Changelog
Release history
Every release of the AGF Authorization Service — new features, API changes, and fixes.
NewImprovedFixAPISDKSecurity
v0.5.0
Outbound webhooks, JIT credentials, analytics dashboard, access review automation, and Python SDK with LangChain + CrewAI adapters.
- Outbound webhooks — subscribe to decision, approval, and quota events via HMAC-signed HTTP POST. Up to 60 events/min per org.NewAPI
- JIT (just-in-time) credentials — issue ephemeral API keys for agents that expire after a configurable TTL. Keys auto-cleaned by scheduler.NewAPI
- Analytics dashboard — 30-day decision volume chart, outcome breakdown, top agents table, policy effectiveness, and behavior alerts.New
- Behavior detection — scheduler scans audit artifacts every 5 minutes for 4 threat patterns: data exfiltration, privilege escalation, resource hijacking, lateral movement.New
- Access review automation — daily reminders for agents with recertification due in 7 days. Dashboard shows current / due soon / overdue status with one-click recertify.New
- Python SDK (agf-sdk) — AgentGovernance facade, async AGFClient, LangChain gate tool + AGFGuardedTool adapter, CrewAI adapter, webhook signature verification.NewSDK
- TypeScript SDK expanded — webhooks, JIT credentials, analytics, access reviews, and behavior alerts resources added to AGFClient.ImprovedSDK
- Scheduler thread bug fix — all APScheduler jobs now use run_coroutine_threadsafe instead of ensure_future, fixing RuntimeError on first fire.Fix
v0.4.0
Human-in-the-loop approvals, tier rename, background scheduler, feature gating, config hardening, and audit isolation.
- HITL approval workflow — REVIEW_REQUIRED decisions create pending approval requests. Dashboard shows pending / approved / denied tabs with inline approve/deny + comments.New
- Approval timeout scheduler — pending requests expire after configurable timeout_seconds. Runs every 5 minutes.New
- Tier rename — basic → starter, growth → growth (unchanged), enterprise unchanged. Quota defaults updated: starter 2,000/mo, growth 15,000/mo.ImprovedAPI
- Feature gating — require_tier() dependency factory gates features by plan. Growth required for suspend/retire, policy CRUD, webhooks, JIT. Enterprise required for compliance and federation.NewAPI
- Background scheduler — APScheduler AsyncIOScheduler wired into app lifespan. Jobs: overage_report and audit_cleanup. Configurable via admin Configuration → Scheduler tab.New
- Audit store per-org isolation — FileAuditStore writes to decisions/{org_id}/YYYY/MM/DD/. Backward-compatible with flat-path artifacts.Improved
- AGF_VERIFIER_ID, ALLOWED_ORIGINS, GIT_AUTHOR_NAME/EMAIL env vars added for deployment hardening.Improved
- Policy VCS — activate policy now requires pr_status='merged' when VCS is enabled.ImprovedAPI
v0.3.0
Policy VCS with PR workflow, runbooks, metering and quota system, billing integration, and email notifications.
- Policy version control — policies tracked in a git repo. PR workflow: open, merge, reject. Diff endpoint compares any two SHAs.NewAPI
- Runbooks — define multi-step automated responses to events. CRUD + manual trigger + execution history.NewAPI
- Quota metering — per-org decision quotas with tier defaults. Enforcement at /v1/decide with 429 + Retry-After when over limit.New
- Quota headers — X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset on every 200 response.NewAPI
- Stripe billing integration — subscription lifecycle webhooks, metered overage reporting, provider-switchable (stripe / manual / disabled).New
- Welcome and quota warning emails — fire-and-forget after registration and at 80% / 100% quota threshold crossings.New
- Usage dashboard — QuotaBar, overage banner, history table with Limit and Overage columns.New
- Onboarding checklist on dashboard home — 4-step progress tracker that disappears when complete.New
v0.2.0
Admin panel, platform metrics, org impersonation, key rotation UI, federation layer, and security hardening.
- Admin panel — separate app at admin.agentgovernancefoundation.com. Pages: Overview, Organizations, Users, Admin Users, Metrics, Security, Configuration, Contact inbox.New
- Org impersonation — admin can open a 15-min impersonation session in the dashboard. Amber banner shown during session.New
- Platform key rotation UI — admin can view Ed25519 key fingerprint, rotate the platform key, and record JWT rotation from the Security page.New
- Federation layer — org registry (DID resolution), peering invitations, accept/reject flow, cross-org policy evaluation.NewAPI
- HybridKeyResolver — resolves keys from local PEM store or remote org registry. Pluggable via KEY_RESOLVER_BACKEND env var.New
- Security hardening — HttpOnly cookie auth flow, AuthProvider + useAuthToken() hook across all 21 client components, CSP headers, HSTS.Security
- Rate limiting tightened — per-endpoint limits: decide 120/min (per-org), auth 5/min, register 30/min, billing 5–10/min.Security
- Per-endpoint slowapi limits added to all sensitive routes.Security
v0.1.0
Initial release — PDP, agent identity, delegation chains, trust scoring, audit artifacts, compliance reports, and multi-tenant dashboard.
- POST /v1/decide — real-time policy decisions with trust scoring, risk evaluation, and signed audit artifacts.NewAPI
- Agent identity — DID-based agent registration with Ed25519 key upload. Agents have persistent root identity across invocations.NewAPI
- Delegation chains — JWT chain evaluation. Each hop is verified; chain depth is tracked in audit artifacts.NewAPI
- OPA policy engine — Rego policy evaluation. Policies versioned, activatable. Python fallback engine available.New
- Compliance reports — NIST AI RMF, EU AI Act, and ISO 42001 coverage. Exportable via dashboard and API.NewAPI
- Multi-tenant — organizations, users, team invites, role-based access (admin / member). Per-org API keys.New
- Dashboard — 25-page Next.js app. Agents, policies, audit log, compliance, delegations, team, usage, settings.New
- TypeScript SDK (@agf/sdk) — AGFClient with decide, agents, and audit resources.NewSDK
- Deployment files — nginx virtual host, systemd service units, .env.example for all settings.New

