Skip to content

AGP Community Edition v0.0.13

Latest

Choose a tag to compare

@getraksha-ops getraksha-ops released this 30 Jun 21:06

AGP Community Edition v0.0.13 (private test release)

Pre-release build for private testing. The first public release will be v0.1.0.

This release introduces the connectors plane — OAuth-backed MCP connectors
with managed credential lifecycle — and threads an end-to-end request id
through every service so a single action can be traced from the console (or
CLI) all the way to the backend MCP server.

Added

  • Connectors: OAuth consent + managed credential lifecycle. A new service,
    agp-connectors, ships in the release for the first time. It handles the
    OAuth consent flow for MCP servers (e.g. Slack, Calendly, or your own) and
    owns the resulting credentials. Tools registered with the new CONNECTOR
    auth type carry no static secret: at tool-call time the proxy asks
    agp-connectors to mint a short-lived runtime credential scoped to the
    agent and decision context, so agents never hold provider tokens. Connectors
    follow a clear lifecycle — connect, disconnect (purges token material),
    reconnect-in-place, and remove.
  • agp connectors command group. Manage the whole lifecycle from the CLI:
    add (register a connector and start OAuth consent), list / get,
    list-connections, disconnect / revoke, remove, reconnect, and
    discovery-token (mint a short-lived token to discover a connector's tools).
    Shell completions cover the new commands automatically.
  • Dynamic Client Registration (RFC 7591). Connectors can register an OAuth
    client dynamically with the provider instead of requiring a pre-provisioned
    client_id/client_secret. agp connectors add --dcr (or
    --registration-mode dynamic) drives it, with optional DCR client metadata
    (--client-name, --logo-uri, --contacts, …); preregistered clients
    continue to work unchanged.
  • Connectors in the console. The admin console gains a Connectors page
    (card layout) to register connectors, walk the consent flow, and view
    connection status and granted scopes.
  • End-to-end request tracing (X-AGP-Request-ID). Every request is tagged
    with a single id that propagates across all hops — the console and CLI
    originate one, and it flows through the BFF, every service (HTTP and gRPC),
    the proxy, and on to the backend MCP server. The id is echoed on responses,
    recorded on audit events, and queryable, so one console click can be traced
    through the whole flow. agp --verbose <cmd> prints the id it used.
  • Access-log header dump (off by default). Each service supports
    ACCESS_LOG_INCLUDE_HEADERS=true to include redacted request and response
    headers in its access log, for debugging. Sensitive headers (Authorization,
    Cookie, Set-Cookie, X-Admin-Token, …) are masked. Default is off.

Changed

  • Registry: CONNECTOR-backed tools. Tools can now declare auth_type: CONNECTOR with a connector_name and connector_scopes instead of a static
    auth_header/auth_value; the registry stores the binding and the proxy
    resolves the credential at call time (see Connectors above). Adds a SQL
    migration framework with connector-auth migrations for both SQLite and
    Postgres.
  • Canonical request-id header. Services that previously emitted
    X-Request-Id (e.g. identity, registry) now use the canonical
    X-AGP-Request-ID end to end.
  • Proxy: quieter logs — routine tools/list polls are no longer logged.
    MCP clients and bridge agents call tools/list constantly; a successful one
    now emits neither an invocation nor an access_log line, so proxy logs stay
    focused on real activity (tools/call and everything else is still fully
    logged, and a denied/errored tools/list still logs). This applies to every
    caller, including a manual agp ... tools list.

Changed components vs v0.0.12: all of them. A new shared module
(agp-shared, carrying the request-id and access-log middleware) underpins the
tracing work, and every service plus agp-cli, agp-admin-ui, and the new
agp-connectors carry commits in this release.

Upgrading from v0.0.12

v0.0.13 adds a new service (connectors). Existing installs:

agp fetch all       # installs the new agp-connectors binary alongside the rest
agp init            # idempotent — seeds the new connectors env file without
                    # touching your config.yaml or existing service envs
agp restart all

To update the CLI binary itself:

agp update

Your current ports, console URL, and credentials are preserved — agp init
never rewrites config.yaml and only adds the missing connectors env.

Install

  • macOS / Linux: curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh
  • Windows (PowerShell): irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex

Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.

Platforms

macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)

Verify

All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.