feat: VC-based authorization, sidecar management APIs, and multi-version reasoners#188
Open
feat: VC-based authorization, sidecar management APIs, and multi-version reasoners#188
Conversation
This commit introduces the foundation for the new VC-based authorization system that replaces API key distribution with admin-approved permissions. Key components added: - Architecture documentation (docs/VC_AUTHORIZATION_ARCHITECTURE.md) - Database migrations for permission approvals, DID documents, and protected agents - Core types for permissions and did:web support - DIDWebService for did:web generation, storage, and resolution - PermissionService for permission requests, approvals, and VC issuance The system enables: - Agents self-assigning tags (identity declaration) - Admin approval workflow for protected agent access - Real-time revocation via did:web - Control plane as source of truth for approvals Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…entation - Add DID authentication middleware with Ed25519 signature verification - Add permission checking middleware for protected agent enforcement - Implement admin API handlers for permission management (approve/reject/revoke) - Add permission request and check API endpoints - Implement storage layer for DID documents, permission approvals, protected agent rules - Add comprehensive integration test suite (14 test functions covering all phases) - Add Admin UI pages: PendingPermissions, PermissionHistory, ProtectedAgents - Add Go SDK DID authentication support - Add Python SDK DID authentication support - Fix CI to enable FTS5 tests (previously all SQLite-dependent tests were skipped) - Add security documentation for DID authentication - Add implementation guide documentation Co-Authored-By: Claude <noreply@anthropic.com>
TestGetNodeDetailsHandler_Structure expected HTTP 400 for missing route param but Gin returns 404. TestGetNodeStatusHandler_Structure was missing a mock expectation for GetAgentStatus causing a panic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The CI workflow change from `go test ./...` to `go test -tags sqlite_fts5 ./...` caused previously-skipped tests to execute, revealing 15 pre-existing bugs: - UI handler tests: Register agents in storage and configure mocks for GetAgentStatus calls; fix assertions to match actual behavior (health check failures mark agents inactive, not error the request) - VC service tests: Fix GetWorkflowVC lookups to use workflow_vc_id not workflow_id; fix issuer mismatch test to tamper VCDocument JSON instead of metadata field; fix error message assertion for empty VC documents - VC storage tests: Fix GetWorkflowVC key lookups; fix empty result assertions - PresenceManager tests: Register agents in storage so markInactive -> UpdateAgentStatus -> GetAgentStatusSnapshot -> GetAgent succeeds; add proper sync.Mutex for callback vars; use require.Eventually instead of time.Sleep; set HardEvictTTL for lease deletion test - Webhook storage: Fix hardcoded Pending status to use webhook.Status - Execution records test: Fix LatestStarted assertion (CreateExecutionRecord overwrites updated_at with time.Now()) - Cleanup test: Wire countWorkflowRuns and deleteWorkflowRuns into workflow cleanup path Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ntext cancellation Multiple SSE tests called req.Context().Done() expecting it to cancel the context, but Done() only returns a channel — it doesn't cancel anything. This caused SSE handler goroutines to block forever, leaking and eventually causing a 10-minute test timeout in CI. Fixed all affected tests to use context.WithCancel + explicit cancel() call, matching the pattern already used by the working SSE tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…n config Add two example agents for manually testing the VC authorization system end-to-end: permission-agent-a (caller) and permission-agent-b (protected target). Enable authorization in the default config with seeded protection rules. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ster_agent_with_did The previous commit added identity_package access and client credential wiring to _register_agent_with_did but didn't update the test fakes. _FakeDIDManager now provides a realistic identity_package and _FakeAgentFieldClient supports set_did_credentials, so the full registration path is exercised in tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add Go permission test agents (caller + protected target with 3 reasoners) - Add TS permission test agents (caller + tag-protected target with VC generation) - Fix TS SDK DID auth: pass pre-serialized JSON string to axios to ensure signed bytes match what's sent on the wire - Fix Python SDK test for async execution manager payload serialization change - Add go-perm-target protection rule to config - Gitignore compiled Go agent binaries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The execute() method now passes a JSON string instead of an object to axios for DID auth signing consistency. Update test assertion to match. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ror propagation
- Fix re-approval deadlock: expand auto-request condition to trigger for
revoked/rejected statuses, not just empty (permission.go)
- Fix empty caller_agent_id: add DID registry fallback in
ResolveAgentIDByDID for did:key resolution (did_service.go, did_web_service.go)
- Fix HTTP 200 for failed executions: return 502 with proper error details
when inner agent-to-agent calls fail (execute.go)
- Fix error propagation across all 3 SDKs:
- Go SDK: add ExecuteError type preserving status code and error_details
- TS SDK: propagate err.responseData as error_details in all error handlers
- Python SDK: add ExecuteError class, extract JSON body from 4xx responses
instead of losing it via raise_for_status(), propagate error_details in
async callback payloads
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests expected the old 3-header format ({timestamp}:{bodyHash}) but the
implementation correctly uses 4 headers with nonce ({timestamp}:{nonce}:{bodyHash}),
matching Go and Python SDKs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Addresses code scanning alert about missing rate limiting on the authorization route handler. Adds a sliding-window rate limiter (30 requests per IP per 60s) to the local verification middleware. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace custom Map-based rate limiter with express-rate-limit package, which CodeQL recognizes as a proper rate limiting implementation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…andardization Replace separate TagApprovalPage and AccessPoliciesPage with a single tabbed AuthorizationPage. Add polished authorization components: - AccessRulesTab: 48px rows, sorted policies, ALLOW/DENY border colors - AgentTagsTab: all agents with tag data, sorted, neutral badges - ApproveWithContextDialog: tag selection with policy impact preview - PolicyFormDialog: chip-input for tags with known-tag suggestions - PolicyContextPanel: shows affected policies for selected tags - RevokeDialog: neutral styling, optional reason - ChipInput, TooltipTagList: reusable tag UI components Backend additions: - GET /api/ui/v1/authorization/agents: returns all agents with tag data - GET /api/v1/admin/tags: returns all known tags from agents & policies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve conflicts in async_execution_manager.py and client.py by keeping both auth_headers (from main) and did_authenticator (from this branch) parameters. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
# Conflicts: # control-plane/agentfield-server
Resolve conflicts in Python SDK: keep both DID auth (feat/connector) and typed exceptions (main) imports. Use AgentFieldClientError for network errors while preserving detailed error body parsing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Performance
⚠ Regression detected:
|
AbirAbbas
changed the title
… for fresh DBs Two CI failures: 1. linux-tests: stubStorage in server_routes_test.go was missing the DeleteAgentVersion method added to the StorageProvider interface by the multi-version work. Add the stub. 2. Functional Tests (postgres): migrateAgentNodesCompositePKPostgres tried to ALTER TABLE agent_nodes before GORM created it on fresh databases. The information_schema.columns query returns count=0 (not an error) when the table doesn't exist, so the function proceeded to run ALTER statements against a nonexistent table. Add an explicit table existence check matching the pattern already used by the SQLite migration path. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
|
@AbirAbbas reminder for us to update docs as well b4 merging. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces three major capabilities to the AgentField control plane:
1. VC-Based Authorization System
A complete tag-based authorization model built on W3C Verifiable Credentials and Decentralized Identifiers (DIDs):
auto/manual/forbidden). Agents withmanualtags enterpending_approvalstate until an admin reviews them.ALLOW/DENYactions, priority ordering, function-level granularity, and parameter constraints. No matching policy = allow (backward compatible).did:webresolution — Control plane hosts DID documents, enabling real-time revocation. Revoking an agent's tags immediately blocks subsequent calls (returns 503).2. Sidecar Management APIs
New capability-scoped REST API surface (
/api/v1/connector/*) that allows an external sidecar process to manage the control plane remotely:GET /manifest. The control plane is the sole authority for what the sidecar token can access.3. Multi-Version Reasoner Support
Agents can now register multiple versions of the same reasoner, enabling blue/green deployments and canary rollouts:
SDK Changes (Go, Python, TypeScript)
ExecuteErrortype across all SDKs preserves HTTP status codes and structured error bodies from failed cross-agent calls (previously lost byraise_for_status()).Database Migrations
018through023: DID documents, access policies, agent tag VCs tables. Migration023cleans up two intermediate tables that were superseded during development.Testing
Bug Fixes
caller_agent_idin DID registry lookups fordid:keyresolutionTest plan
go test -tags sqlite_fts5 ./...incontrol-plane/— all tests passcd sdk/python && python -m pytestcd sdk/typescript && npm test🤖 Generated with Claude Code