feat(dashboard): D7 mint JWS + agent provenance + recent registrations#13
Merged
Conversation
The signup endpoint returns agent_card_jws but the modal was discarding it — only the api_key was displayed. AgentCard JWS is the verifiable provenance artifact: customers need to pin or publish it to prove the agent is theirs. Two changes: - Render the JWS in a readonly textarea with a CopyPill, alongside the existing API key field. - Replace the unconditional "I've saved it" button with a confirmation checkbox + disabled-until-checked "Continue" button. Mirrors the Bug #6 pattern from the Sun dashboard audit: keys that cannot be recovered should require an explicit acknowledgement before close, not just a click-through. The scrim/Escape close path is already blocked during the minted step, so the only exit is via the checkbox-gated Continue button. Co-Authored-By: Claude <noreply@anthropic.com>
Previously Canonical/did:web/Registered were derived from audit events
alone — they showed "—" whenever the agent.registered event had fallen
out of the latest 500-event window, or before the first event existed
at all.
Prefer the authoritative AgentDetailResponse (already fetched server-
side via proxyGet) for canonical_uri + did_web. Fall back to the
audit-derived snapshot, then to a constructed default. The fields now
always render a real value once the agent exists, instead of misleading
em-dashes.
Also surface framework + installed_via from privateDetail — installed_via
("via SDK install" / "via GitHub OAuth") tells the auto-register story
on the page that customers actually look at after running ainfera.
Drops the local layerOf in favor of the shared lib/audit-layers helper
introduced in 9e389ae — keeps L1-L5 mapping consistent across views.
Co-Authored-By: Claude <noreply@anthropic.com>
Add a section above the stat grid that lists agent.registered events
from the last 24h, dedup'd by agent_name. Each row links to the agent
detail page with the canonical URI and a relative timestamp.
The loop the surface explains:
pip install ainfera
-> ainfera init
-> agent appears here within seconds
-> ainfera.* events flow through the audit chain
The data was already arriving — Phase 1's CORS fix makes the events
visible — but Overview had no surface that singled out registrations
from inferences. Tulkas auto-registered "sacrificial-001" on
2026-05-16 03:58 UTC via SDK install; that fact now visibly renders.
Section is conditional (only shows when registrations exist in the
window) so it doesn't add an empty placeholder for fresh tenants.
Co-Authored-By: Claude <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue.
Reviewed by Cursor Bugbot for commit cb914d0. Configure here.
| fontFamily: "var(--font-mono)", | ||
| }} | ||
| > | ||
| Recently added · {snap.recentRegistrations.length} in 24h |
There was a problem hiding this comment.
Header count misrepresents total due to cap
Low Severity
The header text "Recently added · {snap.recentRegistrations.length} in 24h" implies it shows the total number of agent registrations in the last 24 hours, but recentRegistrations is hard-capped at 5 entries via the break at line 143. If more than 5 unique agents register within 24h, the header will say "5 in 24h" instead of the actual count — misrepresenting the total as the display-capped count.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit cb914d0. Configure here.
3 tasks
hizrianraz
added a commit
that referenced
this pull request
May 16, 2026
/skill.md is the AI-native discovery document — agents reading it learn
which model values to pass in the `model` field of /v1/inference. Prior
text used human prose ("Claude Opus 4.7", "GPT-5.5") which doesn't help
an LLM generate the canonical slug string.
After api PR #13 (canonical slug→upstream adapter translation) shipped,
all 5 AAMC v1.0 canonical slugs route correctly:
claude-opus-4-7, gpt-5-5, gemini-3-1-pro, grok-4, mistral-large-3
This adds the canonical slugs inline + a paragraph explaining the
provider-drift firewall (e.g. gpt-5-5 → upstream gpt-5.5-pro). Caught
by E2E v3 cross-cutting check C10.
Memory #6 + feedback-aamc-active-lock + feedback-slug-adapter-coupling.
Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three D7 dashboard wins, each its own commit:
feat(mint)— MintAgentModal now displays theagent_card_jws(verifiable provenance, was previously discarded from the signup response) and gates close on an explicit "I've saved the key" checkbox. Mirrors the Bug chore(deps-dev): Bump @types/node from 22.19.19 to 25.9.1 #6 pattern from the Sun dashboard audit: keys that cannot be recovered should require an acknowledgement, not a click-through.feat(agents)— Agent detail page prefers the authoritativeAgentDetailResponse(already proxy-fetched server-side) for canonical / did:web / framework / installed_via, falling back to audit-event-derived values, then to constructed defaults. No more "—" placeholders once an agent exists. Adds aninstalled_viachip that tells the auto-register story on the page customers look at after runningainfera.feat(overview)— Above the stat grid, a "Recently added · N in 24h" surface listsagent.registeredevents dedup'd by agent_name. Each row links to the agent detail page. Sells the auto-register loop ("your install just appeared") with copy: Agents appear here automatically when you runainferain your project — no signup form, no manual provisioning. Section is conditional so it doesn't show an empty placeholder for fresh tenants.Why
Sun dashboard audit + D7 Option A. These three are the customer-visible "Mint → agent appears → click in to see provenance" loop. Other D7 phases (Stripe / CDP / Annex IV / test-call) were intentionally deferred to D9+ with CLI fallbacks rather than half-shipped with placeholder secrets.
Test plan
tsc --noEmitclean/agents/vardashows real canonical / did:web / framework / installed_via chip (no em-dashes)/dashboardshows "Recently added" surface fortulkas/sacrificial-001(registered 2026-05-16 03:58 UTC, still within 24h until 2026-05-17 03:58 UTC)🤖 Generated with Claude Code
Note
Medium Risk
Moderate risk UI/UX changes that affect core onboarding flows (mint modal completion gating and new dashboard/agent-detail surfaces) but do not alter server-side logic or permissions.
Overview
Improves the dashboard onboarding loop by surfacing new-agent provenance and registration signals.
On
AgentDetailView, canonical/did:web values now preferAgentDetailResponse(with fallbacks) and the page shows optionalframeworkplus aninstalled_viachip; the locallayerOfmapping is removed in favor of the shared@/lib/audit-layershelper.On
OverviewView, the snapshot includesrecentRegistrationsand the page conditionally renders a “Recently added” section showing up to 5 dedupedagent.registeredevents from the last 24h.MintAgentModalnow displays and enables copying theagent_card_jws, and requires an explicit “I’ve saved the API key” checkbox before allowing users to continue/close the success step.Reviewed by Cursor Bugbot for commit cb914d0. Bugbot is set up for automated code reviews on this repo. Configure here.