AGP Community Edition v0.0.13 (private test release)
Pre-release build for private testing. The first public release will be v0.1.0.
This release introduces the connectors plane — OAuth-backed MCP connectors
with managed credential lifecycle — and threads an end-to-end request id
through every service so a single action can be traced from the console (or
CLI) all the way to the backend MCP server.
Added
- Connectors: OAuth consent + managed credential lifecycle. A new service,
agp-connectors, ships in the release for the first time. It handles the
OAuth consent flow for MCP servers (e.g. Slack, Calendly, or your own) and
owns the resulting credentials. Tools registered with the new CONNECTOR
auth type carry no static secret: at tool-call time the proxy asks
agp-connectorsto mint a short-lived runtime credential scoped to the
agent and decision context, so agents never hold provider tokens. Connectors
follow a clear lifecycle — connect, disconnect (purges token material),
reconnect-in-place, and remove. agp connectorscommand group. Manage the whole lifecycle from the CLI:
add(register a connector and start OAuth consent),list/get,
list-connections,disconnect/revoke,remove,reconnect, and
discovery-token(mint a short-lived token to discover a connector's tools).
Shell completions cover the new commands automatically.- Dynamic Client Registration (RFC 7591). Connectors can register an OAuth
client dynamically with the provider instead of requiring a pre-provisioned
client_id/client_secret.agp connectors add --dcr(or
--registration-mode dynamic) drives it, with optional DCR client metadata
(--client-name,--logo-uri,--contacts, …); preregistered clients
continue to work unchanged. - Connectors in the console. The admin console gains a Connectors page
(card layout) to register connectors, walk the consent flow, and view
connection status and granted scopes. - End-to-end request tracing (
X-AGP-Request-ID). Every request is tagged
with a single id that propagates across all hops — the console and CLI
originate one, and it flows through the BFF, every service (HTTP and gRPC),
the proxy, and on to the backend MCP server. The id is echoed on responses,
recorded on audit events, and queryable, so one console click can be traced
through the whole flow.agp --verbose <cmd>prints the id it used. - Access-log header dump (off by default). Each service supports
ACCESS_LOG_INCLUDE_HEADERS=trueto include redacted request and response
headers in its access log, for debugging. Sensitive headers (Authorization,
Cookie,Set-Cookie,X-Admin-Token, …) are masked. Default is off.
Changed
- Registry: CONNECTOR-backed tools. Tools can now declare
auth_type: CONNECTORwith aconnector_nameandconnector_scopesinstead of a static
auth_header/auth_value; the registry stores the binding and the proxy
resolves the credential at call time (see Connectors above). Adds a SQL
migration framework with connector-auth migrations for both SQLite and
Postgres. - Canonical request-id header. Services that previously emitted
X-Request-Id(e.g. identity, registry) now use the canonical
X-AGP-Request-IDend to end. - Proxy: quieter logs — routine
tools/listpolls are no longer logged.
MCP clients and bridge agents calltools/listconstantly; a successful one
now emits neither aninvocationnor anaccess_logline, so proxy logs stay
focused on real activity (tools/calland everything else is still fully
logged, and a denied/erroredtools/liststill logs). This applies to every
caller, including a manualagp ... tools list.
Changed components vs v0.0.12: all of them. A new shared module
(agp-shared, carrying the request-id and access-log middleware) underpins the
tracing work, and every service plus agp-cli, agp-admin-ui, and the new
agp-connectors carry commits in this release.
Upgrading from v0.0.12
v0.0.13 adds a new service (connectors). Existing installs:
agp fetch all # installs the new agp-connectors binary alongside the rest
agp init # idempotent — seeds the new connectors env file without
# touching your config.yaml or existing service envs
agp restart allTo update the CLI binary itself:
agp updateYour current ports, console URL, and credentials are preserved — agp init
never rewrites config.yaml and only adds the missing connectors env.
Install
- macOS / Linux:
curl -fsSL https://raw.githubusercontent.com/getraksha/agp/main/install.sh | sh - Windows (PowerShell):
irm https://raw.githubusercontent.com/getraksha/agp/main/install.ps1 | iex
Then agp init · agp fetch all · agp start all · agp setup --agent-id my-agent --client claude-desktop.
Platforms
macOS (arm64, amd64) · Linux (amd64, arm64) · Windows (amd64, arm64)
Verify
All assets are listed with SHA-256 checksums in SHA256SUMS and manifest.json; the CLI and install scripts verify checksums automatically.