Core invariant
Registering an agent and approving what it can do are separate steps. Different people can perform them. No wallet linking between publisher and approver is required for the open permission layer to work.Roles
| Role | Description | Signs |
|---|---|---|
| Publisher | Publishes the agent (metadata bound to an agent wallet) | The agent wallet registers the agent |
| Approver | Grants scoped access to that agent | The approving account signs access approval |
Wallets
- Agent wallet — The wallet that represents the agent on chain; used when registering / publishing the agent.
- Approving account — The wallet that signs access approval for what the agent is allowed to do (scopes, limits, expiry). This is not “ownership” of the agent wallet and does not require linking profiles.
Hosted flow
The normal path is hosted verify: complete steps in the browser (or MCP-assisted links) instead of hand-rolling signatures.Field names in the API
JSON and query parameters keep stable names for compatibility. In prose, map them like this:| API / query name | Meaning |
|---|---|
agentWallet | Agent wallet address |
controllerWallet | Approving account (grantor) in delegation payloads and checks — not “controller” in a product-linking sense |
linked (MCP) | Readiness compatibility flag: identity + access approval on file — not wallet-link |
principal (neus_me) | Signed-in NEUS account summary (DID / wallet context) — not the delegation approver unless that session is the one approving |
Where to go next
Agents overview
Capabilities and quick start
Verification flow
End-to-end sequence
MCP agent create
Start setup from tools
Verifiable agents cookbook
Integrator playbook