You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Well-known endpoint renamed from aauth-issuer.json to aauth-person.json (aligns with AAuth protocol spec distinction between Person Server and Access Server)
Removed pseudonym and identity requirement levels from AAuth-Requirement header (moved to HTTP Signature Keys spec)
New Features
AAuth-Capabilities header — agents declare protocol capabilities (interaction, clarification, payment) via capabilities option on createAAuthFetch/createSignedFetch
AAuth-Mission header — agents signal mission context via mission option on createAAuthFetch/createSignedFetch; server-side parseMissionHeader() feeds directly into createResourceToken
AAuth-Access header (two-party mode) — createAAuthFetch automatically caches opaque access tokens from AAuth-Access response headers and sends them as Authorization: Bearer on subsequent requests; server-side buildAAuthAccessHeader() for setting the header
Other
Fixed spec link in README (DickHardt/draft-hardt-aauth → DickHardt/AAuth)
Fixed JWT type names in README (agent+jwt → aa-agent+jwt, etc.)
Updated mcp-agent and mcp-server READMEs with current API documentation
Added Protocol Support section noting call chaining and AS federation are not yet implemented
