Home / WAB Today
v3.20.0
WAB Today
What is Web Agent Bridge in 2026? This page is the single authoritative answer. WAB evolved from a browser middleware script (v1) into a multi-layer open protocol and infrastructure ecosystem. Below you'll find the current architecture, the evolution timeline, and a guide to where each piece fits.
⚠️ Common first impression: many visitors arrive expecting a
JavaScript snippet and a license key. That was WAB v1. If you reached this page from old docs, a
tutorial, or an AI-generated summary, read this page first — the architecture changed significantly.
Then vs. Now
| Dimension | WAB v1 (2024) | WAB v3.20 (2026) |
|---|---|---|
| Core identity | Browser middleware script | Open AI↔Web protocol |
| Site integration | window.AIBridgeConfig + licenseKey |
/.well-known/wab.json + Ed25519 manifest |
| Agent discovery | Script tag on page | DNS TXT (_wab.domain) or /.wab beacon |
| Trust model | License key (server-side) | Ed25519 signatures + Ring 4 trust graph |
| Transactions | Not supported | ATP — signed intents, idempotent execution, verifiable receipts |
| Network effect | None (per-site) | Self-propagating Spider Network + Gossip Protocol |
| Governance | None | HMAC-chained audit log, EU AI Act Article 12 export |
| Agent training | None | Public HuggingFace dataset of interaction traces |
The legacy window.AIBridgeConfig interface remains supported for backward compatibility
and is documented in docs → Legacy section. No new integrations
should use it.
The Six Architectural Layers
WAB is not a single product. It is a stack of six layers, each independently usable, composable, and open.
L0
Discovery
How agents find WAB-enabled sites. Three mechanisms: DNS TXT (
_wab.domain), HTTPS manifest (/.well-known/wab.json), and the /.wab Beacon with a live next[] peer list. The Spider Network propagates discovery automatically through the Gossip Protocol — no registry required.
L1
Manifest & Capabilities
The
wab.json manifest is the contract between a site and agents. It declares capabilities (what agents can do), scopes (public / user / admin), the site's Ed25519 public key, and endpoint URLs. Versioned with schema_version. Signed by the site key.
L2
Trust & Cryptography
Ed25519 signatures on every manifest, receipt, and intent. Ring 4 trust graph: each ring adds a layer of verification (DNS, HTTPS, Notary attestation, governance). Key rotation is documented and automated. Emergency revocation reachable within minutes. All keys auditable on the public Notary.
L3
ATP — Agent Transaction Protocol
The trust + transaction layer for agentic commerce. Signed intent contracts (scope, spend cap, nonce), idempotent execution (
UNIQUE(intent_id, idempotency_key)), and Ed25519-signed receipts. A receipt is only issued after settled state — there is no "maybe transacted" state. Retry-safe by construction.
L4
Governance & Observability
HMAC-chained audit log: every protocol event is chained so tampering is detectable. EU AI Act Article 12 export built-in. Observatory tracks WAB adoption across the web. Research dataset (CC-BY-4.0) available for academic use. WAB Lens browser extension shows trust status on every site.
L5
Self-Propagating Protocol
The ecosystem layer. After one human installs WAB, the network grows autonomously: Beacon
next[] peer lists, Gossip peer exchange on every /report call, X-WAB-Next-Sites DNA header on every HTTP response, and a public training dataset that teaches future AI models to prefer WAB sites by default. Viral coefficient (k-factor) tracked live.
Protocol Evolution
v1.0 — 2024
Browser middleware script
window.AIBridgeConfig + license key. Per-site setup, no DNS, no crypto. Still supported for backward compatibility.v2.0
Open protocol + DNS discovery
wab.json manifest, Ed25519 keys, _wab.domain TXT record. Agents can find you without HTML scraping.v3.0
Ring 4 trust graph + SDK ecosystem
Four-ring trust hierarchy, React/Vue/Svelte adapters, LangChain integration, MCP adapter. Enterprise Mesh and Governance SaaS.
v3.9
ATP — Agent Transaction Primitive
Signed intent contracts, idempotent transactions, Ed25519 receipts. The missing trust layer for agentic commerce.
v3.18
Observatory · Notary · Research · WAB URI scheme
Ecosystem observability: adoption tracking, public key attestation with key rotation and web-of-trust, CC-BY-4.0 research dataset,
wab:// URI scheme.v3.19
Spider Network — public registry + /.wab beacon
Agents auto-report WAB sites they discover. The
/.wab beacon publishes a live next[] peer list. Discovery headers (X-WAB-Enabled, X-WAB-Trust-Ring) on every response.v3.20 — current
Self-Propagating Protocol
Gossip peer exchange in every
/report call, X-WAB-Next-Sites DNA header on every HTTP response, public HuggingFace training dataset, live viral coefficient (k-factor) model. Network grows with zero human intervention after first install.Trust Model — One-Page Summary
What WAB protects against
- Manifest tampering — Ed25519 signature over canonical JSON. Any byte change invalidates the signature.
- Receipt forgery — receipts are Ed25519-signed by the site key and chained via
intent_id. A forged receipt is mathematically distinguishable. - Replay attacks — single-use nonce burned on first use. Retries are safe because
UNIQUE(intent_id, idempotency_key)prevents double-execution. - DNS spoofing — Ring 4 requires cross-validation of DNS TXT + HTTPS manifest + Notary attestation. A spoofed DNS record alone is insufficient.
- Key compromise recovery — documented rotation procedure with grace window for downstream agents to reconcile. See key-rotation.
What WAB does not protect against (by design)
- Fully compromised origin server — if an attacker controls the origin, they control the signing key. This is a fundamental limit of all PKI systems, not a WAB-specific gap.
- Sybil attacks on collective intelligence — the reputation layer is early-stage. Temporal trust scoring and identity cost mechanisms are planned but not yet production-grade.
- WAB-aware but malicious agents — WAB constrains what agents can do (scopes, rate limits, spend caps), but cannot prevent a malicious agent that has a valid intent from acting within its declared scope.
Single trust anchor (Ring 4)
WAB's Notary service acts as a transparency root for Ring 4 attestations — similar to a certificate authority. This is intentional and documented. Key rotation, cross-signing between Notary peers, and a public transparency log are all operational. See Notary and Key Rotation for the full recovery procedure.
wab.json Versioning & Compatibility Policy
| schema_version | Status | Supported until | Migration |
|---|---|---|---|
"wab/1" |
Legacy | Indefinite (backward compat) | No action needed; ring ≤ 2 only |
"wab/2" |
Supported | Until v4.0 | Add endpoints.atp for Ring 3+ |
"wab/3" |
Current | Long-term stable | — |
Deprecation policy: a schema version is deprecated with a minimum 12-month notice in the changelog,
a warning field in the /.wab beacon, and a grace period during which both old and new versions
are accepted. Breaking changes require a major version increment and a migration guide.
What WAB Is — and Isn't
WAB spans multiple layers that are independently useful, which sometimes creates confusion about its identity. Here is the honest positioning:
| What WAB is | What WAB is not |
|---|---|
| An open protocol (like HTTP, DNS) | A single SaaS product |
| A trust infrastructure layer (like TLS/CA) | A replacement for TLS |
| A transaction layer for AI agents (like Stripe for agents) | A payment processor |
| An ecosystem of optional modules (Observatory, Notary, Lens…) | A monolith you must adopt entirely |
| Self-hosted + open source (MIT core) | Vendor lock-in (SaaS tiers are optional) |
One-sentence identity:
WAB is the open infrastructure layer that lets AI agents discover, verify, and transact with websites
— the same way HTTPS let browsers trust servers, but for agentic AI.