IsDelegate: Agent Delegation & Authorization

IsDelegate is a blockchain attestation that proves one wallet is authorized to act on behalf of another. In the context of the agent economy, it answers a critical question: "Is this bot actually working for a real human?"

The Problem It Solves

When an AI agent makes a request to a service, how does that service know:

• Is this a real person's agent, or just a bot?

• Does the human actually authorize this agent?

• Can I trust the agent's claims about who it represents?

Without IsDelegate, agents are indistinguishable from malicious bots. With IsDelegate, agents carry cryptographic proof of human authorization.

How IsDelegate Works

The Basic Concept

An IsDelegate attestation is a signed, on-chain statement:

"I (wallet A) authorize wallet B to act on my behalf."

Wallet A = the human or authorizing entity Wallet B = the agent or bot being authorized

Once created, this attestation is:

• Immutable - Written to the blockchain (EAS on Base)

• Verifiable - Anyone can check it without asking the issuer

• Chainable - The agent (wallet B) can create IsDelegate attestations to sub-agents

• Revocable - The human can revoke it if the agent is compromised

Delegation Chains

Humans can delegate to primary agents, and those agents can delegate to sub-agents, creating verifiable chains:

Each link is cryptographically signed and on-chain. ProofPack can walk this entire chain to verify that the sub-agent is ultimately authorized by a real human.

Minting proofs for sub-agents: When you use the ProofPack Mint API, you call it with your (the human’s) API key and pass the agent wallet in the request. You can pass a direct delegate’s wallet or a sub-agent’s wallet several hops down the chain (e.g. Human → Agent1 → Agent2 → Agent3). The API walks the chain back to your human attestation and mints a ProofPack for that wallet. So you can mint a proof for any delegated wallet in the chain, not only your immediate delegate.

The Three-Step Process

Step 1: Human Attestation (Root of Trust)

First, the human must be attested as human via Zipwire or another provider:

• Use Zipwire Attest to verify your identity

• Complete a Yoti ID check (liveness + government ID)

• Receive an IsAHuman attestation tied to your wallet

• Your wallet is now cryptographically linked to verified identity data

This becomes the root of all future delegations.

Step 2: Create an IsDelegate Attestation

Now authorize an agent. Go directly to the IsDelegate schema:

Create IsDelegate on EAS Base →

Or manually create an attestation using the IsDelegate schema: 3. Set:

• Attester = your human-attested wallet

• Recipient = the agent's wallet address

• refUID = reference to your IsAHuman attestation (links the chain)

1. Sign and submit the attestation to the blockchain

The agent's wallet is now authorized to act for you.

Step 3: Agent Presents Proof

When the agent makes requests, it can:

Option A: Present a specific claim

• Generate a ProofPack JWS with a specific identity claim (e.g., "nationality = UK")

• The ProofPack includes the delegation chain and Merkle proofs

• Service verifies the JWS, attestation, delegation chain, and Merkle root

Option B: Just prove delegation

• Provide its wallet address

• Service uses ProofPack's verifyByWallet() method

• ProofPack queries EAS, finds IsDelegate attestations for that wallet, and walks the chain to your IsAHuman

• Service gets a yes/no: "Is this agent authorized by a verified human?"

Key Concepts

The Delegation Chain (refUID Linking)

Each IsDelegate attestation includes a refUID that points to its parent:

• Primary agent's IsDelegate has refUID pointing to the human's IsAHuman attestation

• Sub-agent's IsDelegate has refUID pointing to the primary agent's IsDelegate attestation

This creates an unbroken chain that ProofPack can validate:

Authority Continuity

When verifying, ProofPack ensures:

• Each attestation in the chain is valid (not revoked, not expired)

• The recipient of one attestation matches the attester of the next

• The chain eventually reaches a trusted root (e.g., IsAHuman)

This prevents authority hijacking — even if an attestation is forged, the chain won't validate.

Privacy with Delegation

The human's full identity data never travels with the agent. Instead:

• The human's wallet attests to data via Zipwire (Merkle root only stored on-chain)

• The IsDelegate proves authorization

• The agent presents a ProofPack that selectively reveals only needed claims

• The service verifies without ever seeing the human's full ID

Real-World Example

Scenario: AI Agent Managing Contractor's Timesheets

1. Alice (contractor) attests as human via Zipwire

   • Alice's wallet = 0xAlice...

   • Receives IsAHuman attestation on Base

   • Zipwire creates a Merkle tree from her identity (name, nationality, etc.)

2. Alice authorizes Claude Code to manage time tracking

   • Creates IsDelegate with:

     • Attester = 0xAlice... (her wallet)

     • Recipient = 0xClaudeAgent... (Claude's wallet)

     • refUID = her IsAHuman attestation UID

   • Submits to EAS on Base

3. Claude Code logs time entries

   • Makes request to Zipwire API: "Log 8 hours for Alice"

   • Includes a JWS ProofPack with:

     • IsDelegate attestation pointing to the delegation

     • Merkle proof of the delegation chain back to Alice's IsAHuman

     • Timestamp and signature

4. Zipwire backend verifies

   • Calls ProofPack library: await verifyAsync(jws, verificationContext)

   • ProofPack walks the delegation chain:

     • Claude's IsDelegate is valid ✓

     • Points (via refUID) to Alice's IsAHuman ✓

     • Merkle root matches ✓

     • Chain reaches a trusted root (Zipwire's attester) ✓

   • Result: Service accepts the request as authorized by a real human

For End Users: Authorizing Your Agent

If you're looking to authorize an AI agent to act on your behalf, follow the complete step-by-step guide:

That guide walks you through:

1. Getting your IsAHuman attestation via Zipwire Attest

2. Creating your IsDelegate attestation on EAS

3. What your agent can do once authorized

Setting Up IsDelegate for Your Agent

Prerequisites

• A human-attested wallet (get one via Zipwire Attest)

• Your agent's wallet address

• Access to EAS on Base or Base Sepolia

Steps

1. Navigate to the IsDelegate Schema

   • Click this link to EAS Base IsDelegate schema (mainnet)

   • Or go to base-sepolia.easscan.org for testnet and search for IsDelegate

2. Create Attestation

   • You'll be on the IsDelegate schema page

   • Click "Create Attestation"

3. Fill in Details

   • Recipient Address = your agent's wallet

   • Ref UID = your IsAHuman attestation UID (find it in your Zipwire attestations)

   • Any additional fields the schema requires

4. Sign & Submit

   • Connect your human-attested wallet

   • Review the transaction

   • Sign and submit to the blockchain

5. Wait for Confirmation

   • The attestation will appear on-chain within a few blocks

   • Your agent is now authorized!

Verifying IsDelegate in Your Backend

Quick Check: Simple REST API

For a quick check without integrating a library:

Note: This requires trusting Zipwire's validation. For cryptographic verification, use the ProofPack library below.

Cryptographic Verification

To verify in code that a wallet is delegated from a human (wallet-only check), or to validate a full ProofPack JWS with claims, use the ProofPack library. The main guide and all verification examples live in one place:

For copy-paste code (Path 1, Path 2, Express, ASP.NET Core, setup): ProofPack Examples.

Revocation & Updates

Revoking an Agent's Authorization

If an agent is compromised or no longer needed:

1. Return to EAS

2. Find the IsDelegate attestation you created

3. Click "Revoke" and sign the transaction

4. The agent is immediately no longer authorized

Any backend verifying the delegation chain will reject requests from that wallet.

Updating Authorization

You can't edit an attestation, but you can:

• Revoke the old IsDelegate

• Create a new IsDelegate with updated parameters

• This creates a new, valid chain while the old one becomes invalid

Privacy Considerations

What's Stored On-Chain

• The attestation that wallet A authorizes wallet B

• A hash of the human's identity data (Merkle root)

• Not: full name, address, ID number, or any sensitive data

What the Agent Never Sees

• The human's full identity data

• Other claims the human might have attested to

• Only the specific claims needed for each request

What Services Never See

• The human's full identity (only verified claims)

• Which agent is involved (if using wallet-only verification)

• A central log of all requests (each verification is independent)

The Bigger Picture

IsDelegate is part of a larger ecosystem:

• Zipwire Attest = Human attestation (proof of personhood)

• IsDelegate = Agent authorization (proof of delegation)

• ProofPack = Selective disclosure (proof of specific claims)

• EAS on Base = Decentralized storage (verification anchors)

Together, they enable agent economy infrastructure where:

• Humans authorize agents

• Agents can act autonomously

• Services can verify agent authorization

• Privacy is preserved throughout

Related Documentation

• How ProofPack Works: Agent-Bot-Human Problem

• Wallet Connections

• Passkeys

• ProofPack on GitHub

• EAS Documentation

Need help? Check the ProofPack GitHub or reach out to Zipwire support.