agent-authority 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -57
- package/dist/mcp-server.js +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -270,23 +270,7 @@ const { ok, reason } = await engine.verifyAuditCheckpoint(cp);
|
|
|
270
270
|
Because the 5-line API is a facade, the standard can evolve underneath without
|
|
271
271
|
breaking anyone's code.
|
|
272
272
|
|
|
273
|
-
##
|
|
274
|
-
|
|
275
|
-
```bash
|
|
276
|
-
npm install # dev deps only (typescript, @types/node)
|
|
277
|
-
npm run build # compile to dist/
|
|
278
|
-
npm test # 105 tests across capability/mandate/delegation/revocation/audit/mcp/asymmetric/persist/server/a2a/lint/control-plane/quickstart
|
|
279
|
-
```
|
|
280
|
-
|
|
281
|
-
Run the reference integrations:
|
|
282
|
-
|
|
283
|
-
```bash
|
|
284
|
-
npm run example:data-access # a read-only data agent
|
|
285
|
-
npm run example:spend # a budget- and rate-limited spend agent
|
|
286
|
-
npm run example:delegation # two-agent attenuation + cascade revoke
|
|
287
|
-
npm run example:a2a # agent-to-agent delegation over HTTP
|
|
288
|
-
npm run example:control-plane # revocation propagation across agents
|
|
289
|
-
```
|
|
273
|
+
## Usage
|
|
290
274
|
|
|
291
275
|
### CLI
|
|
292
276
|
|
|
@@ -452,26 +436,6 @@ child = mandate.attenuate(can=["read:calendar"], expires_in="10m")
|
|
|
452
436
|
- **MCP server + `llms.txt` + typed schemas** — the agent-adoption kit.
|
|
453
437
|
- **Three reference integrations** — data-access, spend-limited, two-agent delegation.
|
|
454
438
|
|
|
455
|
-
## Status
|
|
456
|
-
|
|
457
|
-
Beyond the initial MVP, this now includes **Ed25519 asymmetric verification**
|
|
458
|
-
(any party verifies offline with just the issuer public key), **file-backed
|
|
459
|
-
persistence** for revocation + audit, a **`agent-authority` CLI**, a **dependency-free
|
|
460
|
-
stdio MCP server**, an **A2A HTTP transport** that carries the verifiable chain
|
|
461
|
-
between agents, **capability linting**, **cross-language wire interop**
|
|
462
|
-
(TS⇄Python mandates verify in either port), and a **control plane** for
|
|
463
|
-
revocation propagation, audit retention, and consent/policy with a dashboard, and
|
|
464
|
-
**dynamic per-surface quickstarts** that wire Behalf into any AI (Claude Code,
|
|
465
|
-
Cursor, Copilot, Gemini, GPT, or a custom surface). CI runs both test suites plus
|
|
466
|
-
the interop check on Node 20/22 and Python 3.9/3.12.
|
|
467
|
-
|
|
468
|
-
All control-plane state can be file-backed for durability — revocation, audit,
|
|
469
|
-
and now consent + policy (`FileConsentStore`, `FilePolicyStore`); the
|
|
470
|
-
`agent-authority-control-plane` bin persists everything under `$BEHALF_HOME`. The Python
|
|
471
|
-
port has full parity: not just the library and control plane, but the tooling
|
|
472
|
-
too — the `agent-authority` CLI, the `agent-authority-mcp` stdio server, and the quickstart
|
|
473
|
-
generator (`python -m agent_authority.cli`, or the console scripts after `pip install`).
|
|
474
|
-
|
|
475
439
|
## Limitations & roadmap
|
|
476
440
|
|
|
477
441
|
Honest about what this reference implementation does *not* yet do:
|
|
@@ -527,26 +491,6 @@ durability/scaling/hardening trade-offs.
|
|
|
527
491
|
This implementation has not had an independent cryptographic audit — commission
|
|
528
492
|
one before any 1.0 / production positioning.
|
|
529
493
|
|
|
530
|
-
## Publishing
|
|
531
|
-
|
|
532
|
-
Releases are cut by `.github/workflows/release.yml` on a `v*` tag (every other
|
|
533
|
-
run is a safe dry-run). Both packages publish as **`agent-authority`**.
|
|
534
|
-
|
|
535
|
-
- **PyPI — Trusted Publishing (no token).** On PyPI, add a *pending publisher*
|
|
536
|
-
(Account → Publishing): PyPI project `agent-authority`, owner `novaai0401-ui`,
|
|
537
|
-
repository `agent-authority`, workflow `release.yml`. This authorizes the first
|
|
538
|
-
publish of a brand-new project over OIDC — no `PYPI_TOKEN` secret, nothing to
|
|
539
|
-
leak or rotate.
|
|
540
|
-
- **npm.** Add an automation `NPM_TOKEN` as a repository secret
|
|
541
|
-
(Settings → Secrets and variables → Actions); the workflow publishes with npm
|
|
542
|
-
provenance.
|
|
543
|
-
|
|
544
|
-
Then:
|
|
545
|
-
|
|
546
|
-
```bash
|
|
547
|
-
git tag v0.1.0 && git push origin v0.1.0 # triggers the gated publish of both
|
|
548
|
-
```
|
|
549
|
-
|
|
550
494
|
## License
|
|
551
495
|
|
|
552
496
|
MIT — see [LICENSE](./LICENSE). Open source, use it anywhere, including
|
package/dist/mcp-server.js
CHANGED
|
@@ -28,7 +28,7 @@ export function createMcpServer(engine = Behalf.default) {
|
|
|
28
28
|
return ok({
|
|
29
29
|
protocolVersion: PROTOCOL_VERSION,
|
|
30
30
|
capabilities: { tools: {} },
|
|
31
|
-
serverInfo: { name: "agent-authority", version: "0.1.
|
|
31
|
+
serverInfo: { name: "agent-authority", version: "0.1.1" },
|
|
32
32
|
});
|
|
33
33
|
case "notifications/initialized":
|
|
34
34
|
case "initialized":
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-authority",
|
|
3
|
-
"version": "0.1.
|
|
4
|
-
"description": "Authorization for AI agents: verifiable, scoped, revocable capability tokens (mandates) with attenuable delegation, for MCP and A2A. The reference implementation of agent authority
|
|
3
|
+
"version": "0.1.1",
|
|
4
|
+
"description": "Authorization for AI agents: verifiable, scoped, revocable capability tokens (mandates) with attenuable delegation, for MCP and A2A. The reference implementation of agent authority \u2014 zero-dependency TypeScript & Python.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"sideEffects": false,
|