When Agents Come Calling: Proving the Human in the Machine

05 Mar 2026

05 Mar 2026 by Luke Puplett - Founder

Who's behind the request—and what can you trust?

In a world of autonomous agents, "Who goes there?" is the most expensive question your backend can ask. In 2026, a request from an LLM-driven agent looks identical to a DDoS attack or a bot-scrape—unless it carries a ProofPack. ProofPack gives you the answer before the first line of logic executes.

• Prove who's behind the request without full ID and without a central IdP. You get "human or authorised agent?" and specific claims (age, nationality, AML) from verifiable, on-chain attestations and selective disclosure—no identity provider call every time.

• One proof, many services. A user attests once and delegates to their agent; the agent (or sub-agent) presents a single JWS to any service that trusts ProofPack. No repeated logins, no sharing full ID—and the backend only needs to verify that one token and apply its own rules.

• Your backend only needs the ProofPack library. Pass the JWS and your trusted roots/attesters into ProofPack; you get valid/invalid and the disclosed claims. You then apply your own policy (alcohol, nationality, AML). No Zipwire API required for verification.

• One verifier, many issuers. Any company that does ID checks can issue attestations and ProofPacks the same way; the infrastructure and specs are open. You just configure which attester address(es) to trust (e.g. Zipwire, Coinbase). Same verification flow regardless of issuer.

• You can do it today. Get attested (e.g. Zipwire Attest), delegate (EAS, soon Zipwire), mint ProofPacks (Zipwire Mint API), verify (ProofPack npm/NuGet). IsDelegate API gives a wallet-only "is this agent working for a human?" check without handling a JWS.

What: Agents present a JWS; ProofPack verifies it and the delegation chain. So what: You stop treating agents like intruders and start treating them like customers—without the liability of holding their full ID. Now what: Get attested, delegate, mint; backends verify with ProofPack and trust the attester(s) they choose.

Services need to know who's behind a request. Human or bot? If it's a bot, is it authorised by a real person? And they need to trust specific claims—age for alcohol, nationality for regional rules, AML status for compliance—without seeing full ID or calling a central identity provider every time.

We built ProofPack and the Zipwire platform so that you can get verifiable, privacy-preserving claims from on-chain attestations and selective disclosure. No central IdP call. You attest as human, delegate a wallet to your agent, mint a ProofPack that reveals only what you choose—then your agent presents a JWS and the service provider's backend verifies it with ProofPack and applies its own rules.

The flow in plain language

The logic flow

• Human attests (e.g. "I am over 18") via Zipwire.

• Human delegates — signs a permission for the agent wallet.

• Agent presents — a JWS containing the claim and the delegation proof.

• Backend verifies — one library call, no database lookup.

1. Step 1: Establishing the Human Root. It starts with a one-time verification. Use Zipwire Attest or Zipwire Collect (linking a Yoti ID check to an EAS attestation). Your wallet is now on-chain as a verified human—the "root" of all future trust.

2. Step 2: Building the Delegation Chain. You authorize an agent by issuing an IsDelegate attestation to the agent's wallet. This creates a cryptographically bound "Power of Attorney." Because the agent is authorized, it can further delegate to sub-agents. This creates a verifiable lineage (Human → Agent → Sub-agent) that anyone can trace back to a real person on-chain. Today delegation is done on the EAS website (Base or Base Sepolia); creating delegates will be available in Zipwire soon.

3. Step 3: Minting the ProofPack. Now, equip your agent with specific "credentials" without giving away your identity. Use the Zipwire Mint API to generate a ProofPack. You select only the claims the agent needs (e.g. "Is over 18" or "UK National"). The API verifies the delegation, builds a selective-disclosure proof, and returns a JWS (JSON Web Signature). Your agent now carries its own "passport."

4. Step 4: The Agent at Work. When the agent hits a service, it presents the JWS in the Authorization: Bearer header. It's not just a token; it's a verified statement: "I am authorized by a human, and here is the proof that my human is a verified UK citizen."

5. Step 5: The "Walk-up" Verification. This is the magic. When a service receives the JWS, the ProofPack library "walks" up the delegation chain. It traces the sub-agent back to the agent, and the agent back to the human root. It then confirms that the Merkle root in the proof matches the original on-chain attestation. Result: The service gets the facts they need, you keep your privacy, and the agent gets the job done. This works regardless of how many hops (sub-agents) the request took.

A user attests once with Zipwire, delegates their agent wallet, and from then on the agent (or a sub-agent) can present a single JWS to any service that trusts ProofPack—no repeated logins, no sharing full ID.

Open Trust: One Verifier, Many Issuers

While Zipwire Attest is a primary source for humanity attestations (using the IsAHuman schema on Base), the ecosystem is open. Any KYC/ID provider can issue attestations that ProofPack understands. As a developer, you hold the keys: you simply configure your backend to trust specific attester addresses (e.g. Zipwire, Coinbase, or a government entity). If the proof chains back to a root you trust, it's valid.

Programmable Compliance

Once ProofPack validates the JWS, your backend can instantly enforce high-level business rules without handling sensitive raw data:

• Age Verification: Read the date_of_birth or age-band claim to gate restricted services (like alcohol or gaming).

• Geofencing: Check the nationality claim to comply with regional regulations or licensing.

• AML/KYC Compliance: Access verified AML status fields to automate onboarding for financial agents.

One library integration gives you an infinite variety of policy options.

New in March 2026

• IsDelegate Public API: GET /api/v1/is-delegate/{walletAddress}. No auth required. This is the fastest way for any service or MCP server to ask: "Is this wallet acting for a real human?"

• ProofPack Mint API: POST /api/v1/proofpack/mint. Generate a JWS for a delegated agent wallet, selecting only the specific identity fields you wish to disclose.

• Version 1.3.0 Release: The ProofPack library (npm and NuGet) now supports EAS GraphQL for no-RPC verification, compact JWS tokens optimized for HTTP headers, and a streamlined validation pipeline for IsDelegate and IsAHuman schemas. Production-ready for March 2026.

For developers: how to verify a JWS

Verification: Zero Latency, Local Logic. To ensure maximum privacy and zero latency, your backend verifies ProofPacks locally—no external API call required. Simply import the ProofPack library (available for JavaScript and .NET), pass in the JWS from your Authorization header, and provide your verification context (trusted roots and attesters). The library does the heavy lifting, returning the validation status and the disclosed Merkle claims.

Implementation example (Node.js)

import { AttestedMerkleExchangeReader } from '@zipwire/proofpack';

// 1. Build your context with trusted roots and EAS chains
const reader = new AttestedMerkleExchangeReader();

// 2. Verify the JWS directly from your request header
const result = await reader.readAsync(jwsFromHeader, verificationContext);

if (result.isValid) {
  const claims = result.document.merkleTree.leaves;
  // 3. Apply your policy logic
  if (claims.nationality === 'UK' && claims.age >= 18) {
    // Proceed with request
  }
}

For a complete guide on handling HTTP headers and different JWS formats, see the JWS Verification Guide.

The "Light" path: wallet-only validation

Don't need specific claims? If your only question is "Is this wallet an authorized agent for a verified human?", use the IsDelegate API.

• Endpoint: GET /api/v1/is-delegate/{walletAddress}

• No JWS, no auth. Ideal for MCP servers, simple bot gates, or initial connection handshakes.

Quick start guide

1. Get attested. Use Zipwire Attest to link your Yoti ID to your wallet via EAS.

2. Mint a ProofPack. Use the Mint API to generate a JWS for your agent.

3. Install the library. npm: npm install @zipwire/proofpack · NuGet: Install-Package Zipwire.ProofPack

4. Verify. Check our GitHub repo for boilerplate middleware and policy examples.

Stop guessing who is behind the request. Let your agents carry the proof, and let your backend trust the math.

Choose your path

• The "Lite" way: Use the IsDelegate API for a quick binary check—Human vs. Bot.

• The "Pro" way: Use the ProofPack library for deep, privacy-preserving claim verification (age, nationality, AML).

---

Learn more