HUMΛN
DocsAPI ReferenceSDK ReferencePatternsCommunity
← Back to Patterns

Delegate Access to an Agent

Availablepassportbeginner

Overview

Grant an AI agent permission to act on your behalf with specific, time-bound, and revocable constraints. Delegation is how you give agents the authority to perform tasks while maintaining full control and accountability.

What is Delegation?

Delegation in HUMΛN means:

  • Explicit authorization - The agent can only do what you explicitly permit
  • Time-bound - Delegations expire automatically
  • Revocable - You can revoke access at any time
  • Auditable - Every action the agent takes is logged and signed

    • Think of it like: Giving someone power of attorney, but cryptographically enforced and instantly revocable.

    SDK Examples

    >
    SDK:
    0

    How Agents Use Delegation

    Once you've delegated access, the agent uses the delegation token to prove authority:

    >
    SDK:
    1

    Use Cases

    1. Enterprise Automation

    Scenario: Finance team needs an agent to process invoices, but with safety limits.

    >
    SDK:
    2

    2. Personal Assistant

    Scenario: Delegate calendar and email management to a personal AI assistant.

    >
    SDK:
    3

    3. Temporary Access

    Scenario: Grant time-limited access to a contractor agent for a specific project.

    >
    SDK:
    4

    Delegation Chains

    Agents can further delegate to other agents (with restrictions):

    >
    SDK:
    5

    Provenance Chain:

    Alice [Human] (did:human:alice) → Acme Corp [Organization] (did:human:org:acme-corp) → Senior Agent (did:human:agent:senior-processor) → Junior Agent (did:human:agent:junior-processor) → Action: Processes invoice ($800)

    Every action is traced back through the full delegation chain: humans, organizations, and agents.

    Security Considerations

    DO:

  • Use minimum required scopes (principle of least privilege)
  • Add business rule constraints (maxAmount, allowedActions)
  • Set reasonable expiration times
  • Require human approval for sensitive actions

    • DON'T:

  • Grant *:* (wildcard) scopes in production
  • Create delegations without expiration
  • Skip constraint validation
  • Reuse delegation tokens across agents

    • Revoking Delegation

    Revoke access instantly:

    >
    SDK:
    6

    Next Steps

  • Revoke Delegation - Revoke agent access
  • Delegation Chains - Multi-level delegation
  • Verify Passport Offline - Verify delegation without network

    • ---

    See Also

  • Concept Docs: Delegation
  • API Reference: Passport Delegate API
  • SDK Reference: Passport.delegate()

    • ← All PatternsLearn about passport