Connections
Connections are the accounts your agent works with. Each one is a single OAuth click from Dashboard → Connections; you approve the scopes on the provider’s own consent screen, and the token goes straight into Waveguide’s encrypted vault. The AI model never sees your credentials — see Security for how that’s enforced.
You can connect as little as one account to start. Starter plans include up to 3 connections; Growth and Scale are unlimited.
Gmail
What the agent does with it: reads incoming mail relevant to the growth loop (lead replies, platform notifications), drafts and sends replies as you, and watches for new-lead signals in real time via push notifications.
Autonomy: reading is free-tier (T1). Sending is a T2 action — it requires approval until you create a standing policy like “auto-approve first replies to new leads.”
Google Calendar
What the agent does with it: reads your availability to propose booking slots to leads, and watches for changes (a booked call is a strong conversion signal worth recording in the ledger).
Autonomy: read-only by default (T0). Creating events is T2.
Meta Ads
What the agent does with it: reads campaign/ad-set/ad performance, receives lead-form webhooks instantly, proposes and executes budget changes and pause/scale decisions, and launches creative variants.
Autonomy: reads are free (T0). Budget changes and campaign launches are T2 and always respect your hard daily spend cap — which defaults to $0 until you raise it. The cap is enforced in the proxy, not in the prompt.
Stripe
What the agent does with it: reads payment events so revenue is attributed back to campaigns and leads in the ledger — closing the loop from ad dollar to actual dollar.
Autonomy: read-only. Waveguide never initiates charges, refunds, or payouts on your Stripe account.
Slack / Telegram
Chat channels are set up separately (they’re where the agent reports, not accounts it operates). See Channels.
Managing connections
- Status for every connection is on the Connections page: active, expired, or revoked.
- Disconnecting removes the credential from the vault immediately. In-flight sessions lose access at the proxy on the next call.
- If a provider expires a token, the agent flags it in your brief and the dashboard shows a reconnect prompt.
What the agent can never do
Regardless of connections, the proxy enforces hard rules: no action outside your granted scopes, no spend above your daily cap, no T2/T3 action without approval or a standing policy, and no calls to providers you haven’t connected.