Connect wallets. Delegate safely. Settle with proof.
ErgoConnect defines the boundary between a human-controlled Ergo wallet and autonomous-work agents: address proof, wallet policy, exact transaction handoff, signing approval, receipt retention, and settlement verification.
Agents do not get wallets. Agents get bounded mandates checked by local wallet policy.
Safe claim
ErgoConnect is a proposed TrustConnect-style, CAIP-native wallet boundary for Ergo agent workflows.
Do not claim
Do not claim Trust Wallet or TrustConnect production support for Ergo until upstream support exists.
Security line
Agents create intents and request policy checks; they never receive raw private keys or silent signing authority.
The wallet signs one approved action, not an agent's imagination.
ErgoConnect turns agent autonomy into reviewable stages: prove wallet control, define policy, create an intent, check the verdict, hand off exactly one transaction, then verify the receipt.
Human connects wallet
Wallet proves address control
Human defines agent spending policy
Agent creates task/payment intent
Policy check returns allow, deny, or require-human-approval
dApp builds unsigned or reduced Ergo transaction
Wallet signs only the approved transaction
Transaction is submitted by wallet or host
Ergo can be described in chain-agnostic agent language.
The point is not to claim a finished upstream integration. The point is to make Ergo accounts, assets, wallets, and payment intents explicit enough for agents and wallet libraries to inspect.
Proof, handoff, policy.
Each surface has a different role. Keeping them separate is what prevents a quote, prompt, or remote tool from becoming a wallet.
ErgoAuth proof
Prove address control before binding a wallet to an agent profile, provider entry, or policy profile.
Message proof only; no on-chain spend and no transfer authority.
ErgoPay handoff
Carry a reduced transaction or signing request to a wallet that can show details and request user approval.
The dApp prepares the transaction; the wallet keeps secrets and signs only after approval.
Host-owned policy boundary
Let a local wallet layer approve or deny agent intents before any signing request is constructed.
Policy verdicts are deterministic; remote MCP/tools cannot silently sign.
Capabilities are useful only if the boundary is explicit.
These are the callable pieces agents and developer tools can reason about. The manifest is intentionally conservative and keeps mainnet disabled.
Connect wallet
Let a human-controlled Ergo wallet become the signing boundary for an agent flow.
Prove address control
Use ErgoAuth-style message proof before binding a wallet to an agent profile or provider entry.
Create payment intent
Represent task hash, provider, amount, expiry, receipt expectation, and network before signing.
Check agent policy
Return allow, deny, or require-human-approval before any transaction handoff.
Sign reduced transaction
Pass an unsigned or reduced transaction to a wallet boundary; agents do not hold private keys.
Submit transaction
Submit only the approved transaction, then link it to receipt and settlement verification.
Verify receipt
Attach the signed action to Agreement, Verification Receipt, Settlement Receipt, and chain proof.
Agent cannot spend unless policy allows.
This is the first demo ErgoConnect should make obvious: an allowed testnet intent reaches a wallet handoff; a risky intent stops before signing.
Agent requests 0.05 testnet ERG for a whitelisted provider, task hash is present, receipt is required, expiry is within policy.
Agent requests 1 ERG, missing receipt expectation, unapproved provider, or mainnet signing while mainnet gate is closed.
Allowed intents can be handed to ErgoPay-style signing; denied intents stop before wallet signing.
{
"id": "research-agent-testnet-policy",
"network": "ergo_testnet",
"daily_budget_erg": "2",
"max_per_task_erg": "0.05",
"allowed_categories": [
"code_review",
"data_lookup",
"receipt_verification"
],
"allowed_providers": [
"sage-testnet-concierge",
"wallet-policy-checker"
],
"requires_receipt": true,
"requires_task_hash": true,
"max_expiry_blocks": 120,
"mainnet_allowed": false
}Small SDK surface first, production claims later.
The package plan is a developer target, not a published production guarantee. It should wrap ErgoAuth, ErgoPay, policy checks, and receipt verification without turning agents into custodians.
@ergoblockchain/connect-ergo-react
Reference skeleton only: no signing, no private keys, no wallet-vendor support claim, no mainnet readiness claim.
Turn the wallet boundary into a reference flow.
The next implementation layer is a small ErgoConnect kit: hooks for connection state, ErgoAuth proof, ErgoPay handoff, policy verdicts, and receipt verification around one testnet payment intent.