Skip to content

feat: VC-based authorization, sidecar management APIs, and multi-version reasoners #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AbirAbbas wants to merge 44 commits into
base: main
Choose a base branch
from
Open

feat: VC-based authorization, sidecar management APIs, and multi-version reasoners #188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
0cde0b1
feat(control-plane): add VC-based authorization foundation
AbirAbbas Feb 4, 2026
0106624
feat(vc-authorization): complete VC-based authorization system implem…
AbirAbbas Feb 5, 2026
c0f1d57
fix(control-plane): fix pre-existing test bugs exposed by FTS5 build tag
AbirAbbas Feb 5, 2026
6119f8f
fix(control-plane): fix pre-existing test bugs exposed by FTS5 build tag
AbirAbbas Feb 5, 2026
9fe8858
fix(control-plane): fix SSE tests leaking goroutines via incorrect co…
AbirAbbas Feb 5, 2026
8a4c3f3
ts sdk and bug fix on did web
AbirAbbas Feb 5, 2026
f90a875
feat(examples): add permission test agents and enable VC authorizatio…
AbirAbbas Feb 5, 2026
20bda32
Fixes
AbirAbbas Feb 6, 2026
393e519
fix(sdk-python): update test fakes for DID credential wiring in _regi…
AbirAbbas Feb 6, 2026
39a1954
more improvements
AbirAbbas Feb 6, 2026
8e671fb
6th iteration of fixes
AbirAbbas Feb 6, 2026
b83f5be
end to end tested
AbirAbbas Feb 6, 2026
8396b29
feat(sdk): add Go & TS permission test agents, fix DID auth signing
AbirAbbas Feb 6, 2026
026e4e2
fix(sdk-ts): update header-forwarding test for pre-serialized JSON body
AbirAbbas Feb 6, 2026
54aa126
manual testing updates
AbirAbbas Feb 6, 2026
c5e5556
fix(vc-auth): fix re-approval deadlock, empty caller_agent_id, and er…
AbirAbbas Feb 7, 2026
cbbcd40
fix go missing func
AbirAbbas Feb 8, 2026
e030d81
address dx changes
AbirAbbas Feb 9, 2026
7095941
temp
AbirAbbas Feb 9, 2026
668ed79
more fixes
AbirAbbas Feb 10, 2026
0cac1c2
finalized
AbirAbbas Feb 10, 2026
5df611a
better error prop
AbirAbbas Feb 10, 2026
fa18933
fix: update TS DID auth tests to match nonce-based signing format
AbirAbbas Feb 10, 2026
6ffe576
fix: add rate limiting to DID auth middleware on execution endpoints
AbirAbbas Feb 10, 2026
5cdfdf8
fix: use express-rate-limit for DID auth middleware to satisfy CodeQL
AbirAbbas Feb 10, 2026
27455d7
fix: remove duplicate countWorkflowRuns method from rebase
AbirAbbas Feb 10, 2026
ccba62a
UI cleanup
AbirAbbas Feb 10, 2026
6a09ce0
pydantic formatting fix
AbirAbbas Feb 11, 2026
3d6a50b
connector changes
AbirAbbas Feb 12, 2026
9db17be
implemented multi agents with versioning
AbirAbbas Feb 13, 2026
4ac437f
feat(ui): polished authorization page with unified tabs and visual st…
santoshkumarradha Feb 13, 2026
70a5072
Merge branch 'feat/vc-authorization' into feat/connector
AbirAbbas Feb 13, 2026
9ae4e62
multi versioning connector setup
AbirAbbas Feb 13, 2026
d89eb23
add agent to agent direct checks
AbirAbbas Feb 17, 2026
234c441
Merge branch 'feat/vc-authorization' into feat/connector
AbirAbbas Feb 18, 2026
1a6c32a
bugfixes on connector
AbirAbbas Feb 20, 2026
8d25a95
QA fixes
AbirAbbas Feb 20, 2026
c248e89
package lock
AbirAbbas Feb 21, 2026
34f1c74
Merge main into feat/vc-authorization
AbirAbbas Feb 21, 2026
f9d30dd
Merge branch 'feat/vc-authorization' into feat/connector
AbirAbbas Feb 23, 2026
f9d9dcf
bug fixes on permissions & versioning flow
AbirAbbas Feb 23, 2026
380dcb2
Merge main into feat/connector
AbirAbbas Feb 25, 2026
4f7fe7a
fix: add missing DeleteAgentVersion stub and guard postgres migration…
AbirAbbas Feb 25, 2026
a75e963
add postgres testing to dev
AbirAbbas Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/control-plane.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ dist/
coverage.out
*.test
tmp/
examples/go_agent_nodes/permission_agent_*
examples/go_agent_nodes/go_agent_nodes

# Compiled binaries
control-plane/agentfield-server
control-plane/af
examples/**/go_agent_node*
!examples/**/*.go

# Python
__pycache__/
Expand Down
7 changes: 7 additions & 0 deletions control-plane/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,13 @@ AGENTFIELD_STORAGE_MODE=local
# AGENTFIELD_STORAGE_CLOUD_CONNECTION_POOL=true
# AGENTFIELD_STORAGE_CLOUD_REPLICATION_MODE=async

# VC Authorization
# Admin token for admin API endpoints (tag approval, policy management)
# AGENTFIELD_AUTHORIZATION_ADMIN_TOKEN=admin-secret
# Internal token sent to agents during request forwarding.
# Agents with RequireOriginAuth=true validate this to ensure only the control plane can invoke them.
# AGENTFIELD_AUTHORIZATION_INTERNAL_TOKEN=internal-secret-token

# Development/Debug
# GIN_MODE=debug
# LOG_LEVEL=info
Binary file removed control-plane/agentfield-server
View file
Open in desktop
Binary file not shown.
71 changes: 71 additions & 0 deletions control-plane/config/agentfield.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

34 changes: 31 additions & 3 deletions control-plane/dev.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@
# Start control plane with hot-reload using Air
#
# Usage:
# ./dev.sh # Start with hot-reload (SQLite mode)
# ./dev.sh postgres # Start with PostgreSQL (set AGENTFIELD_DATABASE_URL first)
# ./dev.sh # SQLite mode with hot-reload
# ./dev.sh postgres # PostgreSQL mode (starts postgres via docker-compose)
# ./dev.sh pg-stop # Stop the dev postgres container
# ./dev.sh pg-reset # Stop postgres and wipe its data volume
# ./dev.sh pg-test # Run Go postgres tests against dev database
#
# Prerequisites:
# go install github.com/air-verse/air@v1.61.7
Expand All @@ -17,12 +20,37 @@ if ! command -v air &> /dev/null; then
go install github.com/air-verse/air@v1.61.7
fi

pg_up() {
echo "Starting dev postgres..."
docker compose -f docker-compose.dev.yml up -d --wait
echo "Postgres ready at localhost:5432 (agentfield_dev)"
}

pg_down() {
docker compose -f docker-compose.dev.yml down "$@"
}

case "${1:-}" in
postgres|pg)
pg_up
echo "Starting control plane with PostgreSQL (hot-reload)..."
export AGENTFIELD_STORAGE_MODE=postgresql
export AGENTFIELD_STORAGE_MODE=postgres
air -c .air.toml
;;
pg-stop)
echo "Stopping dev postgres..."
pg_down
;;
pg-reset)
echo "Stopping dev postgres and wiping data..."
pg_down -v
;;
pg-test)
pg_up
echo "Running postgres storage tests..."
POSTGRES_TEST_URL="postgres://agentfield:agentfield@localhost:5433/agentfield_dev?sslmode=disable" \
go test ./internal/storage/ -run TestPostgres -v -count=1
;;
*)
echo "Starting control plane with SQLite (hot-reload)..."
export AGENTFIELD_STORAGE_MODE=local
Expand Down
20 changes: 20 additions & 0 deletions control-plane/docker-compose.dev.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion control-plane/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ require (
github.com/spf13/cobra v1.8.1
github.com/spf13/viper v1.20.1
github.com/stretchr/testify v1.10.0
golang.org/x/crypto v0.37.0
golang.org/x/term v0.32.0
google.golang.org/grpc v1.67.3
google.golang.org/protobuf v1.36.6
Expand Down Expand Up @@ -94,7 +95,6 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/arch v0.15.0 // indirect
golang.org/x/crypto v0.37.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/sync v0.13.0 // indirect
golang.org/x/sys v0.36.0 // indirect
Expand Down
4 changes: 4 additions & 0 deletions control-plane/internal/application/container.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (

"github.com/Agent-Field/agentfield/control-plane/internal/cli/framework"
"github.com/Agent-Field/agentfield/control-plane/internal/config"
"github.com/Agent-Field/agentfield/control-plane/internal/encryption"
"github.com/Agent-Field/agentfield/control-plane/internal/core/services"
"github.com/Agent-Field/agentfield/control-plane/internal/infrastructure/process"
"github.com/Agent-Field/agentfield/control-plane/internal/infrastructure/storage"
Expand Down Expand Up @@ -55,6 +56,9 @@ func CreateServiceContainer(cfg *config.Config, agentfieldHome string) *framewor
// Create DID registry with database storage (required)
if storageProvider != nil {
didRegistry = didServices.NewDIDRegistryWithStorage(storageProvider)
if passphrase := cfg.Features.DID.Keystore.EncryptionPassphrase; passphrase != "" {
didRegistry.SetEncryptionService(encryption.NewEncryptionService(passphrase))
}
} else {
// DID registry requires database storage, skip if not available
didRegistry = nil
Expand Down
Loading
Loading