Getting Started with Wallet4Agent

Wallet4Agent allows you to provision trusted identity and credential wallets for AI Agents — aligned with the EUDI Wallet architecture.
Your agents can authenticate, receive verifiable credentials, present proofs, and act On‑Behalf‑Of humans or companies.

All capabilities are exposed through a remote MCP Server compatible with any MCP‑enabled agent framework.

1. 🚀 Overview

A typical flow:

1. A Developer creates one account as either:
2. a Human (personal developer), or

3. a Company (organization controlling agents).
   This creates a DID and a base wallet.

4. Using this Human or Company account, the developer connects to the Wallet4Agent MCP Server.

5. Through MCP, the developer creates one or more Agent wallets (each with its own DID and wallet).

6. For each Agent, the developer receives:

7. an Admin Personal Access Token (admin_pat)

8. an Agent Personal Access Token (agent_pat) or OAuth2 client credentials

9. Using the Admin token, the developer configures each agent (keys, ecosystem, OBO, publishing rules).

10. Using the Agent token, the agent receives credentials, authenticates, signs data, presents proofs, and interacts with users and other agents.

All interactions happen through:

POST https://wallet4agent.com/mcp

You can create as many Agent wallets as you want under the same Human or Company account.

2. 🧩 Roles and Authentication

2.1 Developer (Human or Company account)

Created with:

create_account

A developer account: - Owns all Agent wallets - Receives notifications - Issues On‑Behalf‑Of delegations - Controls wallet policies

This account has a DID and wallet like any EUDI‑style identity.

2.2 Admin (per Agent)

Authenticated using:

Authorization: Bearer <admin_personal_access_token>

An Admin can: - Configure the Agent wallet - Register OAuth keys - Rotate tokens - Set ecosystem (DIIP, EWC, ARF…) - Set AgentCard - Delete the Agent wallet - Inspect attestations

Each Agent has its own Admin token.

2.3 Agent

Authenticated using: - Bearer <agent_personal_access_token> - OAuth2 Client Credentials - OAuth2 private_key_jwt

The Agent: - Receives credentials - Publishes Linked VPs - Signs messages - Authenticates to other agents - Verifies users - Acts On‑Behalf‑Of its owner

3. 🧑‍💼 Create a Human or Company Account

Tool:

create_account

Creates: - A DID - A wallet - An owner identity (Human or Company)

Example:

{
  "name": "create_account",
  "arguments": {
    "account_type": "company",
    "notification_email": "dev@mycompany.com",
    "did_method": "did:web"
  }
}

You now have: - A Company DID - A Company wallet - The right to create and control Agents

4. 🤖 Creating Agent Wallets

Authenticated as your Human or Company account.

Tool:

create_agent_identifier_and_wallet

Creates: - An Agent DID - An Agent wallet - DID Document - MCP credentials

Returns: - Agent DID - Wallet URL - Admin PAT - Agent PAT or OAuth credentials

You can repeat this as many times as you want.

5. 🛠 Admin Tools

Authenticated with:

Authorization: Bearer <admin_pat>

get_account_configuration

Returns owner (Human/Company) wallet data.

get_wallet_configuration

Returns configuration of one Agent wallet.

update_configuration

Configure: - Ecosystem profile - AgentCard - OAuth keys - Human‑in‑the‑loop rules

delete_wallet

Deletes the Agent wallet and all its credentials.

6. 🔐 Agent Authentication Modes

PAT

Authorization: Bearer <agent_pat>

OAuth2 Client Credentials

POST /oauth/token
grant_type=client_credentials
client_id=<agent_did>
client_secret=<agent_secret>

OAuth2 private_key_jwt

Agent signs a JWT with a registered public key.

7. 🎫 Agent Wallet Capabilities

Agents can:

• Accept credentials
• Store them
• Publish Linked VPs
• Resolve other agents
• Authenticate
• Sign data
• Verify users

Tools include: - accept_credential_offer
- get_attestations_of_this_wallet
- publish_attestation
- unpublish_attestation
- resolve_agent_identifier

8. 🔄 Agent‑to‑Agent Trust

Agents authenticate using OIDC4VP.

Tools: - start_agent_authentication
- poll_agent_authentication

This provides cryptographic proof of the other agent’s DID, keys, and published claims.

9. 👤 User Verification

Agents can verify humans by email‑based wallet flows.

Tools: - start_user_verification
- poll_user_verification

Supports: - Profile verification - Over‑18 proof

10. ✍ Cryptographic Signing

Agents can sign:

• Raw text
• JSON payloads

Tools: - sign_text_message
- sign_json_payload

This proves the Agent controls its DID keys.

11. 📦 On‑Behalf‑Of (OBO) Delegation

The Human or Company can issue mandates to Agents:

issue_OBO

This creates a Verifiable Credential that says:

“This Agent is authorized to perform task X on my behalf until time Y.”

This is the legal and cryptographic foundation of delegated AI action.

12. 🎯 Next Steps

• Create your Human or Company account
• Connect it to MCP
• Create Agent wallets
• Issue OBO mandates
• Attach credentials
• Go live with trusted AI agents