# IsDelegate: Agent Delegation & Authorization IsDelegate is a blockchain attestation that proves one wallet is authorized to act on behalf of another. In the context of the agent economy, it answers a critical question: **"Is this bot actually working for a real human?"** ## The Problem It Solves When an AI agent makes a request to a service, how does that service know: * Is this a real person's agent, or just a bot? * Does the human actually authorize this agent? * Can I trust the agent's claims about who it represents? Without IsDelegate, agents are indistinguishable from malicious bots. With IsDelegate, agents carry cryptographic proof of human authorization. ## How IsDelegate Works ### The Basic Concept An **IsDelegate attestation** is a signed, on-chain statement: > "I (wallet A) authorize wallet B to act on my behalf." **Wallet A** = the human or authorizing entity **Wallet B** = the agent or bot being authorized Once created, this attestation is: * **Immutable** - Written to the blockchain (EAS on Base) * **Verifiable** - Anyone can check it without asking the issuer * **Chainable** - The agent (wallet B) can create IsDelegate attestations to sub-agents * **Revocable** - The human can revoke it if the agent is compromised ### Delegation Chains Humans can delegate to primary agents, and those agents can delegate to sub-agents, creating verifiable chains: ``` Human Wallet ↓ IsDelegate attestation Primary Agent Wallet ↓ IsDelegate attestation Sub-Agent Wallet ↓ (can delegate further) Sub-Sub-Agent Wallet ``` Each link is cryptographically signed and on-chain. ProofPack can walk this entire chain to verify that the sub-agent is ultimately authorized by a real human. **Minting proofs for sub-agents:** When you use the [ProofPack Mint API](https://github.com/zipwireapp/gbk-tz-docs/blob/main/fundamentals/api/proofpack-mint-api.md), you call it with your (the human’s) API key and pass the **agent wallet** in the request. You can pass a direct delegate’s wallet or a sub-agent’s wallet several hops down the chain (e.g. Human → Agent1 → Agent2 → Agent3). The API walks the chain back to your human attestation and mints a ProofPack for that wallet. So you can mint a proof for any delegated wallet in the chain, not only your immediate delegate. ## The Three-Step Process ### Step 1: Human Attestation (Root of Trust) First, the human must be attested as human via Zipwire or another provider: * Use [Zipwire Attest](https://zipwire.io/attest) to verify your identity * Complete a Yoti ID check (liveness + government ID) * Receive an **IsAHuman** attestation tied to your wallet * Your wallet is now cryptographically linked to verified identity data This becomes the **root** of all future delegations. ### Step 2: Create an IsDelegate Attestation Now authorize an agent. Go directly to the IsDelegate schema: [**Create IsDelegate on EAS Base →**](https://base.easscan.org/schema/view/0xc4f37c5cb76ba597c66323e399a435e4c7d46ea741588945eacae69ec2d81b97) Or manually create an attestation using the **IsDelegate** schema: 3. Set: * **Attester** = your human-attested wallet * **Recipient** = the agent's wallet address * **refUID** = reference to your IsAHuman attestation (links the chain) 4. Sign and submit the attestation to the blockchain The agent's wallet is now authorized to act for you. ### Step 3: Agent Presents Proof When the agent makes requests, it can: **Option A: Present a specific claim** * Generate a ProofPack JWS with a specific identity claim (e.g., "nationality = UK") * The ProofPack includes the delegation chain and Merkle proofs * Service verifies the JWS, attestation, delegation chain, and Merkle root **Option B: Just prove delegation** * Provide its wallet address * Service uses ProofPack's `verifyByWallet()` method * ProofPack queries EAS, finds IsDelegate attestations for that wallet, and walks the chain to your IsAHuman * Service gets a yes/no: "Is this agent authorized by a verified human?" ## Key Concepts ### The Delegation Chain (refUID Linking) Each IsDelegate attestation includes a **refUID** that points to its parent: * **Primary agent's IsDelegate** has `refUID` pointing to the human's **IsAHuman** attestation * **Sub-agent's IsDelegate** has `refUID` pointing to the primary agent's **IsDelegate** attestation This creates an unbroken chain that ProofPack can validate: ``` Sub-agent IsDelegate ↓ refUID Primary agent IsDelegate ↓ refUID Human IsAHuman attestation ``` ### Authority Continuity When verifying, ProofPack ensures: * Each attestation in the chain is valid (not revoked, not expired) * The recipient of one attestation matches the attester of the next * The chain eventually reaches a trusted root (e.g., IsAHuman) This prevents **authority hijacking** — even if an attestation is forged, the chain won't validate. ### Privacy with Delegation The human's **full identity data** never travels with the agent. Instead: * The human's wallet attests to data via Zipwire (Merkle root only stored on-chain) * The IsDelegate proves authorization * The agent presents a **ProofPack** that selectively reveals only needed claims * The service verifies without ever seeing the human's full ID ## Real-World Example ### Scenario: AI Agent Managing Contractor's Timesheets 1. **Alice (contractor)** attests as human via Zipwire * Alice's wallet = `0xAlice...` * Receives IsAHuman attestation on Base * Zipwire creates a Merkle tree from her identity (name, nationality, etc.) 2. **Alice authorizes Claude Code** to manage time tracking * Creates IsDelegate with: * Attester = `0xAlice...` (her wallet) * Recipient = `0xClaudeAgent...` (Claude's wallet) * refUID = her IsAHuman attestation UID * Submits to EAS on Base 3. **Claude Code logs time entries** * Makes request to Zipwire API: "Log 8 hours for Alice" * Includes a JWS ProofPack with: * IsDelegate attestation pointing to the delegation * Merkle proof of the delegation chain back to Alice's IsAHuman * Timestamp and signature 4. **Zipwire backend verifies** * Calls ProofPack library: `await verifyAsync(jws, verificationContext)` * ProofPack walks the delegation chain: * Claude's IsDelegate is valid ✓ * Points (via refUID) to Alice's IsAHuman ✓ * Merkle root matches ✓ * Chain reaches a trusted root (Zipwire's attester) ✓ * **Result:** Service accepts the request as authorized by a real human ## For End Users: Authorizing Your Agent If you're looking to authorize an AI agent to act on your behalf, follow the complete step-by-step guide: {% content-ref url="" %} {% endcontent-ref %} That guide walks you through: 1. Getting your IsAHuman attestation via Zipwire Attest 2. Creating your IsDelegate attestation on EAS 3. What your agent can do once authorized ## Setting Up IsDelegate for Your Agent ### Prerequisites * A **human-attested wallet** (get one via [Zipwire Attest](https://zipwire.io/attest)) * Your **agent's wallet address** * Access to [EAS on Base](https://base.easscan.org) or [Base Sepolia](https://base-sepolia.easscan.org) ### Steps 1. **Navigate to the IsDelegate Schema** * Click [this link to EAS Base IsDelegate schema](https://base.easscan.org/schema/view/0xc4f37c5cb76ba597c66323e399a435e4c7d46ea741588945eacae69ec2d81b97) (mainnet) * Or go to [base-sepolia.easscan.org](https://base-sepolia.easscan.org) for testnet and search for IsDelegate 2. **Create Attestation** * You'll be on the IsDelegate schema page * Click "Create Attestation" 3. **Fill in Details** * **Recipient Address** = your agent's wallet * **Ref UID** = your IsAHuman attestation UID (find it in your Zipwire attestations) * Any additional fields the schema requires 4. **Sign & Submit** * Connect your human-attested wallet * Review the transaction * Sign and submit to the blockchain 5. **Wait for Confirmation** * The attestation will appear on-chain within a few blocks * Your agent is now authorized! ## Verifying IsDelegate in Your Backend ### Quick Check: Simple REST API For a quick check without integrating a library: ```bash GET https://zipwire.io/api/v1/is-delegate/{walletAddress} ``` **Note:** This requires trusting Zipwire's validation. For cryptographic verification, use the ProofPack library below. {% content-ref url="is-delegate-rest-api" %} [is-delegate-rest-api](https://docs.zipwire.io/fundamentals/security/attestations/is-delegate-rest-api) {% endcontent-ref %} ### Cryptographic Verification To verify in code that a wallet is delegated from a human (wallet-only check), or to validate a full ProofPack JWS with claims, use the ProofPack library. The main guide and all verification examples live in one place: {% content-ref url="../../../tools-and-integrations/proofpack-agent-delegation" %} [proofpack-agent-delegation](https://docs.zipwire.io/tools-and-integrations/proofpack-agent-delegation) {% endcontent-ref %} For copy-paste code (Path 1, Path 2, Express, ASP.NET Core, setup): [ProofPack Examples](https://docs.zipwire.io/tools-and-integrations/proofpack-agent-delegation/proofpack-examples). ## Revocation & Updates ### Revoking an Agent's Authorization If an agent is compromised or no longer needed: 1. Return to [EAS](https://base.easscan.org) 2. Find the IsDelegate attestation you created 3. Click "Revoke" and sign the transaction 4. The agent is immediately no longer authorized Any backend verifying the delegation chain will reject requests from that wallet. ### Updating Authorization You can't edit an attestation, but you can: * Revoke the old IsDelegate * Create a new IsDelegate with updated parameters * This creates a new, valid chain while the old one becomes invalid ## Privacy Considerations ### What's Stored On-Chain * The attestation that wallet A authorizes wallet B * A hash of the human's identity data (Merkle root) * Not: full name, address, ID number, or any sensitive data ### What the Agent Never Sees * The human's full identity data * Other claims the human might have attested to * Only the specific claims needed for each request ### What Services Never See * The human's full identity (only verified claims) * Which agent is involved (if using wallet-only verification) * A central log of all requests (each verification is independent) ## The Bigger Picture IsDelegate is part of a larger ecosystem: * **Zipwire Attest** = Human attestation (proof of personhood) * **IsDelegate** = Agent authorization (proof of delegation) * **ProofPack** = Selective disclosure (proof of specific claims) * **EAS on Base** = Decentralized storage (verification anchors) Together, they enable **agent economy infrastructure** where: * Humans authorize agents * Agents can act autonomously * Services can verify agent authorization * Privacy is preserved throughout *** ## Related Documentation * [How ProofPack Works: Agent-Bot-Human Problem](https://docs.zipwire.io/tools-and-integrations/proofpack-agent-delegation) * [Wallet Connections](https://docs.zipwire.io/fundamentals/security/wallet-connections) * [Passkeys](https://docs.zipwire.io/fundamentals/security/passkeys) * [ProofPack on GitHub](https://github.com/zipwireapp/ProofPack) * [EAS Documentation](https://docs.attest.sh/) *** **Need help?** Check the [ProofPack GitHub](https://github.com/zipwireapp/ProofPack) or reach out to Zipwire support.