Junie

learn · pairing protocol

How AI agents pair, in detail.

Two AI agents that work as a pair need a protocol — for who they are, what they’re allowed to say to each other, what they’re allowed to remember, and how either of you revokes the relationship. This page walks through the four mechanisms Junie uses, in the order they actually run.

What “agent-to-agent communication” means here.

Agent-to-agent communication is the protocol two AI agents use to exchange messages, requests, and decisions directly with each other — without a human relaying anything. The two agents negotiate among themselves and surface only the result.

The Linux Foundation hosts an open standard for this called the A2A Protocol, originally contributed by Google and increasingly implemented by enterprise agent platforms. Junie predates the spec and uses its own wire format; we share the design principles (signed messages, agent identity, mutual consent) without being on-the-wire compatible yet.

The reason any of this matters for couples: if your agent and your partner’s agent can’t talk to each other, then one of you is still the messenger. The whole point of pairing is to remove that role.

The pairing handshake.

Pairing happens once per relationship and runs in four steps. The whole flow takes under a minute on a normal phone connection.

  1. step 1 · invite

    You generate an invite from your phone. Junie produces a six-digit code (or a QR code, if you’re sitting next to your partner). The invite is single-use and expires in 30 minutes.

  2. step 2 · key exchange

    Your partner’s agent reads the invite and negotiates a key exchange with yours. Each side already has its own Ed25519 keypair (generated when their agent was provisioned); the handshake exchanges public keys and binds them to the pairing record on each side.

  3. step 3 · safety number

    Both agents derive the same short safety number from the two public keys. If you and your partner are in the same room, you read it aloud to each other; if not, you compare it over a separate channel (FaceTime, phone call). Matching numbers confirm you paired with the right agent.

  4. step 4 · first envelope

    Your agent sends the first signed envelope to your partner’s agent — a hello with the pairing metadata. From this point on, every cross-agent message follows the same envelope format.

Signed envelopes.

A signed envelope is the unit of cross-agent traffic. Every message your agent sends to your partner’s agent — a calendar query, a booking proposal, a reminder — is wrapped in an envelope before it leaves your phone.

Each envelope carries:

  • sender — the public key of the sending agent.
  • recipient — the public key of the intended agent.
  • timestamp — when the envelope was signed.
  • nonce — a one-time random value that prevents replay.
  • payload — the actual message (a calendar query, a memory write request, etc.), zone-tagged.
  • signature — Ed25519 signature over the entire envelope.

Tampering with any field invalidates the signature and the recipient drops the envelope. The receiving agent verifies three things on every incoming envelope: the signature matches the claimed sender, the timestamp is within the accepted window, and the nonce hasn’t been seen before in the replay cache.

Safety numbers.

Signing prevents tampering, but signing alone doesn’t tell you that you paired with the right agent. The safety number does.

During the pairing handshake, both agents derive the same short string (typically 30 digits, displayed as five groups of six) from the two exchanged public keys. The derivation is deterministic: same keys, same number on both sides. Mismatched numbers mean someone interposed a different key during the handshake — the pattern Signal calls a man-in-the-middle attack on the pairing.

You verify safety numbers once, at pairing time. Reading them aloud takes about ten seconds. From then on, the envelope signatures cover everything else. If either of you re-keys (a new device, a key rotation), the safety number changes and Junie prompts both of you to verify again.

Replay protection.

A signed envelope is valid forever — the signature doesn’t expire on its own. Without replay protection, someone who captured an old “confirm dinner Saturday” envelope could replay it next month and your agent would accept it.

Two mechanisms prevent that. First, the envelope timestamp: the recipient rejects anything older than five minutes. Second, the nonce cache: every accepted envelope’s nonce is recorded, and a duplicate nonce within the acceptance window is rejected. Together, the two mechanisms let an envelope be valid only inside a narrow window, and only once.

Privacy zones.

Cross-agent communication is verifiable. Whether it’s allowed is the zone gate’s job.

Every memory chunk, every tool call, and every cross-agent envelope carries a zone label: private, family, work, medical, financial, or kid. Before your agent serves a request from your partner’s agent, the zone gate runs: if the requested content is in a zone the partner doesn’t have grant on, the request fails before any data leaves your phone.

Default grants are minimal. You explicitly extend a zone to your partner — usually just shared at first, and family later if it applies. The other zones stay yours unless you change that.

Revocation.

Pairing is reciprocal and revocable. Either of you can revoke from your phone, in one tap, at any time.

When revocation fires:

  • — The pairing record on both sides is marked revoked. New envelopes from the other agent are rejected immediately.
  • — Any in-flight cross-agent traffic is cancelled mid-stream.
  • — Shared memory survives in the form each of you accessed it. Private memory was never shared.
  • — A complete audit log of every cross-agent action — every envelope sent, received, accepted, or rejected — is downloadable as CSV from your settings.

Revocation is a hard cut, not a soft pause. There’s no way for either side to read the other’s data after the cut, even with a re-pair — a new pairing rebuilds the channel from scratch with new keys and a new safety number.

Where this fits in the wider A2A landscape.

Junie’s pairing protocol grew out of a specific problem (couples coordination) and predates the broader industry conversation about agent-to-agent standards. The Linux Foundation A2A Protocol, originally from Google, targets enterprise multi-agent systems — different problem, overlapping mechanism.

As the standard stabilizes, expect Junie to add wire-level interoperability so a Junie agent can pair with a standards-compliant agent from another vendor. The design principles — signed messages, agent identity, mutual consent — already line up.

Read more on what we mean by signed envelopes in our security explainer, or how this looks in practice in Junie for couples.

questions

Frequently asked.

What is agent-to-agent communication?
Agent-to-agent (A2A) communication is the protocol two AI agents use to exchange messages, requests, and decisions directly with each other. Instead of a human relaying information between two assistants, the assistants negotiate among themselves and surface only the result. The Linux Foundation hosts an open A2A standard; Junie predates it and is compatible with the spirit of it.
What is a signed envelope?
A signed envelope is the unit of cross-agent traffic in Junie. Every message between two paired agents is wrapped in an envelope that's cryptographically signed with an Ed25519 keypair, time-stamped, and bound to a specific pairing. Tampering invalidates the signature; replays are rejected by the timestamp check.
What is a safety number?
A safety number is a short, human-verifiable string that two paired agents derive from each other's public keys at pairing time. Reading it aloud or comparing it on each phone confirms that no one intercepted the pairing handshake. The pattern is the same one Signal uses for its safety numbers.
What happens when I unpair?
The cross-agent channel closes immediately. New messages from your former partner's agent are rejected. Shared memory survives in the form each of you accessed it; private memory was never shared. A complete audit log of every cross-agent action is downloadable as CSV.
Can a third party impersonate one of the agents?
Not without the private key. Each agent generates its own Ed25519 keypair at provisioning; the private key never leaves the device or pod. An imposter would need the private key and would still fail the safety-number check at pairing time.
Is Junie compatible with the Linux Foundation A2A protocol?
The two share design principles — signed messages, agent identity, mutual consent — but Junie's wire format predates the standard and is not yet on-the-wire compatible. We're tracking the spec as it stabilizes; expect interoperability work as the standard matures.

See pairing in action.

Set up your account, pair with someone you share a life with, and watch the protocol run. Free during private beta.

Try Junie freeJunie for couples