The trust + transaction layer for agentic commerce.
Signed intent contracts · idempotent transactions · Ed25519-verifiable receipts · explicit compensation.
robots.txt told bots what NOT to do. WAB tells AI agents what they CAN do — and proves what they did.
Website · Docs · Architecture · Spec · Whitepaper · العربية
AI agents today guess their way through the web — DOM scraping, brittle selectors, fragile vision models. WAB replaces guesswork with a contract. Sites declare what agents can do; agents call it like an API; everything is signed, rate-limited, and auditable.
- For site owners — control exactly how AI interacts with you. Permissions, rate limits, audit trail.
- For agent builders — one stable interface for any WAB-enabled site. No more custom scrapers.
WAB v3.9 introduces the Agent Transaction Primitive (ATP) — the missing trust + transaction layer for agentic commerce.
Intent → Authorize → Transact → Receipt → (Compensate)
contract single-use idempotent Ed25519- explicit
+ scope nonce burn UNIQUE key signed rollback
+ spend cap JSON
- Intent contracts — the user's signed authorization (scope, spend cap, expiry, single-use nonce).
- Idempotent execution —
UNIQUE (intent_id, idempotency_key): retries can never double-execute. - Signed receipts — Ed25519 over canonical JSON; verifiable via the public
/api/atp/receipts/verifyendpoint with zero auth. - Compensation — explicit rollback that decrements the intent's spend counter.
const { ATPClient } = require('web-agent-bridge/sdk');
const atp = new ATPClient({ baseUrl: 'https://api.webagentbridge.com', token: USER_JWT });
const intent = await atp.createIntent({ purpose: 'buy 1 widget', scope: { actions: ['cart.add','checkout'] }, max_spend_cents: 5000, currency: 'EUR' });
await atp.authorizeIntent(intent.id);
const tx = await atp.beginTransaction({ intent_id: intent.id, idempotency_key: 'order-42', amount_cents: 4200 });
await atp.transition(tx.id, 'executing'); await atp.transition(tx.id, 'executed'); await atp.transition(tx.id, 'settled');
const r = await atp.issueReceipt(tx.id); // signed
const v = await atp.verifyReceipt({ receiptId: r.receipt_id }); // public, no authFull spec: docs/SPEC.md §21 · Public docs page: /atp.html.
# 1. Make your site discoverable (zero code)
npx wab-init --site=https://yourdomain.com --yes
# 2. Or install the protocol package
npm install web-agent-bridge<script src="https://cdn.webagentbridge.com/wab.min.js"></script>
<script>
WAB.declare({
intents: { search: { handler: (q) => /* … */ } },
privacy: { allowed: ['public'], disallowed: ['payment'] }
});
</script>Then any agent can do window.AICommands.search("…") reliably — forever.
Full quickstart, SDKs, and integrations: docs/ARCHITECTURE.md
| Layer | What it gives you | More |
|---|---|---|
| 🔌 Core protocol | DNS discovery · wab.json manifest · window.AICommands interface |
Spec |
| 🧬 SDKs | JS · React · Vue · Svelte · Next.js · LangChain · MCP adapter | Architecture |
| 🛡️ Trust & Safety | Ring 4 handshake · ShieldQR · ShieldLink · Phone Shield · SSL monitor | Architecture |
| 🧠 Advanced layer | Reputation · Memory cache · Intent routing · Privacy budget · Offline | Architecture |
| ⚓ Truth layer | Semantic memory · Temporal trust · Refusal history · Collective insights | Architecture |
| 🏛️ Governance | HMAC-chained audit log · EU AI Act Article 12 export · multi-tenant | Architecture |
| 💼 Commercial | Partner Program · Trust Graph API · Governance SaaS · Enterprise Mesh | Architecture |
Four production-ready monetization pillars on top of the open protocol — all admin-gated, env-configured, and zero billing logic in the routes:
- 🤝 Certified Partner Program — Basic (free) / Verified (€499/yr) / Premium (€2.9k+/yr)
- 📊 Trust Graph API — Free (1k/mo) / Pro (€10/mo, 100k/mo) / Enterprise (5M+/mo)
- 🏛️ Governance SaaS — Team (€99) / Business (€499) / Enterprise (€2.5k+)
- 🕸️ Enterprise Mesh — Self-hosted, air-gappable, Ed25519-signed licenses
Endpoint tables, tier specs, and security model: docs/ARCHITECTURE.md
# Core SDK
npm install web-agent-bridge
# Framework adapters
npm install @web-agent-bridge/react
npm install @web-agent-bridge/vue
npm install @web-agent-bridge/svelte
npm install @web-agent-bridge/langchain
# Server (self-host)
git clone https://github.com/abokenan444/web-agent-bridge
npm install && npm startDocker: docker compose up -d · Production: see docs/DEPLOY.md
| Document | What it covers |
|---|---|
| docs/ARCHITECTURE.md | Full feature reference: every layer, every endpoint |
| docs/SPEC.md | Protocol specification (formal) |
| docs/DEPLOY.md | Production deployment guide |
| CONTRIBUTING.md | How to contribute |
| examples/ | Live agent examples — Puppeteer, MCP, Vision, LangChain… |
| templates/ | Starter manifests — restaurant, hotel, ecommerce, freelancer… |
- 💬 Discord: https://discord.gg/NnbpJYEF
- 🌐 Website: https://webagentbridge.com
- 📦 npm: https://www.npmjs.com/package/web-agent-bridge
- 🐛 Issues: https://github.com/abokenan444/web-agent-bridge/issues
- 👥 CoderLegion: https://coderlegion.com/user/WAB
MIT (core protocol & SDKs). Commercial tiers under separate terms — see LICENSE.