vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aa5167835e3ea527c1f318601796308e5672068e
sentryagent-idp/openspec/changes/archive/2026-03-28-phase-1-mvp-implementation/proposal.md
SentryAgent.ai Developer 61ea975c79 docs: bedroom developer documentation — complete docs/developers/ set 
Adds the full bedroom-developer-docs OpenSpec change implementation:

- docs/developers/README.md — index page
- docs/developers/quick-start.md — bootstrap to working token in 7 steps
- docs/developers/concepts.md — AgentIdP, AGNTCY, lifecycle, OAuth 2.0, free tier
- docs/developers/guides/README.md — guide index
- docs/developers/guides/register-an-agent.md — all fields, validation, common errors
- docs/developers/guides/manage-credentials.md — generate, list, rotate, revoke
- docs/developers/guides/issue-and-revoke-tokens.md — OAuth 2.0 flow, introspect, revoke
- docs/developers/guides/query-audit-logs.md — filters, pagination, 90-day retention
- docs/developers/api-reference.md — all 14 endpoints, all error codes, curl examples

Also commits deferred OpenSpec housekeeping from previous session:
- Archives phase-1-mvp-implementation change to openspec/changes/archive/
- Adds bedroom-developer-docs change artifacts (30/30 tasks complete)
- Syncs 4 delta specs to openspec/specs/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 14:13:03 +00:00

2.5 KiB
Raw Blame History

Why

SentryAgent.ai AgentIdP has no implemented codebase — only scaffolding exists. Phase 1 MVP must ship a production-ready Agent Identity Provider so developers worldwide can register, authenticate, and govern their AI agents for free. All four P0 features have CEO-approved OpenAPI 3.0 specs and are ready for implementation.

What Changes

  • NEW: Agent Registry Service — full CRUD lifecycle management for AI agent identities (AGNTCY-aligned)
  • NEW: OAuth 2.0 Token Service — Client Credentials grant (RFC 6749), token introspection (RFC 7662), token revocation (RFC 7009)
  • NEW: Credential Management Service — generate, rotate, and revoke agent client_id/client_secret pairs
  • NEW: Audit Log Service — immutable, append-only compliance event log (read-only via API)
  • NEW: Express.js application bootstrap — routing, middleware (helmet, cors, morgan, pino), error handling
  • NEW: PostgreSQL database layer — migrations, connection pool, typed query services
  • NEW: Redis caching layer — token validation cache, rate-limit counters
  • NEW: Shared infrastructure — typed error hierarchy, Joi validation, JWT utilities, crypto utilities, DI container

Capabilities

New Capabilities

  • agent-registry: Register, retrieve, update, and decommission AI agent identities with AGNTCY-aligned fields (agentId, email, agentType, capabilities, owner, deploymentEnv, status)
  • oauth2-token: Issue signed JWT access tokens via OAuth 2.0 Client Credentials flow; introspect and revoke tokens per RFC
  • credential-management: Generate and rotate client_id/client_secret pairs per agent; revoke credentials; clientSecret shown once only
  • audit-log: Query immutable audit events by agentId, action, outcome, and date range; 90-day free-tier retention

Modified Capabilities

None — this is a greenfield implementation.

Impact

  • APIs: 14 new REST endpoints across 4 services (/agents, /token, /agents/{id}/credentials, /audit)
  • Database: 4 new PostgreSQL tables (agents, tokens, credentials, audit_events) with migrations
  • Cache: Redis used for token validation and rate-limit counters
  • Dependencies: Express, Joi, jsonwebtoken, bcryptjs, uuid, pg, redis, pino, helmet, cors, dotenv (all pre-approved in README Section 7)
  • Auth: All endpoints require Bearer JWT; token endpoint uses client_id/client_secret
  • Free tier enforcement: 100 agents max, 10,000 tokens/month, 100 req/min rate limit, 90-day audit retention
Reference in New Issue View Git Blame Copy Permalink