> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neus.network/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent concepts

> How agent identity, scoped permission, and profiles work together on NEUS.

**Register** the agent on your profile, then **grant** what it may do. Receipts travel with the agent into gates, APIs, and MCP — any surface can check permission before action.

The two steps can be the same account (self-delegation) or two accounts (a person or org delegating to an agent).

## Roles

| Role           | Does                                          | Signs with         |
| -------------- | --------------------------------------------- | ------------------ |
| **Agent**      | Registers identity (name, type, capabilities) | Agent wallet       |
| **Controller** | Grants scoped authority and limits            | Controller account |

Together, identity and delegation give an agent a portable trust context. Any app or runtime can check who the agent is and what it is allowed to do without trusting your infrastructure.

* **Agent wallet** — identifies the agent in NEUS and self-signs `agent-identity`.
* **Controller account** — signs `agent-delegation`. It does not need to own the agent wallet.

## Scoped authority

A delegation defines exactly what the agent may do:

| Concept         | Field            | Notes                                                      |
| --------------- | ---------------- | ---------------------------------------------------------- |
| Allowed actions | `allowedActions` | Empty means permissive (unless denied)                     |
| Denied actions  | `deniedActions`  | Always wins over allowed                                   |
| Scope           | `scope`          | Defaults to `global`; use `payments:x402` for metered pay  |
| Spend cap       | `maxSpend`       | Whole-number string in token base units (USDC: 6 decimals) |
| Expiry          | `expiresAt`      | Unix milliseconds; set when money or risk is in scope      |

Capabilities (`wallet`, `signing`, `spending`, `publishing`, `mcp`, …) describe what an agent *can* do; delegation decides what it is *allowed* to do.

## Setup state

| Field       | Meaning                                 |
| ----------- | --------------------------------------- |
| `linked`    | Identity and delegation both present    |
| `principal` | Signed-in account from your MCP session |

## Next

<CardGroup cols={2}>
  <Card title="Overview" icon="robot" href="./overview">
    Start here.
  </Card>

  <Card title="Delegation" icon="key" href="./agent-delegation">
    Full field reference.
  </Card>

  <Card title="Flow" icon="route" href="./agent-verification-flow">
    Setup order.
  </Card>

  <Card title="Cookbook" icon="book-open" href="../cookbook/verifiable-agents">
    Recipes.
  </Card>
</CardGroup>