Waveguide
Integrations

Your accounts, your channels, your tools

Three kinds of integration, one security model for all of them: credentials go into an encrypted vault, every call exits through the guarded proxy, and every action is risk-classified before it can run.

Connections

One OAuth click each on the provider's own consent screen. The token goes straight into the vault — the AI model never sees it, by architecture.

Gmail

Watches for growth-relevant mail, drafts and sends replies as you — from your own address, not a stranger's domain.

Reading is free (T0). Drafting is logged (T1). Sending is gated (T2) — approved by you or a standing policy you wrote.

Google Calendar

Reads availability, proposes times, and books meetings with Meet links when a prospect says yes.

Reads and free/busy are T0. Creating an event is T2 — it lands on your calendar only with approval or a standing rule.

Meta Ads

Campaign results and lead webhooks flow in; budget operations run inside your hard daily cap.

Reading insights is T0. Budget changes are T2 with your cap enforced in the proxy. The cap defaults to $0 until you raise it.

Stripe

Revenue signal for the loop: which campaigns produce paying customers, not just clicks.

Read-only. The agent sees payment events; it cannot move money — financial actions are T3, always human-approved.

Channels

Where the agent reports and where you decide. No new inbox to check — briefs and approvals arrive where you already work.

Slack

One-click install. Briefs, questions, and approval cards arrive in the channel you pick; approve with a button.

Telegram

Tap a link, get a bot that talks business. Same briefs, same one-tap approvals, on your phone.

Email

Daily briefs and approval requests in your inbox. Reply to respond — no dashboard required.

Tools, via MCP

The curated catalog is pre-audited: known tools, known risk tiers, one-click connect. Every tool — curated or yours — is classified T0–T3 and its description is scanned for prompt injection before the agent can use it.

Wavetable

CRM

Contact system of record: dedup, claims, sequences, suppression.

7 tools · Built in · pre-audited risk map

Ayrshare

Social

Unified social posting + DMs across X, LinkedIn, Instagram, and more.

4 tools · API key · pre-audited risk map

Apollo

Research

B2B contact enrichment: emails, socials, phones, titles.

3 tools · API key · pre-audited risk map

Hunter

Research

Email finder and verifier.

3 tools · API key · pre-audited risk map

Firecrawl

Research

Scrape and crawl sites and newsletters into clean markdown.

3 tools · API key · pre-audited risk map

Instantly

Email

High-volume cold email with warmed inboxes and reply detection.

3 tools · API key · pre-audited risk map

Dropbox Sign

documents

E-signatures: send quotes, estimates, proposals, and engagement letters for signature; chase until signed.

5 tools · API key · pre-audited risk map

Google Business Profile

local

Local presence: read and respond to reviews, update hours, publish posts. The highest-ROI channel for local SMBs.

6 tools · OAuth · pre-audited risk map

QuickBooks Online

money

The books: AR aging, invoices, and expense categorization drafts. Pairs with the Stripe money layer for invoice chasing.

5 tools · OAuth · pre-audited risk map

Jobber

field_service

Field service system of record: clients, quotes, jobs, and scheduling for home-services businesses.

5 tools · OAuth · pre-audited risk map

Mailchimp

Email

List-based broadcast email.

3 tools · OAuth · pre-audited risk map

Any MCP server

Yours

Point the agent at any MCP server by URL — OAuth or API key. Its tools are discovered, risk-classified conservatively, scanned for tool poisoning, and re-checked on every sync so a server can't quietly change what its tools do.

Anything flagged is deactivated until you review it.

The connection list grows steadily — the connections docs and tools docs are always current. Waveguide also operates the broader Wave platform — ads, creative, pages, and content products it composes on your behalf.

One security model for everything

  • Vaulted credentials: every token — OAuth, API key, MCP auth — is envelope-encrypted with per-tenant keys. The model composes requests; the proxy injects the credential after the request leaves the sandbox.
  • Risk tiers on every call: reads run freely, writes are logged, external sends are gated, and financial or irreversible actions always require a human.
  • Default-deny networking: each integration declares the hosts it's allowed to reach; everything else is refused at the proxy.

The full model is on the security page.

Connect once, compound forever

Every account and tool you connect makes the agent more useful — and none of it ever touches the model.

Card required · nothing charged until day 15 · cancel in one click