Skip to content

Releases: getraksha/agp

AGP Community Edition v0.0.13

Choose a tag to compare

@getraksha-ops getraksha-ops released this 30 Jun 21:06

AGP Community Edition v0.0.13 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

This release introduces the connectors plane — OAuth-backed MCP connectors
with managed credential lifecycle — and threads an end-to-end request id
through every service so a single action can be traced from the console (or
CLI) all the way to the backend MCP server.

Added

  • Connectors: OAuth consent + managed credential lifecycle. A new service,
    agp-connectors, ships in the release for the first time. It handles the
    OAuth consent flow for MCP servers (e.g. Slack, Calendly, or your own) and
    owns the resulting credentials. Tools registered with the new CONNECTOR
    auth type carry no static secret: at tool-call time the proxy asks
    agp-connectors to mint a short-lived runtime credential scoped to the
    agent and decision context, so agents never hold provider tokens. Connectors
    follow a clear lifecycle — connect, disconnect (purges token material),
    reconnect-in-place, and remove.
  • agp connectors command group. Manage the whole lifecycle from the CLI:
    add (register a connector and start OAuth consent), list / get,
    list-connections, disconnect / revoke, remove, reconnect, and
    discovery-token (mint a short-lived token to discover a connector's tools).
    Shell completions cover the new commands automatically.
  • Dynamic Client Registration (RFC 7591). Connectors can register an OAuth
    client dynamically with the provider instead of requiring a pre-provisioned
    client_id/client_secret. agp connectors add --dcr (or
    --registration-mode dynamic) drives it, with optional DCR client metadata
    (--client-name, --logo-uri, --contacts, …); preregistered clients
    continue to work unchanged.
  • Connectors in the console. The admin console gains a Connectors page
    (card layout) to register connectors, walk the consent flow, and view
    connection status and granted scopes.
  • End-to-end request tracing (X-AGP-Request-ID). Every request is tagged
    with a single id that propagates across all hops — the console and CLI
    originate one, and it flows through the BFF, every service (HTTP and gRPC),
    the proxy, and on to the backend MCP server. The id is echoed on responses,
    recorded on audit events, and queryable, so one console click can be traced
    through the whole flow. agp --verbose <cmd> prints the id it used.
  • Access-log header dump (off by default). Each service supports
    ACCESS_LOG_INCLUDE_HEADERS=true to include redacted request and response
    headers in its access log, for debugging. Sensitive headers (Authorization,
    Cookie, Set-Cookie, X-Admin-Token, …) are masked. Default is off.

Changed

  • Registry: CONNECTOR-backed tools. Tools can now declare auth_type: CONNECTOR with a connector_name and connector_scopes instead of a static
    auth_header/auth_value; the registry stores the binding and the proxy
    resolves the credential at call time (see Connectors above). Adds a SQL
    migration framework with connector-auth migrations for both SQLite and
    Postgres.
  • Canonical request-id header. Services that previously emitted
    X-Request-Id (e.g. identity, registry) now use the canonical
    X-AGP-Request-ID end to end.
  • Proxy: quieter logs — routine tools/list polls are no longer logged.
    MCP clients and bridge agents call tools/list constantly; a successful one
    now emits neither an invocation nor an access_log line, so proxy logs stay
    focused on real activity (tools/call and everything else is still fully
    logged, and a denied/errored tools/list still logs). This applies to every
    caller, including a manual agp ... tools list.

Changed components vs v0.0.12: all of them. A new shared module
(agp-shared, carrying the request-id and access-log middleware) underpins the
tracing work, and every service plus agp-cli, agp-admin-ui, and the new
agp-connectors carry commits in this release.

Upgrading from v0.0.12

v0.0.13 adds a new service (connectors). Existing installs:

agp fetch all       # installs the new agp-connectors binary alongside the rest
agp init            # idempotent — seeds the new connectors env file without
                    # touching your config.yaml or existing service envs
agp restart all

To update the CLI binary itself:

agp update

Your current ports, console URL, and credentials are preserved — agp init
never rewrites config.yaml and only adds the missing connectors env.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.12

Choose a tag to compare

@getraksha-ops getraksha-ops released this 21 Jun 02:50

AGP Community Edition v0.0.12 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Added

  • agp update — self-update the CLI. agp fetch installs the service
    binaries but never the CLI itself, so until now upgrading agp meant re-running
    the installer. agp update downloads the latest CLI release, verifies its
    SHA-256, smoke-tests that it runs, then atomically swaps it in — keeping the
    previous binary until the new one is validated and in place. It refuses to
    downgrade (--version vX.Y.Z for an explicit/rollback install; --check to
    only report availability). Not yet available on Windows — re-run install.ps1
    there. (Note: agp update works from v0.0.12 onward; users on v0.0.11 or
    earlier update the CLI once via the installer to pick it up.)

Changed

  • Out-of-the-box default ports. Fresh installs now bind the quiet
    27860–27868 (HTTP) / 27880–27885 (gRPC) range instead of common dev ports,
    so agp init + agp start work without conflicts on a typical machine. The
    console moves to http://localhost:27868 on new installs. agp init writes
    every service's listeners and its dependencies' addresses and the CLI
    profile endpoints from one computed topology, so they stay consistent — edit a
    port in one ~/.agp/services/<service>.env and agp restart it, or
    agp init --force to re-render every .env from defaults (keeps a .bak;
    secrets are never regenerated).
  • CLI config hardening. The CLI config (config.yaml) is now parsed with a
    standard YAML library and is created once by agp init and never overwritten
    by agp — not even with --force — because it accrues your agents and
    credentials over time. A config that exists but won't parse now produces a
    clear warning instead of silent misbehavior. JSON output is pretty-printed by
    default (--no-pretty for compact).
  • agp identity delete-agent permanently deletes an agent rather than
    decommissioning it.

Fixed

  • Identity: agent list filters. SQLite list-agents bound its filter
    arguments before pagination, so --status and --team-id filters now match
    the generated placeholders and return the correct rows.

Changed components vs v0.0.11: agp-cli (agp update, default ports, config
hardening, delete-agent) and agp-identity (the list-filter fix). All other
components carry the same commits as v0.0.11.

Upgrading from v0.0.11

agp fetch all
agp restart all

To update the CLI binary itself, re-run the installer (the agp update command
ships in this release, so v0.0.11 users pick it up on the next upgrade):

curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh   # macOS/Linux

From v0.0.12 onward, agp update does this for you.

Existing installs are not disrupted: agp init is idempotent and never
rewrites your config.yaml, so your current ports and console URL stay as they
are. The new 27860+ defaults apply only to fresh installs.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.11

Choose a tag to compare

@getraksha-ops getraksha-ops released this 19 Jun 18:48

AGP Community Edition v0.0.11 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Fixed

  • Windows: policy no longer denies every tool call. On Windows the policy
    engine loaded its bundle from an absolute temp directory, and OPA's directory
    data-mounting silently failed for an absolute path — leaving the tool
    classification data unmounted, so every governed tool was denied with
    "No matching policy" even when registered and granted. The engine now reads
    the bundle's .rego modules and data.json files directly and serves the data
    from an in-memory store, which behaves identically on macOS, Linux, and
    Windows. The bundle also degrades gracefully (missing data = "no overrides"
    rather than a blanket deny), and the engine now fails to start loudly if a
    plain read tool does not classify — so this can never ship silently again.

Changed

  • Uniform /health contract and version stamping across identity, registry,
    behavior-profile, audit, approval, proxy, the shared proto, and the CLI:
    services report their build version on /health/live, surfaced by
    agp status.

Changed components vs v0.0.10: agp-policy (the Windows fix) plus the health/version
work above. agp-admin-ui, agp-shared, and agp-mcp-servers carry the same
commits as v0.0.10.

Upgrading from v0.0.10

agp fetch all       # macOS/Linux
agp restart all

On Windows: agp fetch all then agp restart all. Windows users on v0.0.10
should upgrade — this release is what makes governed tool calls work there.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.10

Choose a tag to compare

@getraksha-ops getraksha-ops released this 17 Jun 20:24

AGP Community Edition v0.0.10 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

New since v0.0.9

  • Grant a whole server's tools to a profile in one step. From the Tools page, search by server alias, tick the tools (or the select-all header), and click Grant to profile — every selected tool is added to a behavior profile's operating envelope in a single action, with a reason recorded in the audit log. Same select-then-act flow as Rotate credentials / Deprecate / Yank. Granting is additive and idempotent (re-granting an already-allowed tool is a no-op).
  • Searchable, pattern-aware grant modal. On Behavior Profiles → profile → Grant tools, a new filter box narrows the available tools by name or server alias — which also surfaces tools the old unfiltered picker could hide behind its result cap. The add box now accepts a regex: typing ^daily-assistant.* selects every matching tool at once, while a plain name still adds a single tool.

Changed

Changed: agp-admin-ui (console only). All other components carry the same commits as v0.0.9.

Upgrading from v0.0.9

agp fetch all       # macOS/Linux
agp restart all

Only the admin console changed this release, so the agp CLI itself does not need re-installing. On Windows, agp fetch all then agp restart all.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.9

Choose a tag to compare

@getraksha-ops getraksha-ops released this 17 Jun 06:10

AGP Community Edition v0.0.9 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

New since v0.0.8

  • Every service now reports its version. agp status shows the running version of each service, and a new agp version command prints the CLI version alongside a service→version table — read live from each service's /health/live. Each service's health endpoints (/health/live and /health/ready) now carry service and version on a uniform contract, so version skew across a running stack is obvious at a glance. A service built from source or running an older build reports dev/- rather than failing the command.

Fixed since v0.0.8

  • Denied requests are now attributable to the agent. When a bridge presented an expired, stale, or revoked token, the Proxy logged the denial with an empty agent_id — so you couldn't tell which agent's bridge was failing without lsof. The Identity service now returns the identity the rejected token claimed, and the Proxy records it on the denial (both the access log and the audit event). These values are clearly scoped to the denied request and are never used for authorization — attribution only.
  • Orphaned bridges no longer linger. When an MCP client (Codex, Claude Desktop) exits without cleanly closing the bridge's stdio, the bridge could keep running for hours and quietly retry against the Proxy. Bridges now detect that their launching parent has gone away and exit on their own, in addition to the existing clean-disconnect (stdin EOF) path.
  • Bridges recover from token invalidation. A bridge whose token went stale or expired (for example after an agent was suspended and reactivated) could keep retrying the dead token until its next scheduled refresh (~15 min). The bridge's tools/list watcher now refreshes on a 401 and recovers on the next poll, matching the request-forwarding path — so a recoverable token heals in seconds, not minutes.
  • Quieter logs. The bridge's tools/list change-detection poll dropped from every 15s to every 60s, cutting routine Proxy log volume from idle bridges.

Changed: all components (every service stamps its version). The denial-attribution and bridge fixes additionally touch agp-identity, agp-proxy, and the agp CLI.

Upgrading from v0.0.8

agp fetch all       # macOS/Linux
agp restart all

The bridge fixes (orphan exit, token recovery, quieter polling) and agp version ship in the agp CLI itself, so re-install the CLI to pick them up:

curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh   # macOS/Linux

On Windows, agp fetch all then agp restart all (re-install the CLI for the latest agp binary: irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex).

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.8

Choose a tag to compare

@getraksha-ops getraksha-ops released this 15 Jun 01:09

AGP Community Edition v0.0.8 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

New since v0.0.7

  • Rotate backend credentials from the console — no re-registration. When a tool's backend token expires or is rotated (e.g. a GitHub PAT), you can now refresh it in place: Tools → filter by server alias → select the tools → Rotate credentials, paste the new secret. The credential is replaced on each tool's current version (schema, backend URL, and version are unchanged), and the Proxy picks it up on the next call — no restart. Same select-then-act flow as bulk yank/deprecate. The new secret is write-only in the UI and is never echoed or logged; each rotation emits a tool.credential_rotated audit event (auth type only).

Fixed since v0.0.7

  • More real-world MCP tools now register. Schema validation was too strict and rejected valid tools whose input schemas use nullable type arrays (["string","null"]), typeless enum / oneOf / $ref properties, or an empty inputSchema (parameterless tools). These now register correctly. AGP is a governance layer, not the schema authority — a false rejection is fail-closed (the tool is never reachable), so over-strict checks only kept legitimate tools (e.g. GitHub's run_secret_scanning) from being governed. Bare-scalar properties and non-object inputSchema.type are still rejected.
  • agp stop registry reported "killed" instead of "stopped". The Registry's long-lived watch streams to the Proxy blocked graceful shutdown past the supervisor's grace window, so it was force-killed. The Registry now shuts those streams promptly and exits cleanly. agp stop / agp restart report "stopped".

Changed: agp-registry and agp-admin-ui; all other components carry the same commits as v0.0.7.

Upgrading from v0.0.7

agp fetch all       # macOS/Linux
agp restart all

On Windows, agp fetch all then agp restart all (re-install the CLI only if you want the latest agp binary: irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex).

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.7

Choose a tag to compare

@getraksha-ops getraksha-ops released this 14 Jun 13:55

AGP Community Edition v0.0.7 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Fixed since v0.0.6

  • Windows: agp stop failed with "TerminateProcess: Access is denied." Go's os.FindProcess on Windows opens a process handle without PROCESS_TERMINATE rights, so os.Process.Kill() was denied even for your own services. The supervisor now stops Windows services with taskkill /F /T (terminates by PID using your own rights, and stops any child processes a service spawned). agp stop / agp restart work on Windows.

Changed: agp-cli only; all other components carry the same commits as v0.0.6.

Upgrading from v0.0.6

agp fetch all       # macOS/Linux
agp restart all

On Windows, re-install the CLI (irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex), then agp fetch all and agp restart all.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.

AGP Community Edition v0.0.6

Choose a tag to compare

@getraksha-ops getraksha-ops released this 14 Jun 02:18

AGP Community Edition v0.0.6 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Fixed since v0.0.5

  • Windows: services failed to start with a SQLite migration error. Identity and Registry built a sqlite:// + path URL for the schema migrator. A Windows DB path (C:\Users\...\agp-identity.db) is not a valid URL authority, so the URL parser rejected it ("invalid port after host") and migrations failed — even though the database connection itself opened fine. Both services now run migrations against the already-open connection (no URL parsing), matching how the other services already worked. Windows installs reach a running stack.

Changed: agp-identity, agp-registry. The other DB services (audit, approval, behavior-profile) were already using the connection-based migrator and gained regression tests.

Upgrading from v0.0.5

agp fetch all
agp restart all

Install (testers, macOS/Linux)

curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
agp init
agp fetch all
agp start all
agp setup --agent-id my-agent --client claude-desktop

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64 — experimental)

Windows is still experimental and not yet exercised end-to-end in CI, but this release clears the first blocker to a working stack on Windows.

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install script verify checksums automatically.

AGP Community Edition v0.0.5

Choose a tag to compare

@getraksha-ops getraksha-ops released this 13 Jun 17:48

AGP Community Edition v0.0.5 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Changed since v0.0.4

  • Slow tool calls no longer time out at the bridge. AGP Connect (the stdio bridge) forwarded tool calls with a 10-second client timeout — shorter than the proxy's own backend budget — so any tool that took longer than 10s failed with NETWORK_ERROR: context deadline exceeded even though the proxy completed it. The bridge now uses a 120-second forward timeout (configurable via AGP_BRIDGE_REQUEST_TIMEOUT_SECONDS), comfortably above the proxy's backend budget, so the proxy stays the authority on tool duration and slow tools (searches, LLM-backed tools, etc.) complete normally. Token issuance and tools/list polling keep their own short timeouts.

Only agp-cli changed; all other components carry the same commits as v0.0.4.

Upgrading from v0.0.4

agp fetch all
agp restart all

Re-run agp connect <client> is not required — but restart the MCP client (Claude Desktop, Codex, etc.) so it respawns the updated bridge.

Install (testers, macOS/Linux)

curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
agp init
agp fetch all
agp start all
agp setup --agent-id my-agent --client claude-desktop

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64 — experimental)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install script verify checksums automatically.

AGP Community Edition v0.0.4

Choose a tag to compare

@getraksha-ops getraksha-ops released this 13 Jun 05:48

AGP Community Edition v0.0.4 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

Changed since v0.0.3

  • Tool discovery now reaches public MCP servers by default. DISCOVERY_BACKEND_HOST_ALLOWLIST defaults to * (allow any host) so you can connect the MCP servers you already use — GitHub, gitmcp.io, and others — without configuration. Cloud-metadata and link-local addresses (e.g. 169.254.169.254, metadata.google.internal) remain blocked as an SSRF safeguard; loopback and private/LAN hosts stay reachable for local and Docker MCP servers. Set an explicit comma-separated host list to harden a shared deployment; an empty value denies all discovery.

Upgrading from v0.0.3

agp fetch all
agp init --force      # re-renders service config to the new defaults (keeps .bak)
agp restart all

agp init --force is needed so the registry picks up the new DISCOVERY_BACKEND_HOST_ALLOWLIST=* default; an existing config file's explicit value overrides the binary default. (Or edit ~/.agp/services/registry.env and agp restart registry.)

Install (testers, macOS/Linux)

curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
agp init
agp fetch all
agp start all
agp setup --agent-id my-agent --client claude-desktop

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64 — experimental)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install script verify checksums automatically.