f1fbe0e29a
Archived 4 completed OpenSpec changes (2026-04-02): - phase-3-enterprise (100/100 tasks) — 6 Phase 3 capabilities synced - devops-documentation (48/48 tasks) — 3 new + 1 merged capability - bedroom-developer-docs (33/33 tasks) — 4 new capabilities synced - engineering-docs (superseded by 2026-03-29 archive) — no tasks Main spec library grows from 21 → 35 capabilities (+14 new): federation, multi-tenancy, oidc, soc2, w3c-dids, webhooks, database, operations, system-overview, api-reference, core-concepts, developer-guides, quick-start + deployment (merged additive requirements) Active changes: 0 — project board is clear for Phase 4 planning. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.0 KiB
ADDED Requirements
Requirement: Core concepts guide exists at docs/developers/concepts.md
The system SHALL provide a concepts guide at docs/developers/concepts.md that explains the AgentIdP model in plain English with no assumed prior knowledge of AGNTCY or OAuth 2.0.
Scenario: Developer understands what AgentIdP is
- WHEN a developer reads the concepts guide
- THEN they SHALL be able to explain in one sentence what SentryAgent.ai AgentIdP does and why they need it
Requirement: Concepts guide explains what an AI agent identity is
The guide SHALL explain in plain English what it means to give an AI agent an identity — how it differs from a human user account and why agents need their own identity model.
Scenario: Agent identity vs human identity distinction is clear
- WHEN the developer reads the agent identity section
- THEN they SHALL understand that agents are non-human, machine-operated identities that need persistent, auditable credentials — not session-based logins
Requirement: Concepts guide explains the AGNTCY alignment
The guide SHALL explain what AGNTCY is (Linux Foundation standard), why SentryAgent.ai aligns to it, and what benefit that gives the developer — without requiring the developer to read the AGNTCY specification.
Scenario: Developer understands AGNTCY without external reading
- WHEN the developer reads the AGNTCY section
- THEN they SHALL understand that AGNTCY-aligned agent IDs are interoperable across the AI agent ecosystem, and that SentryAgent.ai implements this for free
Requirement: Concepts guide explains the agent lifecycle
The guide SHALL explain the four lifecycle states of an agent (active, suspended, decommissioned) and what each state means for credential and token behaviour.
Scenario: Developer understands what happens when an agent is decommissioned
- WHEN the developer reads the lifecycle section
- THEN they SHALL understand that decommissioning is irreversible, all credentials are revoked, and no new tokens can be issued
Requirement: Concepts guide explains OAuth 2.0 Client Credentials in plain English
The guide SHALL explain the Client Credentials grant in plain English — no RFC references, no formal OAuth jargon — focused on how agents use it to authenticate.
Scenario: Developer understands client_id and client_secret without prior OAuth knowledge
- WHEN the developer reads the OAuth section
- THEN they SHALL understand that client_id identifies the agent and client_secret proves it — analogous to a username and password for machines
Requirement: Concepts guide explains the free-tier limits
The guide SHALL document all free-tier limits (100 agents, 10,000 tokens/month, 100 req/min, 90-day audit retention) in a clear table.
Scenario: Developer knows the limits before hitting them
- WHEN the developer reads the free-tier section
- THEN they SHALL see a table with all four limits and a note on what happens when each is exceeded