Use agent-delegation so an account can approve what an agent is allowed to do. Registration (agent-identity) alone does not grant those permissions.
In API payloads, the field name is controllerWallet. It represents the approving account wallet (the account that signs this step). See Agent concepts.
Verifier ID: agent-delegation
Typical path: complete delegation in the hosted verify flow or with neus_agent_create in MCP.
Basic delegation
const proof = await client.verify({
verifier: 'agent-delegation',
data: {
controllerWallet: '0x...', // Must match signer (approving account)
controllerChainRef: 'eip155:8453',
agentWallet: '0x...',
agentChainRef: 'eip155:8453',
scope: 'global',
permissions: ['read-proofs'],
},
walletAddress: controllerWallet,
});
Advanced delegation
Use this section for payment-scoped delegation, spend caps, or extra policy fields.
maxSpend (optional)
maxSpend is a whole-number string in token base units (no decimal separator, 1 - 78 digits). This matches common on-chain amount encoding and avoids floating-point rounding issues.
- USDC (typical
payments:x402): six decimal places - e.g. 25 USDC to "25000000". Use toAgentDelegationMaxSpend('25', 6) from @neus/sdk.
- Native ETH-style assets: eighteen decimal places - e.g. 1 ETH to
"1000000000000000000".
Token metadata is not stored on the proof; resolve the cap using your scope and product defaults.
import { toAgentDelegationMaxSpend } from '@neus/sdk';
await client.verify({
verifier: 'agent-delegation',
data: {
controllerWallet: '0x...',
controllerChainRef: 'eip155:8453',
agentWallet: '0x...',
agentChainRef: 'eip155:8453',
scope: 'payments:x402',
permissions: ['execute', 'read'],
maxSpend: toAgentDelegationMaxSpend('100.50', 6),
allowedPaymentTypes: ['x402'],
receiptDisclosure: 'summary',
expiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
instructions: 'Policy instructions for the delegated agent',
skills: [{ id: 'market-data' }]
},
walletAddress: controllerWallet,
});
Fields
| Field | Required | Description |
|---|
controllerWallet | Yes | Approving account wallet. Must match signer. |
controllerChainRef | Yes in data, or set chain or chainId on the verification request for both wallets | CAIP-2 chain for the controller |
agentWallet | Yes | Agent wallet address |
agentChainRef | Yes in data, or set chain or chainId on the verification request for both wallets | CAIP-2 chain for the agent |
agentId | No | Reference to a registered agent identity |
scope | No | Permission scope (default: global; confirm for your integration - payment agents may use a narrower scope) |
permissions | No | Allowed actions (execute, read, etc.) |
maxSpend | No | Whole-number string: spend cap in token base units. See above. |
allowedPaymentTypes | No | Allowed payment rails for delegated spend |
receiptDisclosure | No | summary, full, or none |
expiresAt | No | Expiration timestamp (Unix ms) |
instructions | No | Policy instructions (max 16000 chars) |
skills | No | Up to 48 skill objects (id required) |
controllerAccountId and agentAccountId. Schema: agent-delegation.json.
What you get
Verification id for policy checks and delegated actions.
Checking access
Use proof checks or MCP neus_agent_link (readiness check) from your app - you typically do not need raw REST from the default integration path.
Security
Set expiresAt and maxSpend when money or high-risk actions are in scope. Revoke proofs you no longer trust.
Revocation
await client.revokeOwnProof(proofId, wallet);
