ProofPack & Agent Delegation
ProofPack and agent delegation for developers and service providers
ProofPack is a library and format that enables services to verify that agents are authorized by real humans, and to accept selective identity claims without seeing full personal data.
If you're building a service that accepts requests from agents, or if you're building an agent that needs to prove authorization, this guide is for you.
The Problem: Distinguishing Bots from Authorized Agents
Every day, services face a dilemma:
Requests from agents: Could be legitimate (human-authorized) or malicious (bot)
Traditional authentication: Requires the human to log in repeatedly (bad UX for agents)
API tokens: Easy to steal, don't prove human authorization
OAuth to social providers: Requires centralized identity providers, slow, privacy-invasive
ProofPack solves this: Agents carry cryptographic proof that a verified human authorized them. Services verify locally, with zero latency and full privacy.
What is ProofPack?
ProofPack is a JSON format + library for:
Selective Disclosure: Share only specific identity claims (age, nationality, AML status) without full ID
Cryptographic Verification: Merkle trees prove data hasn't been tampered with
Delegation Proof: IsDelegate attestations prove human → agent authorization
On-Chain Trust: All attestations anchor to blockchain (EAS on Base) for immutable verification
The Two Verification Paths
Path 1: Quick Check (Wallet Only)
Question: "Is this wallet acting for a verified human?"
Use the agent's wallet address and verifyByWallet(). No JWS required.
Use cases: MCP servers, connection handshakes, rate limiting, quick bot detection.
Alternative: Simple REST API — If you prefer not to use the library, see IsDelegate REST API. It requires trusting Zipwire's validation; for independent verification use ProofPack.
Path 2: Full Proof (With Claims)
Question: "Is this agent authorized by a human, and does that human meet these criteria (age, nationality, AML)?"
The agent sends a proof in the request header. ProofPack supports both JWS and JWT; use the standard Authorization: Bearer <token> pattern—any client or gateway that handles Bearer tokens works. The token contains specific identity claims, Merkle proofs, and the delegation chain. Your service verifies it and reads the revealed claims.
Use cases: Payments, regulated services (KYC, compliance), premium features, any service that needs specific identity attributes.
Installation
See ProofPack Examples → Installation for npm, dotnet, and Rust.
Setting Up Verification
Configure trusted roots and create the verifier/reader: Quick setup: verification context.
Integration Examples
Express.js — Middleware for
x-agent-walletorAuthorization: Bearer <token>(JWS or JWT): Express.js middlewareASP.NET Core — Controller with wallet and JWS/JWT verification: ASP.NET Core agent verification
Common Use Cases
Time tracking, payment verification, compliance (KYC/AML), and MCP server integration: Common use cases.
Troubleshooting
"Agent not authorized by human"
Causes:
Agent's wallet has no IsDelegate attestations
IsDelegate was revoked
IsDelegate points to an untrusted root
IsDelegate is expired or invalid
Fix:
Verify the human created the IsDelegate on EAS
Check the refUID points to a valid IsAHuman attestation
Check the Zipwire attester address matches your trusted roots
"Invalid JWS signature"
Causes:
JWS is tampered with
Agent didn't sign it with their key
JWS format is wrong
Fix:
Verify the JWS comes directly from the agent
Check the agent signed with their private key
Verify JWS format: header.payload.signature
"Merkle root mismatch"
Causes:
Claims in the proof don't match on-chain attestation
Proof was redacted incorrectly
Attestation and proof were created separately
Fix:
Verify the agent created the proof using the correct Mint API
Check the Merkle root in the proof matches the on-chain attestation
Ensure the agent is using the latest ProofPack library
Security Best Practices
Validate early: Check agent authorization at the API entry point
Trust roots carefully: Only trust attesters you control or deeply trust
Check revocation: Revoked delegations should fail validation
Use HTTPS: Always transport proof tokens (JWS or JWT) over secure connections
Log verifications: Keep audit logs of what agents did
Rate limit by verification: Humans (verified) can request more than unverified agents
Performance & Latency
Wallet-only check: <100ms (no RPC calls needed with EAS GraphQL caching)
Full proof verification: <200ms (local Merkle proof validation)
No IdP calls: Zero latency waiting for external identity providers
ProofPack verification is fast enough for request-path authentication.
The Future: Chained Agents
As agents become more sophisticated, sub-delegation becomes important:
ProofPack validates the entire chain, so services can trust requests from deep sub-agents.
Related Documentation
ProofPack Examples — copy-paste code for Path 1, Path 2, Express, ASP.NET Core, setup, use cases
Get Started:
Install ProofPack library
Configure trusted roots
Add verification middleware to your API
Start accepting authorized agents!
Questions? Check the ProofPack docs or contact Zipwire support.
Last updated