Skip to main content
ClaudeWave
Skill11 repo starsupdated today

NEUS Trust Workflow

Trust infrastructure for agents that act. Verify identity and scoped authority, reuse trust receipts, and protect secrets across IDEs and runtimes.

View sourceRepository: network
Install in Claude Code
Copy
git clone --depth 1 https://github.com/neus/network /tmp/neus-trust-workflow && cp -r /tmp/neus-trust-workflow/plugins/neus-trust/skills/neus-trust-workflow ~/.claude/skills/neus-trust-workflow
Then start a new Claude Code session; the skill loads automatically.
Definition

SKILL.md

NEUS gives agents verifiable identity, scoped authority, and receipts for every trusted action. Verify trust before your assistant runs tools.

## Setup

```bash
npx -y -p @neus/sdk neus setup
npx -y -p @neus/sdk neus check
npx -y -p @neus/sdk neus examples
```

`neus setup` configures hosted NEUS MCP for Cursor, Codex, VS Code, and Claude Code. Cursor, VS Code, and Claude Code use browser OAuth. Codex uses its own MCP login after setup.

Codex-only:

```bash
npx -y -p @neus/sdk neus setup --client codex
npx -y -p @neus/sdk neus auth --client codex
```

Servers and CI:

```bash
npx -y -p @neus/sdk neus setup --access-key <npk_...>
```

Create access keys under **Account → Access keys** on [neus.network](https://neus.network/profile?tab=account). Never paste keys into chat or committed files.

Hosted MCP: **`https://mcp.neus.network/mcp`**

Trust receipts persist **offchain by default**. Do not prompt for wallet connection or on-chain anchoring unless the user explicitly asks; only then pass `options.publishToHub: true` on verify.

## Autopilot (default)

1. Run **`neus_context`** once. Use signed-in profile context when present — omit wallet fields on check/verify tools.
2. **Trust before action:** **`neus_proofs_check`** then **`neus_verify_or_guide`**.
3. **Trusted Agent:** **`neus_agent_link`** then **`neus_verify_or_guide`** if needed.
4. **Receipts:** **`neus_proofs_get`** when exact receipt fields are needed.
5. **Vault:** **`neus_secret_create`** / **`neus_secret_list`** / **`neus_secret_revoke`** when signed in.
6. **`neus_me`** only to refresh profile context or look up a wallet/DID.
7. Summarize outcomes as **Trust Result** for the user — never dump raw tool JSON.

## Trust Result format (assistant output)

Summarize NEUS results in plain language. Do not dump raw tool JSON, MCP session state, or implementation field names.

**Passed:**

```txt
NEUS Verify
Status: Passed
Requirement: Identity and permission check
Receipt: Existing trust receipt accepted
Next: Continue
```

**Action needed:**

```txt
NEUS Verify
Status: Action needed
Missing: Sign-in
Next: Connect NEUS, then retry
```

**Blocked:**

```txt
NEUS Verify
Status: Blocked
Reason: Required trust condition was not satisfied
Next: Do not continue until verification is complete
```

## Receipt Links

Use real receipt identifiers only — take them from tool responses, never invent them.

- App: `https://neus.network/proof/<qHash>`

Never invent qHashes, verifier IDs, or receipt fields.

## Secrets

- Store values only through **`neus_secret_create`**. Never paste raw tokens into chat.
- Confirm with **alias + qHash** after create.
- **Revoke** and recreate if a value may have leaked.

## Integrator notes

- **Protocol** is the source of truth for verifiers, gates, receipts, and MCP tool behavior.
- **Product app** (`neus.network`) consumes protocol state — do not duplicate verifier schema in client apps.
- Public docs and SDK: [docs.neus.network](https://docs.neus.network)