Replace vendored Go broker with Docker Hub image#3
Merged
Conversation
- Created LICENSE file (MIT, T. Devon Artis 2024-2026) — was missing
- Fixed pyproject.toml license: Apache-2.0 → MIT (matches intent)
- README rewrite:
- Fixed security pattern link: v1.2 → v1.3
- Fixed repo links: agentauth-python-sdk → agentauth-python,
agentAuth → agentauth
- Added explicit link back to broker repo (AGPL-3.0)
- Added MedAssist AI demo section: what it does, what it
demonstrates (scope isolation, cross-patient denial, delegation,
token lifecycle, audit), how to run it, links to guides
- Added Testing Guide to documentation table
- License section clarifies SDK is MIT, broker is AGPL-3.0
Records the docs/readme-license-cleanup branch (pending review), SDK-stays-MIT decision, and remaining work items for both repos.
Introduce project contribution guidelines aligned with the MIT license: open-source SDK scope, uv-based dev setup (--all-extras), and explicit expectations that broker-facing work is validated against a live AgentAuth server. Document that contributors should clone and run the broker from github.com/devonartis/agentauth or use their own deployment—not assume a vendored broker directory exists in every clone. Point to tests/conftest.py for sdk-integration env vars (AGENTAUTH_BROKER_URL, client credentials, admin secret) and list the standard gates (ruff, mypy --strict, unit tests, integration when relevant). Require redacted test output or a clear summary in PRs so maintainers can review changes with evidence; never paste secrets. Add security reporting via GitHub Security Advisories. Update README Contributing section to link to CONTRIBUTING.md and keep a short quick-check command block for local lint/type/unit runs. Made-with: Cursor
…e feature request concepts.md: Replace hardcoded "customer-artis" scope example with dynamic f-string pattern using request.customer_id. Add second example showing multiple scopes per agent (read:data + read:billing + write:notes) with per-tool gating. Cross-references demo/pipeline/tools.py. MEMORY.md: Record AgentWrit rebrand decision — agentwrit.com purchased, 3-step rename path (brand now, package at PyPI publish, protocol never). broker/BACKLOG.md: Add feature request for POST /v1/token/update-scope endpoint — allows updating agent scope without breaking SPIFFE identity. Broker-side change, SDK would add agent.update_scope() method. AGENTS.md: Add greeting gate before session start.
Demo2 — Support Ticket Resolution Demo (Flask + HTMX + SSE):
New demo app showcasing AgentAuth in a customer support pipeline.
Three LLM-driven agents (triage, knowledge, response) process
support tickets under broker-issued scoped credentials.
- Identity resolution: extracts customer name from ticket text,
locks agent to that customer's data via dynamic scopes
- Triage agent: LLM classifies priority/category, read-only scope
- Knowledge agent: LLM searches internal KB, read-only scope
- Response agent: LLM drafts reply, requests tool permissions
dynamically. Dangerous tools (send_external_email, delete_account)
included in LLM tool list but blocked by scope_is_subset()
- 4 quick-fill scenarios: Happy Path, HITL Delete, Cross-Customer,
External Action — each triggers different scope behaviors
- Dark theme UI matching the MedAssist demo design language
- Flask + HTMX + SSE (different stack from demo1's FastAPI)
- Own app registration with broker (separate client_id/secret,
support-specific scope ceiling)
Files: demo2/{app,config,data,pipeline,tools,setup}.py,
demo2/templates/index.html, demo2/static/style.css
Agent Cryptographic Identity — Vision Document:
docs/concepts-agent-cryptographic-identity.md captures a major
insight: every agent's Ed25519 keypair is a first-class cryptographic
identity, not just a registration ceremony artifact.
The keypair enables:
- Agent-to-agent mutual auth (broker Go code exists, not HTTP-exposed)
- Agent-to-service auth (SSH-like, without broker at verification time)
- Signed actions (non-repudiable audit trail)
- Key persistence for long-lived agents (ephemeral vs persistent
is a parameter, not an architecture change)
- Request signing (proof-of-possession, token theft protection)
- Cross-broker federation (no shared secrets between brokers)
- Public key discovery (known_agents files, well-known URLs)
This positions the product as a PKI for AI agents — not just a
token service. The broker is the certificate authority. The agent's
keypair is the identity. Any system that speaks Ed25519 can verify
an agent without the broker being online.
Vision Transcript:
docs/vision-transcript-2026-04-09.md preserves the full conversation
arc — from scope examples through competitor analysis through the
PKI insight. Captures Devon's original thinking verbatim.
pyproject.toml: Added flask>=3.0.0 to dev dependencies for demo2.
8 sample app guides (01-08) covering real-world AgentAuth patterns: order worker, data pipeline, patient guard, moderation delegation, deploy chain, trading agent, incident response, audit scanner. Plus broker setup guide and mini-max reference doc.
Feature requests and SDK backlog live at the repo root so they survive broker re-vendoring. The broker/ directory is a frozen vendored copy that gets replaced — anything stored there is lost.
broker/ is a local-only vendored copy of the Go broker for testing. It should never be committed to this SDK repo.
…expiry
UI fixes:
- Agent cards are now dynamic — only appear when agent is created,
not static placeholders. Cards show SPIFFE ID in cyan monospace.
- Stream shows SPIFFE ID on agent_created events and scope on
tool calls (allowed/denied with scope inline).
- Reset clears agent cards between runs.
Pipeline fixes:
- Remove all HITL references — SDK has no HITL. "HITL Delete"
button renamed to "Delete Account". KB article and system
prompt updated to reference delete_account tool directly.
- Triage agent now routes: LLM decides needs_knowledge and
needs_response. Simple greetings ("Hi Jane") resolve at
triage with no knowledge or response agents spawned.
- Anonymous gate: unverified identity stops pipeline at triage
with a polite "verify your identity" response.
- Response agent prompt updated to attempt ALL tool calls in the
ticket (don't self-censor cross-customer requests — let scope
enforcement block them).
New scenario — Natural Expiry:
- Quick fill: "Can you check if my account is still active?
No rush — just curious."
- Triage agent created with 5-second TTL. No release() called.
- Pipeline shows token valid=True, waits, then token valid=False.
- Demonstrates credentials die automatically via TTL without
explicit revocation.
CSS: Added .agent-spiffe, .spiffe-id, .scope-inline, .quick-purple
styles for new UI elements.
Records: AgentWrit rebrand, demo2 build + testing results, agent cryptographic identity vision, housekeeping (gitignore, backlog move, sample apps). Main merge flagged as human decision — not to be auto-merged.
…remove secrets Phase 1: Relocated dev-internal files (MEMORY.md, FLOW.md, AGENTS.md, .plans/, specs, designs, tracker, test templates) to external devflow directory. Untracked skill configs from git. Updated .gitignore to block re-commit. Updated CLAUDE.md and devflow-client skill paths. Phase 2: Deleted .env files containing live API keys. Replaced hardcoded vLLM endpoint (spark-3171) with OpenAI-compatible defaults (gpt-4o-mini). Updated demo .env.example for contributor onboarding. Ref: devonartis/agentwrit#31
Switch from building broker from vendored Go source to pulling the official devonartis/agentwrit image from Docker Hub. This removes the Go toolchain dependency and ensures SDK tests run against the same image users deploy. - docker-compose.yml: build context → image: devonartis/agentwrit:latest - stack_up.sh: docker compose build → docker compose pull - Tracked: docker-compose, scripts, api.md, openapi.yaml - Removed: Go source (cmd/, internal/), Dockerfile, go.mod/sum, VENDOR.md, BACKLOG.md, mTLS/TLS compose files, internal docs Ref: devonartis/agentwrit#31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
devonartis/agentwritimage from Docker Hubdocker-compose.yml,scripts/,docs/api.md,docs/api/openapi.yamlcmd/,internal/),Dockerfile,go.mod/sum, mTLS/TLS compose, internal docsVerified
Test plan
./broker/scripts/stack_up.shpulls image and starts brokercurl http://localhost:8080/v1/healthreturns{"status":"ok"}uv run pytest tests/unit/— 99 passuv run pytest -m integration— pass against Docker Hub broker./broker/scripts/stack_down.shtears down cleanlyRef: devonartis/agentwrit#31