Release Notes v0.6.0¶
Release Date: June 2026
Highlights¶
- Interface-Based Servers: New
aauth/personserverandidjag/authzserverpackages with pluggable storage interfaces - SCIM Extensions: New
scimext/package for SCIM 2.0 agent and application management - Protocol Types: Comprehensive AAuth types for consent, mission, delegation, and attestation
- Architecture Refactor: Composition layer moved to plexusone/agentauth for cleaner separation
Breaking Changes¶
- Orchestration layer (
agentauth/) moved toplexusone/agentauth - Composition layer (cmd/, lambda/, examples with storage) moved to
plexusone/agentauth - Import path change:
github.com/plexusone/agentauthfor multi-protocol orchestration
New Features¶
Interface-Based Person Server (aauth/personserver/)¶
AAuth Person Server with pluggable storage for human-in-the-loop consent flows.
import "github.com/aistandardsio/agent-protocols/aauth/personserver"
// Implement your own storage
type MyStore struct { /* ... */ }
func (s *MyStore) GetUser(ctx context.Context, id string) (*personserver.User, error) { /* ... */ }
// ... other methods
server := personserver.New(myStore,
personserver.WithIssuer("https://auth.example.com"),
personserver.WithTokenTTL(time.Hour),
)
Features:
- Discovery endpoint:
/.well-known/aauth-configuration - Authorization flow: Consent request, polling, approval
- Token endpoint: OAuth 2.0 token exchange
- Admin endpoints: User and agent management
Interface-Based Authorization Server (idjag/authzserver/)¶
ID-JAG Authorization Server with pluggable storage for automated token exchange.
import "github.com/aistandardsio/agent-protocols/idjag/authzserver"
server := authzserver.New(myStore,
authzserver.WithIssuer("https://auth.example.com"),
authzserver.WithTokenTTL(time.Hour),
)
Features:
- Token exchange: RFC 8693 compliant
- JWT Bearer grant: RFC 7523 compliant
- Policy-based routing: Cedar policy support
- Token introspection: RFC 7662 compliant
SCIM Extensions (scimext/)¶
SCIM 2.0 extensions for AI agent management with OpenAPI-generated types.
import "github.com/aistandardsio/agent-protocols/scimext"
client := scimext.NewClient("https://scim.example.com",
scimext.WithToken("bearer-token"),
)
// List agents
agents, _ := client.Agents.List(ctx, scimext.ListOptions{Count: 10})
// Create application
app, _ := client.Applications.Create(ctx, scimext.CreateApplicationRequest{
Name: "My Agent App",
OAuth: &scimext.OAuthConfiguration{
GrantTypes: []string{"client_credentials"},
},
})
AAuth Protocol Types¶
Comprehensive type definitions for AAuth protocol operations:
- Consent: Request/response types for human approval flows
- Mission: Agent task tracking with status management
- Delegation: Agent-to-agent handoff support
- Attestation: Agent verification types
- Signing Modes: Adaptive signature support
Added¶
aauth/personserver/interface-based Person Server (f3fd5a3)idjag/authzserver/interface-based Authorization Server (bab2e18)scimext/SCIM 2.0 extensions for agents (fcae1bf)agentauth/unified authorization client (cf4304c)- AAuth consent, mission, delegation types (
934f438) - PersonServer unit tests (38 tests) (
6e0ddb0) - GitHub Actions CI workflow (
0bb5872) - golangci-lint configuration (
daf33da)
Refactored¶
- Composition layer moved to
plexusone/agentauth(3ff928d) - AgentAuth documentation moved to plexusone/agentauth (
2c9fe32)
Documentation¶
- Protocol documentation for scimext and agentauth (
9145e54) - ID-JAG MCP Enterprise-Managed Auth adoption guide (
713da66)
Dependencies¶
github.com/plexusone/omniobservev0.11.0 (6c661bf)
Migration Guide¶
For Users of Composition Layer¶
If you were using cmd/agentauth-server, lambda/, or storage implementations:
// Before (v0.5.0)
import "github.com/aistandardsio/agent-protocols/agentauth"
// After (v0.6.0)
import "github.com/plexusone/agentauth"
For Users of Protocol Types¶
No changes required. Protocol types remain in agent-protocols: