vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3530285b9a4aaf9b4264c580187774cc2c3261a
sentryagent-idp/openspec/changes/phase-1-mvp-implementation/proposal.md
SentryAgent.ai Developer d3530285b9 feat: Phase 1 MVP — complete AgentIdP implementation 
Implements all P0 features per OpenSpec change phase-1-mvp-implementation:
- Agent Registry Service (CRUD) — full lifecycle management
- OAuth 2.0 Token Service (Client Credentials flow)
- Credential Management (generate, rotate, revoke)
- Immutable Audit Log Service

Tech: Node.js 18+, TypeScript 5.3+ strict, Express 4.18+, PostgreSQL 14+, Redis 7+
Standards: OpenAPI 3.0 specs, DRY/SOLID, zero `any` types
Quality: 18 unit test suites, 244 tests passing, 97%+ coverage
OpenAPI: 4 complete specs (14 endpoints total)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 09:14:41 +00:00

2.5 KiB
Raw Blame History

Why

SentryAgent.ai AgentIdP has no implemented codebase — only scaffolding exists. Phase 1 MVP must ship a production-ready Agent Identity Provider so developers worldwide can register, authenticate, and govern their AI agents for free. All four P0 features have CEO-approved OpenAPI 3.0 specs and are ready for implementation.

What Changes

  • NEW: Agent Registry Service — full CRUD lifecycle management for AI agent identities (AGNTCY-aligned)
  • NEW: OAuth 2.0 Token Service — Client Credentials grant (RFC 6749), token introspection (RFC 7662), token revocation (RFC 7009)
  • NEW: Credential Management Service — generate, rotate, and revoke agent client_id/client_secret pairs
  • NEW: Audit Log Service — immutable, append-only compliance event log (read-only via API)
  • NEW: Express.js application bootstrap — routing, middleware (helmet, cors, morgan, pino), error handling
  • NEW: PostgreSQL database layer — migrations, connection pool, typed query services
  • NEW: Redis caching layer — token validation cache, rate-limit counters
  • NEW: Shared infrastructure — typed error hierarchy, Joi validation, JWT utilities, crypto utilities, DI container

Capabilities

New Capabilities

  • agent-registry: Register, retrieve, update, and decommission AI agent identities with AGNTCY-aligned fields (agentId, email, agentType, capabilities, owner, deploymentEnv, status)
  • oauth2-token: Issue signed JWT access tokens via OAuth 2.0 Client Credentials flow; introspect and revoke tokens per RFC
  • credential-management: Generate and rotate client_id/client_secret pairs per agent; revoke credentials; clientSecret shown once only
  • audit-log: Query immutable audit events by agentId, action, outcome, and date range; 90-day free-tier retention

Modified Capabilities

None — this is a greenfield implementation.

Impact

  • APIs: 14 new REST endpoints across 4 services (/agents, /token, /agents/{id}/credentials, /audit)
  • Database: 4 new PostgreSQL tables (agents, tokens, credentials, audit_events) with migrations
  • Cache: Redis used for token validation and rate-limit counters
  • Dependencies: Express, Joi, jsonwebtoken, bcryptjs, uuid, pg, redis, pino, helmet, cors, dotenv (all pre-approved in README Section 7)
  • Auth: All endpoints require Bearer JWT; token endpoint uses client_id/client_secret
  • Free tier enforcement: 100 agents max, 10,000 tokens/month, 100 req/min rate limit, 90-day audit retention
Reference in New Issue View Git Blame Copy Permalink