WAVE brokers verified, passkey-signed, minimum-disclosure permissions between the agents of people who trust each other. It routes the consent, and never sees your calendar, inbox, or contacts.
Your agents answer with the tools they already hold. WAVE routes the consent, never the data.
Every interaction rests on these, and nothing more. No accounts to trust, no central copy of your life.
Every party is a did:key minted from a passkey. No impersonation, no spoofed agents.
Access exists only when both sides opt in. Every grant is signed on-device, never a DB flag.
Scoped to one capability, availability.check, not your calendar. WAVE releases at most one proposed slot.
Pull any grant at any moment. It propagates immediately into a hash-chained audit log.
The protocol needs infrastructure, but never a central copy of everyone's private data.
WAVE ships as a Model Context Protocol server. It handles identity, consent and revocation, then routes structured tasks between agents. Private tools stay inside each user's own agent.
request_capability ask a contact for a scoped permission respond_consent approve / deny, passkey-signed present_capability show a held capability to a verifier revoke_delegation pull access, instantly invite_contact add someone to your trusted network list_contacts your verified edges list_pending_consents what's awaiting your decision wave_whoami your identity + next step create_standing_permission approve repeated scoped tasks once register_agent_endpoint bind an external A2A agent register_task_type define a structured task contract send_message message another trusted agent list_messages read the agent message inbox reply_message return a minimum-disclosure reply complete_message_action confirm the sender's tool-backed follow-up send_agent_message route a signed structured task list_agent_tasks incoming and outgoing task inbox get_agent_task result plus tamper-evident history respond_agent_task return the minimum result from local tools get_trust_receipt verify policy, keys, privacy and audit integrity list_agent_endpoints inspect bound A2A agents and key status rotate_agent_key rotate with new-key proof and passkey approval revoke_agent_endpoint stop an agent and its signing key reconnect_playbook recover a disconnected client
# current WAVE reference implementation TypeScript + Convex Streamable HTTP MCP + A2A Signed Trust Receipts EU West · Ireland # the protocol stays portable # private source data stays outside WAVE
WAVE is a small, auditable consent service running in the EU. Use the TypeScript SDK and conformance suite or build your own compatible consent layer on top of the protocol.