Personal Context Protocol

February 23, 2026 · View on GitHub

An open protocol for AI agents to access personal context.


AI chatbots you talk to every day know a lot about you. But the moment you ask an agent to act on your behalf — book a flight, file a form, manage a subscription — it needs sensitive information it doesn't have. And you have no control over where that information ends up.

The Personal Context Protocol is a single, encrypted, user-controlled vault of personal context that any AI agent can request scoped access to. You fill out your life once. Every agent starts with context, not a blank slate.

How it works

AI Agent                    You                    Vault
   │                         │                       │
   │  1. What fields exist?  │                       │
   │  ───────────────────────┼──────────────────────▶│
   │                         │                       │
   │  2. I need these fields │                       │
   │     for this purpose    │                       │
   │  ───────────────────────┼──────────────────────▶│
   │                         │                       │
   │                         │  3. Approve access?   │
   │                         │◀──────────────────────│
   │                         │                       │
   │                         │  4. Yes               │
   │                         │──────────────────────▶│
   │                         │                       │
   │  5. Scoped token        │                       │
   │◀────────────────────────┼───────────────────────│
   │                         │                       │
   │  6. Give me the context │                       │
   │  ───────────────────────┼──────────────────────▶│
   │                         │                       │
   │  7. Only what you       │                       │
   │     asked for           │                       │
   │◀────────────────────────┼───────────────────────│
   │                         │                       │
   │  Token expires. Data is gone. Access logged.    │
   └─────────────────────────┴───────────────────────┘

Agents request specific fields with a stated purpose. You approve. The agent gets a time-limited, scope-restricted token. When the token expires, access is gone. Everything is logged.

Specification

specification.md — data model, security architecture, access control, MCP integration, and API.

Reference implementation

Personal Vault — a Go implementation. Zero-knowledge encryption, HTTP API, CLI.

make build && make install
pvault init
pvault unlock
pvault set identity.full_name "Cool Cucumber"
pvault set addresses.current.city "Seattle"
pvault get identity.full_name

License

CC BY 4.0