vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03b5de300c0eb9a762c40b1bcb88899a7fce7f66
sentryagent-idp/policies/data/scopes.json
SentryAgent.ai Developer 03b5de300c feat(phase-3): workstream 4 — AGNTCY Federation 
Implements cross-IdP token verification for the AGNTCY ecosystem:

- Migration 015: federation_partners table (issuer, jwks_uri,
  allowed_organizations JSONB, status, expires_at)
- FederationService: registerPartner (JWKS validation at registration),
  listPartners, getPartner, updatePartner, deletePartner,
  verifyFederatedToken (alg:none rejected, RS256/ES256 only,
  allowedOrganizations filter, expiry enforcement)
- JWKS caching in Redis (TTL: FEDERATION_JWKS_CACHE_TTL_SECONDS);
  cache invalidated on partner delete and jwks_uri change
- FederationController + routes: 5 admin:orgs endpoints +
  POST /federation/verify (agents:read)
- OPA policy: 5 federation admin endpoint → admin:orgs mappings
- 499 unit tests passing; 94.69% statement coverage on FederationService

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 10:13:49 +00:00

30 lines
1.9 KiB
JSON
Raw Blame History

{
"endpoint_permissions": {
"GET:/api/v1/agents": ["agents:read"],
"GET:/api/v1/agents/:id": ["agents:read"],
"POST:/api/v1/agents": ["agents:write"],
"PATCH:/api/v1/agents/:id": ["agents:write"],
"DELETE:/api/v1/agents/:id": ["agents:write"],
"GET:/api/v1/agents/:id/credentials": ["agents:read"],
"POST:/api/v1/agents/:id/credentials": ["agents:write"],
"POST:/api/v1/agents/:id/credentials/:credId/rotate": ["agents:write"],
"DELETE:/api/v1/agents/:id/credentials/:credId": ["agents:write"],
"POST:/api/v1/token/introspect": ["tokens:read"],
"POST:/api/v1/token/revoke": ["tokens:read"],
"GET:/api/v1/audit": ["audit:read"],
"GET:/api/v1/audit/:id": ["audit:read"],
"POST:/api/v1/organizations": ["admin:orgs"],
"GET:/api/v1/organizations": ["admin:orgs"],
"GET:/api/v1/organizations/:id": ["admin:orgs"],
"PATCH:/api/v1/organizations/:id": ["admin:orgs"],
"DELETE:/api/v1/organizations/:id": ["admin:orgs"],
"POST:/api/v1/organizations/:id/members": ["admin:orgs"],
"GET:/api/v1/agents/:agentId/did/resolve": ["agents:read"],
"POST:/api/v1/federation/trust": ["admin:orgs"],
"GET:/api/v1/federation/partners": ["admin:orgs"],
"GET:/api/v1/federation/partners/:id": ["admin:orgs"],
"PATCH:/api/v1/federation/partners/:id": ["admin:orgs"],
"DELETE:/api/v1/federation/partners/:id": ["admin:orgs"]
}
}
Reference in New Issue View Git Blame Copy Permalink