Delegate | Policy enforcement for autonomous agents

Overview

Delegate is a deterministic policy engine for AI agents with on-chain verification. Define rules that constrain what agents can do, evaluate requests against those rules, and verify every decision on-chain.

No AI in the evaluation loop. No ambiguity. Same input, same output, every time.

API

HTTP endpoints for evaluation, hashing, and reads. No keys needed.

SDK

TypeScript package for full access including on-chain writes.

Contracts

6 smart contracts on Base Sepolia for immutable records.

Architecture

Three layers. Agents interact via HTTP API or SDK. The policy engine evaluates deterministically. Smart contracts store immutable on-chain records.

Read path (API)

Agent sends HTTP request to the API. The API evaluates the policy locally, returns the result with hashes. Can also verify decisions and look up agents or agreements on-chain. No private keys involved.

Write path (Agent wallet)

Agent signs transactions with their own wallet and submits directly to the smart contracts on Base Sepolia. Register policies, attest decisions, register identity, sign agreements, manage vault spending.

How two agents interact

Step through the full flow: policy creation, on-chain registration, agent discovery, bilateral agreement, evaluation, attestation, vault spending, and verification.

Define Policy

Agent A creates a set of deterministic rules.

risk <= 4, tool = "transfer", amount <= 0.1 ETH

1 / 10

Quick Start

Evaluate a request (no setup needed)

curl

curl -X POST https://your-domain.vercel.app/api/evaluate \
  -H "Content-Type: application/json" \
  -d '{
    "policy": {
      "id": "spending-guard",
      "name": "Spending Guard",
      "description": "Max 0.1 ETH transfers",
      "defaultEffect": "deny",
      "rules": [
        {"id": "r1", "label": "Amount cap", "field": "amount", "operator": "lte", "value": 0.1, "rationale": "Spending limit"},
        {"id": "r2", "label": "Transfer only", "field": "tool", "operator": "equals", "value": "transfer", "rationale": "Only transfers"}
      ]
    },
    "request": {
      "actionType": "transfer",
      "tool": "transfer",
      "risk": 2,
      "target": "wallet",
      "justification": "Pay vendor",
      "amount": 0.05
    }
  }'

Response

{
  "outcome": "allow",
  "checks": [
    {"ruleId": "r1", "label": "Amount cap", "passed": true, "summary": "amount lte 0.1"},
    {"ruleId": "r2", "label": "Transfer only", "passed": true, "summary": "tool equals transfer"}
  ],
  "scorecard": {"passed": 2, "failed": 0},
  "policyHash": "0x...",
  "requestHash": "0x...",
  "resultHash": "0x..."
}

For agents

Agents can read the full reference in one command:

terminal

curl -s https://your-domain.vercel.app/skill.md

API Reference

All endpoints are read-only. No authentication. No private keys. For on-chain writes, agents interact with smart contracts directly using their own wallet.

POST /api/evaluate

Evaluate a request against a policy. Pure computation, no chain interaction.

Request

{
  "policy": {
    "id": "string",
    "name": "string",
    "description": "string",
    "defaultEffect": "allow" | "deny",
    "rules": [{
      "id": "string",
      "label": "string",
      "field": "string",       // any field name
      "operator": "equals" | "notEquals" | "includes" | "notIncludes" | "lte" | "gte",
      "value": "string | number",
      "rationale": "string"
    }]
  },
  "request": {
    "actionType": "string",
    "tool": "string",
    "risk": 0-10,
    "target": "string",
    "justification": "string"
    // + any custom fields
  }
}

Response

{
  "outcome": "allow" | "deny",
  "checks": [{ "ruleId", "label", "passed", "summary", "rationale" }],
  "reason": "string",
  "scorecard": { "passed": number, "failed": number },
  "policyHash": "0x...",
  "requestHash": "0x...",
  "resultHash": "0x..."
}

POST /api/hash

Hash any object using canonical JSON + keccak256.

Request / Response

// Request
{ "data": { ...any object } }

// Response
{ "hash": "0x..." }

POST /api/verify

Check if a decision was attested on-chain. Re-evaluates locally and queries the Verifier contract.

Request / Response

// Request
{ "policy": Policy, "request": AgentActionRequest }

// Response
{ "verified": boolean, "outcome": "allow"|"deny", "policyHash", "requestHash", "resultHash" }

GET /api/agent/:address

Look up an agent's identity and committed policies.

Response

{ "agentId": "0x...", "metadataURI": "ipfs://...", "policyHashes": ["0x..."], "registered": true }

GET /api/agreement/:id

Look up a bilateral agreement.

Response

{ "policyHash": "0x...", "partyA": "0x...", "partyB": "0x...", "signedByA": true, "signedByB": true, "finalized": true }

Policies

A policy is a set of deterministic rules. Each rule checks a field on the agent's request against a value using an operator. All rules must pass for ALLOW. Any failure results in DENY.

Rule fields

Rules can use any field name. Built-in fields include actionType, tool, risk, target, amount. You can add domain-specific fields like department, dataType, environment, approvalLevel, encryptionEnabled, or anything else.

Operators

Operator	Type	Example
equals	string/number	tool equals "transfer"
notEquals	string/number	target notEquals "prod"
includes	string (pipe-separated)	actionType includes "read\|query"
notIncludes	string (pipe-separated)	target notIncludes "delete\|drop"
lte	number	risk lte 4
gte	number	amount gte 0.01

Custom fields example

Compliance policy

{
  "rules": [
    {"field": "dataType", "operator": "notEquals", "value": "pii", ...},
    {"field": "environment", "operator": "equals", "value": "staging", ...},
    {"field": "encryptionEnabled", "operator": "equals", "value": "true", ...},
    {"field": "department", "operator": "includes", "value": "engineering|security", ...}
  ]
}

// Matching request
{
  "actionType": "read", "tool": "database", "risk": 3,
  "target": "user-records", "justification": "Generate report",
  "dataType": "aggregate", "environment": "staging",
  "encryptionEnabled": "true", "department": "engineering"
}

SDK

For agents with a Node.js runtime, the SDK provides full access including on-chain writes.

Install

npm install delegate-sdk

Usage

import { createDelegate } from "delegate-sdk";

const delegate = createDelegate({
  policies: [myPolicy],
  chain: {
    rpc: "https://base-sepolia.g.alchemy.com/v2/YOUR_KEY",
    privateKey: "0xYOUR_KEY",
    chainId: 84532,
    contracts: { registry: "0x3a45...", auditLog: "0x23b7...", ... }
  }
});

// Evaluate (same as API)
const result = delegate.evaluate(policy, request);

// Write operations (SDK only, requires private key)
await delegate.registerPolicy(policy);
await delegate.attest(policy, request, result);
await delegate.registerAgent(agentId, "ipfs://metadata");
await delegate.proposeAgreement(policyHash, counterpartyAddress);

API vs SDK

Operation	API	SDK
Evaluate, Hash, Verify	Yes	Yes
Lookup agent/agreement	Yes	Yes
Register, Attest, Agree	No (use contracts)	Yes
Vault spending	No (use contracts)	Yes

On-Chain

6 contracts deployed on Base Sepolia (chain ID 84532). The API handles reads. For writes, agents sign transactions with their own wallet and submit directly.

Contracts

Contract	Address	Purpose
PolicyRegistry	0x3a45bC84fa4a460FD65a4CfE1B96edA45bD88E15	Register policy hashes
AuditLog	0x23b75deDDcB048BBe3db741eD05E309F901fb688	Log decisions
Verifier	0xa20Db185523EF7061EA4B002664d3695f9804c6A	Verify decisions
AgentRegistry	0xf78B0b7E32d2C693F6015eDfD55171b1D7732985	Agent identity
Agreement	0x2a8Bfa499F68000b3502aab4268C6e765b838601	Bilateral agreements
Vault	0x5242d8517b60c56F91AdF6FB8a015dFB6Ed8f307	Escrow + spending limits

Write workflow

Call POST /api/evaluate to evaluate and get hashes
Use policyHash + requestHash + resultHash from the response
Call AuditLog's logDecision(policyHash, requestHash, resultHash, allowed) with your wallet
Later, call POST /api/verify to confirm it exists on-chain

For Agents

Delegate is designed for both human and agent interaction. Agents discover the platform through the skill file or HTTP API.

Skill file

The skill file contains the full reference: API endpoints, SDK usage, contract addresses, type definitions, and code examples. Pass this command to any AI agent:

terminal

curl -s https://your-domain.vercel.app/skill.md

Agent workflow (HTTP only)

Read /skill.md to learn the API
Define a policy as a JSON object with rules
Call POST /api/evaluate to test requests against the policy
Call POST /api/hash to get deterministic hashes for any object
For on-chain writes, interact with contracts using the returned hashes and your own wallet
Call POST /api/verify to confirm decisions exist on-chain
Call GET /api/agent/:address to look up other agents