284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
398 lines
9.8 KiB
JSON
398 lines
9.8 KiB
JSON
[
|
|
{
|
|
"id": "F001",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Create packages/agent-tooling CE workspace package (build config, exports, added to npm workspaces)"
|
|
},
|
|
{
|
|
"id": "F002",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Move ChatApiRegistryEntry / registry schema types into agent-tooling (pure types)"
|
|
},
|
|
{
|
|
"id": "F003",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Move ranked search (searchRegistryEntries) into agent-tooling, dependency-free"
|
|
},
|
|
{
|
|
"id": "F004",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Add request-building module: registry entry + args -> {method, path, query, headers, body} with path-param substitution and read/mutation classification"
|
|
},
|
|
{
|
|
"id": "F005",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Tool surface"
|
|
],
|
|
"description": "Add the 3 meta-tool definition schemas (search_api_registry, search_business_data, call_api_endpoint) with edition-templated descriptions; drop finish_response"
|
|
},
|
|
{
|
|
"id": "F006",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Generalize registry generator to emit BOTH CE and EE registries from alga-openapi.ce.json / .ee.json"
|
|
},
|
|
{
|
|
"id": "F007",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Risks"
|
|
],
|
|
"description": "Re-point EE chat assistant (chatCompletionsService) to import registry/search/tool-defs from agent-tooling"
|
|
},
|
|
{
|
|
"id": "F008",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Keep temp-key-from-session dispatch in EE chat (not moved to the shared package); package exposes request-building only"
|
|
},
|
|
{
|
|
"id": "F009",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Add GET /api/v1/meta/mcp-registry returning the instance's edition registry (gzipped)"
|
|
},
|
|
{
|
|
"id": "F010",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Security"
|
|
],
|
|
"description": "Auth-guard the registry endpoint (requires valid API key; 401 without)"
|
|
},
|
|
{
|
|
"id": "F011",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Registry endpoint is edition-aware via isEnterpriseEdition() (serves CE or EE registry)"
|
|
},
|
|
{
|
|
"id": "F012",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Scaffold @alga/mcp-connector package: Node, @modelcontextprotocol/sdk StdioServerTransport, npx-runnable bin"
|
|
},
|
|
{
|
|
"id": "F013",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Connector config from ALGA_INSTANCE_URL + ALGA_API_TOKEN env vars; fail-fast with clear message if missing"
|
|
},
|
|
{
|
|
"id": "F014",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Connector startup: fetch registry from instance meta/mcp-registry, hold in memory; clear error on fetch failure"
|
|
},
|
|
{
|
|
"id": "F015",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Tool surface"
|
|
],
|
|
"description": "Implement search_api_registry tool -> in-memory ranked search over fetched registry"
|
|
},
|
|
{
|
|
"id": "F016",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Tool surface"
|
|
],
|
|
"description": "Implement search_business_data tool -> GET /api/v1/search with user token"
|
|
},
|
|
{
|
|
"id": "F017",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1",
|
|
"Tool surface"
|
|
],
|
|
"description": "Implement call_api_endpoint tool -> build request from registry entry + send to /api/v1 with user token"
|
|
},
|
|
{
|
|
"id": "F018",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Map API failures (4xx/5xx) to structured MCP tool errors (not thrown) so the model can recover"
|
|
},
|
|
{
|
|
"id": "F019",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1"
|
|
],
|
|
"description": "Clear 401 handling instructing the user to reconfigure their token"
|
|
},
|
|
{
|
|
"id": "F020",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Primary flows"
|
|
],
|
|
"description": "README + MCP client config snippets for Claude Desktop and Cursor"
|
|
},
|
|
{
|
|
"id": "F021",
|
|
"phase": 1,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 1 acceptance"
|
|
],
|
|
"description": "End-to-end: user drives AlgaPSA (list + read + simple mutation) from Claude Desktop under their own permissions"
|
|
},
|
|
{
|
|
"id": "F022",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "POST /api/mcp Streamable HTTP (JSON-RPC) endpoint, EE-gated. [DONE-MVP: JSON-RPC over POST; agent-tooling engine]"
|
|
},
|
|
{
|
|
"id": "F023",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Expose the 3 meta-tools over the remote transport reusing agent-tooling. [DONE-MVP; dispatch self-HTTP to /api/v1 under caller key \u2014 kernel dispatch is F031]"
|
|
},
|
|
{
|
|
"id": "F024",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Serve /.well-known/oauth-protected-resource (RFC 9728) advertising the tenant IdP as authorization_servers; 401 + WWW-Authenticate resource_metadata"
|
|
},
|
|
{
|
|
"id": "F025",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Validate IdP-issued bearer tokens (issuer/audience/resource-indicator/JWKS signature); map client/sub claim -> agent. No Alga authorization server"
|
|
},
|
|
{
|
|
"id": "F026",
|
|
"phase": 2,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "(DROPPED) Dynamic Client Registration \u2014 spec downgraded to optional; with IdP delegation, client registration happens at the tenant IdP, not Alga"
|
|
},
|
|
{
|
|
"id": "F027",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2",
|
|
"Architecture"
|
|
],
|
|
"description": "Extend AuthorizationSubject with agentId + subject type 'agent'"
|
|
},
|
|
{
|
|
"id": "F028",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Admin provisioning of agent identities per tenant (create/list/revoke)"
|
|
},
|
|
{
|
|
"id": "F029",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Resolve OAuth token -> agent subject per request"
|
|
},
|
|
{
|
|
"id": "F030",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Per-agent permission assignment reusing existing RBAC roles"
|
|
},
|
|
{
|
|
"id": "F031",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Remote dispatch through authz kernel under agent subject (reads auto-execute; mutations permission-gated)"
|
|
},
|
|
{
|
|
"id": "F032",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Audit every agent tool invocation to audit_logs (identity, tool, inputs, policy decision, result, timestamp)"
|
|
},
|
|
{
|
|
"id": "F033",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2"
|
|
],
|
|
"description": "Audit export of agent actions"
|
|
},
|
|
{
|
|
"id": "F034",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 2 acceptance"
|
|
],
|
|
"description": "End-to-end: admin stands up remote server, client connects over OAuth, actions attributable + audited"
|
|
},
|
|
{
|
|
"id": "F035",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Add agent subject type to kernel bundle/narrowing policy evaluation (agent-specific ABAC)"
|
|
},
|
|
{
|
|
"id": "F036",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Policy authoring for agents (which tools / resources / conditions)"
|
|
},
|
|
{
|
|
"id": "F037",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Approval holding queue: data model + persistence for gated mutations"
|
|
},
|
|
{
|
|
"id": "F038",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Approve/reject UI for held agent actions"
|
|
},
|
|
{
|
|
"id": "F039",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Timeout policy for held approvals"
|
|
},
|
|
{
|
|
"id": "F040",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3",
|
|
"Open questions"
|
|
],
|
|
"description": "DESIGN SPIKE (deferred): approval-resolution mechanism over Streamable HTTP request/response (pending_approval handle vs check_approval tool vs streamed result)"
|
|
},
|
|
{
|
|
"id": "F041",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "Per-agent and per-tenant quotas / rate limits extending enforceApiRateLimit; structured to feed metered usage later"
|
|
},
|
|
{
|
|
"id": "F042",
|
|
"phase": 2,
|
|
"implemented": true,
|
|
"prdRefs": [
|
|
"Phase 3"
|
|
],
|
|
"description": "(Phase 2 CORE) SSO-bound agent identity: agents.idp_subject binds an agent to a tenant-IdP client/subject \u2014 this IS the remote auth mechanism"
|
|
},
|
|
{
|
|
"id": "F043",
|
|
"phase": 3,
|
|
"implemented": false,
|
|
"prdRefs": [
|
|
"Phase 3 acceptance"
|
|
],
|
|
"description": "End-to-end: policy restricts agent to read-only billing + requires approval for bulk ticket close + exportable audit trail"
|
|
}
|
|
]
|