WAUTH Tax Agent Demo

Ask an agent to file your taxes. The relying party still holds the lock.

This demo leads with the tax storyline: ChatGPT or Claude asks for bounded authority, the phone approval path is the primary live checkpoint when it is available, the agent works inside those bounds, and the Bank, Employer, and IRS locks enforce the decision at execution time.

Root keys Stay on the phone, not in ChatGPT Human approval keys remain off the agent and outside the browser runtime.

Autonomy Bounded by WAUTH capability tokens The agent can act only inside exact-action authority with DPoP sender binding.

Step-up Two human checkpoints Read-only evidence collection first, then stronger proof for final submission.

Safety Operational profiles stay visible Requester continuity, instruction integrity, execution budgets, receipts, and narrowing all surface in the flow.

Agent Setup

Connect ChatGPT or Claude

Paste the remote MCP endpoint into your chat client's app or connector settings, enable it for a new conversation, then send please file my taxes. The tax flow pauses only when human approval is required and otherwise runs automatically.

MCP endpoint

https://wauth-demo.showntell.dev/mcp

Demo prompt

please file my taxes

Approval experience

Phone HAPP handoff

HAPP mode

handoff

Workflow

Not started

Status

Ready to start

The approval link is intended to move the holder onto the phone-facing HAPP flow. Keep the browser console open while the phone approval completes and returns.

ChatGPT Add the demo as a custom MCP app

Open ChatGPT Settings > Apps and create a custom app using the MCP endpoint shown above.
Use a workspace or account tier that supports full MCP tool calls for custom apps.
Start a new chat with the app enabled and send please file my taxes.

Claude Add the same endpoint as a remote integration

Open Claude or Claude Desktop settings and add a remote MCP integration with the same endpoint.
Start a new chat with the integration enabled so Claude can discover the demo tools.
Send please file my taxes and follow the approval link when it hands off to Phone HAPP handoff.

The MCP endpoint is connector configuration, not a human-facing web page. Opening it directly in a browser can return a transport error or 400 even when the demo is healthy.

Browser Mirror

Stage the tax story from the web console

This console mirrors the live workflow state, approval gates, issued capabilities, receipts, and timeline so the presenter can explain what happened while the human checkpoint completes in Phone HAPP handoff.

Last update: Not started

Story step 1 User asks the connected agent to file taxes ChatGPT or Claude connects to the MCP server and discovers the demo tax workflow tools.

Story step 2 Phone approves read-only evidence access Bank and employer retrieval stay locked until the human approves bounded evidence collection.

Story step 3 Agent prepares the draft autonomously After the first approval, the flow gathers evidence, stores receipts, and prepares the filing package.

Story step 4 IRS submission requires stronger proof The final submission is a separate lock with higher assurance and postcondition verification.

Phone Rehearsal

Stage-ready phone handoff

The primary live checkpoint is the phone approval path. Use the approval page QR or launch URL to move the request onto the holder device, keep the browser console open for narration, and use the live state JSON as the recovery source if the callback looks stale.

Keep the browser console mirrored on stage and use the approval page QR or launch URL to move the checkpoint onto the iPhone.
Complete the HAPP or iProov verification on the phone and let the provider return to the browser callback URL.
If the callback stalls, reopen the approval page, tap the launch link again, and verify the workflow state JSON before continuing.

Safety Vignettes

Deterministic block and recovery moments

These cards are short operator-driven vignettes: trigger the safety failure first, then run the corrected recovery path and inspect the evidence, capability, and final RP receipt.

Workflow Summary

Live operator view

Read evidence

Waiting

Final submit

Waiting

Receipts

Timeline events

Lock surfaces

Mock business systems, real WAUTH checks

The Bank, Employer, and IRS pages are supporting surfaces for the story. They are mocked as products, but they still enforce WAUTH requirement signaling, capability verification, DPoP binding, replay checks, and the IRS-style exact-action boundary.

Bank RP Employer RP IRS RP

Workflow step

Bank evidence retrieval

not requested

This relying party waits for the read-evidence approval before the agent requests a bounded WAUTH capability.

Request ID: Not requested yet
Action profile: aaif.wauth.action.bank.read_statement/v0.1
Audience: https://wauth-demo.showntell.dev/bank
Artifact ref: Pending capability issuance
Action hash: Awaiting RP lock
Profiles applied: None yet

Inspect RP Surface

Warnings

No warnings for this capability.

Workflow step

Employer evidence retrieval

not requested

This relying party waits for the read-evidence approval before the agent requests a bounded WAUTH capability.

Request ID: Not requested yet
Action profile: aaif.wauth.action.employer.read_income/v0.1
Audience: https://wauth-demo.showntell.dev/hr
Artifact ref: Pending capability issuance
Action hash: Awaiting RP lock
Profiles applied: None yet

Inspect RP Surface

Warnings

No warnings for this capability.

Workflow step

IRS final submission

not requested

The IRS submission lock stays idle until the draft is ready and the stronger final approval is granted.

Request ID: Not requested yet
Action profile: aaif.wauth.action.irs.submit_return/v0.1
Audience: https://wauth-demo.showntell.dev/tax-office
Artifact ref: Pending capability issuance
Action hash: Awaiting RP lock
Profiles applied: None yet

Inspect RP Surface

Warnings

No warnings for this capability.

Gap Closure

Helper-child capability flow

The original delegation preview is now runnable from the browser console. This path shows the parent approval, token exchange, child sender binding, and the final bank receipt in one reproducible replay.

Helper flow

Runnable child-capability delegation

not run

This replay mints the parent bank capability, exchanges it into a child capability bound to the helper key, and proves the bank accepts only the narrowed child retry.

Parent request: Not run yet
Parent approval: Not issued yet
Parent artifact: Pending issuance
Parent capability JTI: Pending issuance
Child capability JTI: Pending exchange
Delegation depth: Pending exchange
Child sender JKT: Pending exchange
Action hash: Pending exchange
RP receipt: No RP receipt yet

Inspect Bank RP

Profiles and chain of custody

Profiles: none

Safety/Admin

Privileged control actions

These admin replays exercise the missing control-plane paths directly against the Safety/Admin RP: persistent watcher creation, destructive delete, and external policy import.

Open Admin Portal

Admin action

Persistent watcher request

not run

Requests a recurring monitor for the tax workflow under an explicit execution budget.

Request ID: Not run yet
Approval ID: Not issued yet
Artifact ref: Pending issuance
Capability JTI: Pending issuance
Action hash: Pending issuance
Receipt: No RP receipt yet

Inspect Admin RP

Profiles and warnings

Profiles: none

Admin action

Privileged delete request

not run

Stages a destructive delete of a cached tax bundle so the admin RP has to enforce an exact bounded action.

Request ID: Not run yet
Approval ID: Not issued yet
Artifact ref: Pending issuance
Capability JTI: Pending issuance
Action hash: Pending issuance
Receipt: No RP receipt yet

Inspect Admin RP

Profiles and warnings

Profiles: none

Admin action

External policy import

not run

Imports an operator-provided policy bundle into the safety portal with authoritative-source checks.

Request ID: Not run yet
Approval ID: Not issued yet
Artifact ref: Pending issuance
Capability JTI: Pending issuance
Action hash: Pending issuance
Receipt: No RP receipt yet

Inspect Admin RP

Profiles and warnings

Profiles: none

Safety vignette

Requester continuity

not run

A spoofed owner in a fresh channel is denied until the operator identity is re-established with a continuous requester binding.

Blocking profile: Not triggered yet
Reason: No blocker recorded yet
Error code: No blocker recorded yet
Request ID: No successful recovery yet
Approval ID: No successful recovery yet
Artifact ref: No successful recovery yet
Capability JTI: No successful recovery yet
Action hash: No successful recovery yet
Receipt: Recovery not completed yet

Inspect RP

Evidence and outcomes

Profiles: none

Safety vignette

Instruction source integrity

not run

A mutable external note cannot become governing policy. Recovery succeeds only with an authoritative reviewed bundle.

Blocking profile: Not triggered yet
Reason: No blocker recorded yet
Error code: No blocker recorded yet
Request ID: No successful recovery yet
Approval ID: No successful recovery yet
Artifact ref: No successful recovery yet
Capability JTI: No successful recovery yet
Action hash: No successful recovery yet
Receipt: Recovery not completed yet

Inspect RP

Evidence and outcomes

Profiles: none

Safety vignette

Execution budget denial

not run

Persistent watcher creation is blocked when the execution budget forbids durable side effects, then succeeds after the budget is corrected.

Blocking profile: Not triggered yet
Reason: No blocker recorded yet
Error code: No blocker recorded yet
Request ID: No successful recovery yet
Approval ID: No successful recovery yet
Artifact ref: No successful recovery yet
Capability JTI: No successful recovery yet
Action hash: No successful recovery yet
Receipt: Recovery not completed yet

Inspect RP

Evidence and outcomes

Profiles: none

Safety vignette

Postcondition verification

not run

Narrated success without a verified receipt is denied. Recovery requires a verified postcondition and surfaces the final IRS receipt.

Blocking profile: Not triggered yet
Reason: No blocker recorded yet
Error code: No blocker recorded yet
Request ID: No successful recovery yet
Approval ID: No successful recovery yet
Artifact ref: No successful recovery yet
Capability JTI: No successful recovery yet
Action hash: No successful recovery yet
Receipt: Recovery not completed yet

Inspect RP

Evidence and outcomes

Profiles: none

Safety vignette

Multi-agent trust

not run

A helper agent without an externally anchored delegation path is denied. Recovery succeeds only after explicit narrowing into a child capability.

Blocking profile: Not triggered yet
Reason: No blocker recorded yet
Error code: No blocker recorded yet
Request ID: No successful recovery yet
Approval ID: No successful recovery yet
Artifact ref: No successful recovery yet
Capability JTI: No successful recovery yet
Action hash: No successful recovery yet
Receipt: Recovery not completed yet

Inspect RP

Evidence and outcomes

Profiles: none

Receipts

Verified outcomes

RP	Transaction	Capability JTI	Action hash	Verified success
No RP receipts yet.

Timeline

Provenance and operator narrative

Workflow idleStart the tax flow to populate the operator timeline.