	Approving account (must match signer)
`agentWallet`	Yes	Agent address
`agentId`	No	Linked identity id
`scope`	No	Permission scope (default: `global`)
`permissions`	No	Allowed actions
`maxSpend`	No	Spend cap in token base units
`allowedPaymentTypes`	No	Payment rails (e.g. `x402`)
`receiptDisclosure`	No	`summary`, `full`, or `none`
`expiresAt`	No	Expiration (Unix ms)
`instructions`	No	Policy text (16000 chars)
`skills`	No	Up to 48 skill objects

Schema: agent-delegation.json.

Result

A qHash you can check before delegated actions. Use neus_agent_link or neus_proofs_check.

Revoke

await client.revokeOwnProof(qHash, walletAddress);

Set expiresAt and maxSpend when money or high-risk actions are in scope.

​Setup

​SDK

​App link

​Payment delegation

​Fields

​Result

​Revoke