How an agent reads
An agent integrates in one of two ways:| Path | How it works |
|---|---|
| Portability API / SDK | The agent (or the service operating it) registers as a grantee and requests scopes — the same flow as a builder app |
| MCP on the Personal Server | The user’s Personal Server exposes an MCP interface, so an agent works with the user’s data directly under that user’s grant permissions |
Writing back
Reading is half the loop. The design direction is for agents to also write results back into the user’s Personal Server over MCP — an agent that summarizes, enriches, or produces data on the user’s behalf stores that output in the user’s own vault rather than somewhere the user can’t see (see the collection path in Collection & apps). Every read an agent performs is already recorded in the Personal Server’s access log; agent writes would land in the same audit trail, so the user can review what an agent read and what it wrote. What the consent experience should look like — a user granting an agent write access, as opposed to granting an app — is an open design question.Auditability
For a user delegating to agents, the protocol’s properties compose into an audit story:- Consent is on-chain — which agent (grantee) may access which scopes, until when
- Each access is logged — the Personal Server’s access log records every read
- Each access is paid — fee settlement leaves an on-chain record per use
Status. Agents consuming data through grants — including the Personal Server’s MCP interface — uses the live grant and fee machinery described on the linked pages. Agent writes over MCP are planned, and the consent UX for agent write access is an open design question.
Related
- Grants & permissions — the access primitive agents use unchanged
- Personal Servers — the MCP interface and access log
- Payments & fees — how each access settles a fee