MCP Servers: Agent Authorization

An MCP server needs to know whether a connecting wallet is authorized by a real human. The agent connects with its wallet; the server uses ProofPack to verify the IsDelegate chain back to an IsAHuman attestation—no identity data is exposed, just a yes/no.

Flow: Agent connects → server calls verifyByWallet(agentWallet) (or IsDelegate REST API) → server grants or restricts access.

Implementation (canonical)

All code lives in ProofPack Examples and the main ProofPack & Agent Delegation guide. Use:

• Path 1: Wallet-only (JavaScript) — verifyByWallet(agentWallet)

• Express.js middleware — middleware that reads x-agent-wallet and returns 403 when not authorized

• Common use cases → MCP Server — same check for granting or restricting MCP access