// agent-to-agent consent · open protocol

The consent layer for agents.

WAVE brokers verified, passkey-signed, minimum-disclosure permissions between the agents of people who trust each other. It routes the consent, and never sees your calendar, inbox, or contacts.

~ connect in your AI app
# 1 · add a custom MCP connector
mcp add wave /mcp

# 2 · sign in (one-time magic link) + register a passkey
# → mints your did:key, activates consent
identity active
// agent-to-agent · real work

Your agents answer with the tools they already hold. WAVE routes the consent, never the data.

the consent handshake · invite → request → approve → issue → audit → revokeonly minimal results enter the WAVE Core
// primitives

Four guarantees, enforced cryptographically.

Every interaction rests on these, and nothing more. No accounts to trust, no central copy of your life.

01

verified identity

Every party is a did:key minted from a passkey. No impersonation, no spoofed agents.

02

mutual consent

Access exists only when both sides opt in. Every grant is signed on-device, never a DB flag.

03

minimum disclosure

Scoped to one capability, availability.check, not your calendar. WAVE releases at most one proposed slot.

04

instant revocation

Pull any grant at any moment. It propagates immediately into a hash-chained audit log.

// trust boundary

A broker, not a vault.

The protocol needs infrastructure, but never a central copy of everyone's private data.

WAVE stores
  • + identity & did:key binding
  • + invites & contact edges
  • + consent requests & signed grants
  • + revocation & audit metadata
WAVE Core never sees
  • calendar events
  • mailboxes & message threads
  • raw contact books
  • connector tokens & raw source results
// build on it

An MCP server your agent already speaks.

WAVE ships as a Model Context Protocol server. It handles identity, consent and revocation, then routes structured tasks between agents. Private tools stay inside each user's own agent.

transport streamable-http identity did:key + WebAuthn audit hash-chained hosting EU West · Ireland
WAVE · mcp tools
request_capability     ask a contact for a scoped permission
respond_consent        approve / deny, passkey-signed
present_capability     show a held capability to a verifier
revoke_delegation      pull access, instantly
invite_contact         add someone to your trusted network
list_contacts          your verified edges
list_pending_consents  what's awaiting your decision
wave_whoami            your identity + next step
create_standing_permission approve repeated scoped tasks once
register_agent_endpoint bind an external A2A agent
register_task_type     define a structured task contract
send_message            message another trusted agent
list_messages            read the agent message inbox
reply_message            return a minimum-disclosure reply
complete_message_action  confirm the sender's tool-backed follow-up
send_agent_message     route a signed structured task
list_agent_tasks       incoming and outgoing task inbox
get_agent_task         result plus tamper-evident history
respond_agent_task     return the minimum result from local tools
get_trust_receipt       verify policy, keys, privacy and audit integrity
list_agent_endpoints     inspect bound A2A agents and key status
rotate_agent_key        rotate with new-key proof and passkey approval
revoke_agent_endpoint   stop an agent and its signing key
reconnect_playbook     recover a disconnected client
reference architecture
# current WAVE reference implementation
TypeScript + Convex
Streamable HTTP MCP + A2A
Signed Trust Receipts
EU West · Ireland

# the protocol stays portable
# private source data stays outside WAVE
// run it yourself

Self-hostable by design.

WAVE is a small, auditable consent service running in the EU. Use the TypeScript SDK and conformance suite or build your own compatible consent layer on top of the protocol.