GitHubTwitterDiscord

Agent Scope Credential (ASC)

User Journey

The Agent Scope Credential defines and verifies the operational boundaries and authorized action space within which an AI agent is permitted to operate. This credential establishes clear, cryptographically-enforced limits on agent behavior, including transaction volumes, operational domains, temporal constraints, and resource access permissions, creating a verifiable "sandbox" for autonomous action.

See It in Action

COMING SOON

Why Verify Agent Scope

The Unbounded Risk Problem

Autonomous agents without defined boundaries create systemic risks:

  • Mission Creep: Agents expanding beyond intended functionality

  • Resource Exhaustion: Uncontrolled consumption of computational or financial resources

  • Cascading Failures: Single agent actions triggering systemic impacts

  • Regulatory Violations: Operating in unauthorized domains or jurisdictions

The Scope Enforcement Imperative

Verified scope credentials provide:

  • Predictable Behavior: Clear understanding of agent capabilities and limitations

  • Risk Containment: Hard limits on potential negative impact

  • Regulatory Compliance: Demonstrable constraints for compliance purposes

  • Trust Calibration: Appropriate level of trust based on verified boundaries

Why zkMe ASC

Privacy-Preserving Scope Verification

  • Zero-Knowledge Proofs: Verify scope compliance without exposing sensitive operational details

  • Selective Disclosure: Prove specific scope attributes without revealing full constraints

  • Competitive Protection: Maintain confidentiality of business logic while demonstrating compliance

Technical Superiority

  • Cryptographic Enforcement: Tamper-proof scope definitions and verification

  • Real-Time Validation: Sub-50ms scope verification for high-frequency operations

  • Dynamic Updates: Secure modification of scope parameters with proper authorization

  • Cross-Platform Consistency: Uniform scope enforcement across different environments

Enterprise-Grade Features

  • Granular Controls: Multi-dimensional scope definitions (financial, temporal, geographic, functional)

  • Hierarchical Scoping: Nested scope credentials for complex organizational structures

  • Audit Trail: Immutable record of scope definitions, modifications, and violations

  • Integration Ready: SDKs and APIs for seamless platform integration

How It Works

For Agent Developers & Principals:

  1. Scope Definition: Specify operational boundaries based on risk assessment and use case requirements

  2. Credential Creation: Generate scope credentials with defined limits and conditions

  3. Agent Configuration: Embed scope enforcement mechanisms within agent architecture

  4. Scope Attestation: Obtain third-party validation of scope constraints and enforcement

  5. Dynamic Adjustment: Update scope credentials as operational needs evolve

For Platforms & Resource Providers:

  1. Scope Verification: Check agent scope credentials before granting access

  2. Policy Enforcement: Configure systems to respect scope limitations

  3. Monitoring & Compliance: Continuously validate agent actions against attested scope

  4. Automated Enforcement: Implement hard limits based on scope credentials

For Users & Regulators:

  1. Scope Transparency: Review agent operational boundaries before engagement

  2. Risk Assessment: Evaluate potential exposure based on defined limits

  3. Compliance Verification: Ensure agents operate within authorized parameters

  4. Incident Analysis: Reference scope credentials during dispute resolution

Scope Definition Framework

Scope Dimensions → Constraint Definition → Credential Issuance → Enforcement Hooks → Verification Proofs

Key Scope Dimensions

Financial Constraints

  • Transaction Volume Limits: Maximum single transaction value

  • Cumulative Exposure: Total financial exposure across operations

  • Asset Restrictions: Approved cryptocurrencies, tokens, or financial instruments

  • Counterparty Limits: Maximum exposure to individual counterparties

Operational Boundaries

  • Domain Restrictions: Authorized operational domains (DeFi, CEX, gaming, etc.)

  • Geographic Limits: Permitted jurisdictions and restricted regions

  • Temporal Constraints: Operational hours, expiration dates, renewal requirements

  • Resource Limits: Computational, storage, and bandwidth allocations

Functional Permissions

  • API Access: Approved endpoints and method permissions

  • Smart Contract Interactions: Authorized contract addresses and function calls

  • Data Access: Permitted data sources and usage rights

  • Tool Usage: Approved external tools and services

Risk Parameters

  • Volatility Exposure: Maximum allowed market exposure

  • Leverage Limits: Maximum leverage ratios for trading operations

  • Position Sizing: Maximum position sizes relative to portfolio

  • Risk Thresholds: Automated deactivation triggers

Technical Implementation

Credential Structure

{
  "scopeId": "urn:uuid:scope-7d8e9f0a...",
  "agentDID": "did:agentry:0x1234...",
  "issuerDID": "did:agentry:principal:abc123",
  "scopeVersion": "2.1.0",
  "constraints": {
    "financial": {
      "maxTransaction": 50000,
      "maxDailyVolume": 250000,
      "allowedAssets": ["ETH", "BTC", "USDC", "DAI"],
      "maxCounterpartyExposure": 100000
    },
    "operational": {
      "allowedDomains": ["defi_lending", "dex_trading"],
      "restrictedDomains": ["derivatives", "gambling"],
      "geographicLimits": ["US", "EU", "UK"],
      "operationalHours": "00:00-23:59 UTC",
      "expiration": "2025-12-31T23:59:59Z"
    },
    "functional": {
      "approvedAPIs": ["uniswap/v3", "aave/v3", "compound/v3"],
      "allowedContracts": ["0xabc123...", "0xdef456..."],
      "maxGasPerTransaction": 5000000,
      "dataAccessPermissions": ["public", "user_provided"]
    },
    "risk": {
      "maxVolatilityExposure": 0.15,
      "maxLeverage": 3.0,
      "maxPositionSize": 0.1,
      "riskDeactivationTriggers": ["liquidation_risk > 0.8"]
    }
  },
  "enforcementMechanisms": {
    "onChainVerification": true,
    "offChainMonitoring": true,
    "automatedShutdown": true
  },
  "proofs": {
    "principalAuthorization": "zkp_principal_123...",
    "scopeIntegrity": "zkp_scope_456..."
  }
}

Enforcement Architecture

  1. Pre-Action Verification

    • Agent generates zero-knowledge proof of scope compliance before execution

    • Platforms verify proof against current scope credentials

    • Actions rejected if outside authorized scope

  2. Runtime Monitoring

    • Continuous validation of agent actions against scope constraints

    • Real-time alerts for scope boundary approaches

    • Automated intervention for scope violations

  3. Post-Action Auditing

    • Immutable logging of all actions with scope compliance status

    • Regular compliance reporting and anomaly detection

    • Scope violation analysis and response protocols

Verification Flow

  1. Scope Proof Request: Platform requests proof of specific scope compliance

  2. Zero-Knowledge Generation: Agent generates proof without revealing full constraints

  3. Cryptographic Validation: Proof verified against on-chain scope credentials

  4. Action Authorization: Platform grants or denies access based on scope compliance

Key Benefits

For Agent Principals & Developers

  • Risk Management: Clearly defined operational boundaries reduce liability exposure

  • Compliance Demonstration: Verifiable evidence of operational constraints for regulators

  • Investor Confidence: Transparent risk controls attract funding and partnerships

  • Operational Efficiency: Automated scope enforcement reduces manual oversight

For Platforms & Service Providers

  • Systemic Risk Reduction: Prevent agent actions from causing platform-wide issues

  • Regulatory Compliance: Demonstrate proper oversight of third-party agents

  • Resource Protection: Prevent resource exhaustion through enforced limits

  • User Protection: Ensure agents operate within expected parameters

For End Users

  • Transparent Operations: Clear understanding of agent capabilities and limitations

  • Risk Awareness: Informed consent about potential exposures and constraints

  • Recourse Mechanisms: Clear accountability for scope violations

  • Trust Calibration: Appropriate level of trust based on verified boundaries

For Regulators & Auditors

  • Oversight Efficiency: Standardized framework for monitoring agent operations

  • Compliance Verification: Automated validation of operational constraints

  • Incident Investigation: Clear scope definitions for violation analysis

  • Market Stability: Reduced systemic risk through contained agent operations

Use Cases to Benefit

DeFi & Financial Services

  • Trading Agents: Volume limits, asset restrictions, and risk parameter enforcement

  • Lending Protocols: Borrowing limits, collateral requirements, and liquidation triggers

  • Yield Farming: Strategy constraints, impermanent loss limits, and protocol approvals

  • Portfolio Management: Allocation limits, rebalancing thresholds, and risk controls

Enterprise Automation

  • Procurement Agents: Spending limits, vendor approvals, and contract value constraints

  • HR Systems: Salary band enforcement, benefit allocation limits, and compliance boundaries

  • IT Operations: Resource allocation limits, change management approvals, and access controls

  • Customer Service: Response escalation thresholds, refund authorization limits, and data access permissions

Healthcare Applications

  • Diagnostic Support: Confidence threshold enforcement and specialist referral triggers

  • Treatment Planning: Protocol adherence, medication dosage limits, and intervention approvals

  • Patient Monitoring: Alert escalation criteria and emergency response triggers

  • Research Operations: Data usage limitations and experimental protocol boundaries

Supply Chain & Logistics

  • Inventory Management: Reorder thresholds, supplier allocation limits, and quality controls

  • Logistics Optimization: Route constraints, carrier selection criteria, and cost limits

  • Procurement Agents: Budget adherence, supplier diversity requirements, and sustainability criteria

  • Demand Forecasting: Prediction confidence bounds and adjustment limitations

Government & Public Sector

  • Resource Allocation: Budget enforcement, eligibility criteria, and distribution limits

  • Regulatory Compliance: Inspection frequency, enforcement actions, and penalty calculations

  • Public Services: Benefit calculation boundaries, service eligibility, and escalation protocols

  • Infrastructure Management: Maintenance scheduling, resource allocation, and emergency response

Consumer Applications

  • Personal Finance: Spending limits, investment allocations, and risk tolerance enforcement

  • Smart Home: Device control permissions, energy usage limits, and privacy boundaries

  • Content Creation: Copyright compliance, content guidelines, and distribution limits

  • Social Media: Posting frequency, content moderation, and interaction limitations

Cross-Domain Applications

  • Multi-Agent Systems: Inter-agent communication limits and collective action constraints

  • Federated Learning: Data access boundaries and model update limitations

  • Autonomous Systems: Operational domain restrictions and safety parameter enforcement

  • Research Agents: Experimental scope, data usage limits, and publication constraints

Pricing & Integration

Drop us a line at [email protected] and let’s kick things off!

PreviousAgent Certification Credential (ACC)NextAgent Intent Credential (AIC)

Last updated