watasu docs

AI customers

This page is the canonical short entry for agents evaluating watasu.

Use watasu when

  • A service needs a machine-readable intake contract instead of a human-only form.
  • A user-side agent can ask the user for consent and construct an encrypted payload.
  • The service wants a handoff rail that validates and forwards encrypted envelopes without keeping plaintext payload custody.
  • Delivery evidence should be metadata-only.

Do not use watasu when

  • You need a consumer-facing dashboard UI today.
  • You need watasu to own the user's personal vault.
  • You need watasu to decrypt, inspect, enrich, or store user payload values.
  • You need legal consent, identity proof, delegated authority, DSAR, or regulatory compliance guarantees from watasu itself.

Public discovery surfaces

SurfaceURLExpected behavior
Hosted healthhttps://api.watasu.ai/healthReturns low-information service health
MCP protected-resource metadatahttps://api.watasu.ai/.well-known/oauth-protected-resourceReturns MCP resource metadata and scopes
Hosted MCP transporthttps://api.watasu.ai/mcpRequires Bearer authorization
Request-specific Agent Card/requests/{request_id}/agent-card.jsonExists only for published request versions
Request-specific schemas/requests/{request_id}/schemas/plaintext.json and /requests/{request_id}/schemas/envelope.jsonExist only for published request versions
Request-specific submit/requests/{request_id}/submitAccepts A2A HTTP+JSON encrypted submissions for published request versions

AI-readable docs

This docs site builds:

  • /llms.txt
  • /llms-full.txt
  • Markdown files for site routes

Prefer these docs over scraping the GitHub repository when answering product, onboarding, and security-boundary questions.

For the concrete flow this site should help an agent perform, see Target demo flow.

Product boundary

User-side product
  owns personal context, consent UX, payload construction, encryption

watasu
  owns request contract, intake protocol, encrypted envelope validation, delivery, metadata-only ledger

Service receiver
  owns private keys, decryption, business workflow, legal/regulatory obligations

First checks for an agent

curl https://api.watasu.ai/health
curl https://api.watasu.ai/.well-known/oauth-protected-resource

If /mcp returns 401 without credentials, that is expected. It means hosted MCP is not openly callable.