Changelog · newest first

What shipped, when.

Permanent record of every public release. The homepage’s “Just shipped” panel covers the most recent week; this page is the durable archive of everything before that.

Jun 9, 2026

PROTOCOL

AgentPKI Provenance Phases 2-7 — full stack live

Six phases shipped in a single sprint. (2) provenance.agentpki.dev reference Worker: POST /v1/sign-demo mints + signs, POST /v1/verify confirms signature+content hash+passport walk-back, POST /v1/verify-header parses Content-Provenance header. (3) @agentpki/sdk@0.3.0-alpha.1 ships a `provenance.*` namespace — `signContent`, `verifyContent`, `parseProvenanceHeader`, `buildProvenanceHeader`. (4) agentpki@0.5.0 CLI adds `agentpki provenance sign/verify/verify-header/transformations`, auto-detects content-type from extension, writes .c2pa.json sidecars. (5) /provenance Explorer — paste content + manifest (or header), live verification round-trip. (6) Vercel AI SDK middleware + MCP server adapter reference files. (7) Browser-extension detector with meta/comment/header scanning. Tampering test: end-to-end verify of `# hello → # tampered` correctly fails content_hash_mismatch.

PROTOCOL

AgentPKI Provenance v0.1 — agent-signed C2PA content (draft)

New product line. 16-section spec at /spec/provenance-v0.1 adding an `agentpki.declaration` C2PA assertion that binds a passport-signed agent identity to a content hash. Covers signing flow + verification flow (7 + 5 steps), content binding for text/code/JSON/JSONL (sidecar + inline-comment + JSONL-header), HTTP `Content-Provenance` response header for streaming, multi-agent provenance chains (generated → edited → reviewed), X.509 bridging certificates for C2PA interop, and bridges to C2PA / IETF AIP / Vercel AI SDK / MCP. Phase 1 of 7 — Phases 2 (reference verifier), 3 (SDK), 4 (CLI), 5 (Provenance Explorer), 6 (Vercel/MCP adapters), 7 (browser extension) ship Q3–Q4 2026.

Jun 8, 2026

SDK

v0.3-intent Phase 5 — SDK + CLI intent helpers (agentpki@0.4.0)

@agentpki/sdk: `PassportPayload.intent?: string[]` and FailureReason `"intent_denied"` added to types. CLI: `agentpki intent declare --intents=A,B [--site=X]` mints with intent + verifies; `agentpki intent verify <token> --site=X` runs intent_check; `agentpki intent audit [--site=X] [--verify-chain]` queries the public log and re-verifies the SHA-256 hash chain locally (RFC 8785-lite canonical JSON, exit 1 on broken chain — the witness primitive); `agentpki intent checkpoint` prints head. This is the agent-side half of §6.5 — anyone can run the audit subcommand and prove the log hasn't been tampered with since they last checked.

PROTOCOL

v0.3-intent Phase 4 — public hash-chained audit log

Verifier now writes every intent_check verify call to an append-only KV-backed ledger. Each entry binds (agent_id, issuer, jti, site, intent[], verdict, intent_overall) and a prev_hash that chains back to its predecessor (SHA-256 of canonical JSON, RFC 8785-lite). Genesis hash is 64 zeros. New endpoints: GET /v1/intent-log?after=&limit= returns entries (max 1000/page); GET /v1/intent-log/checkpoint returns the head hash anchor. Witnesses can mirror, recompute, and prove integrity. Public viewer at /intent-log auto-refreshes every 10s. Privacy §6.6 enforced — no tokens, no body sha, no IPs, no user-agents.

PAGE

v0.3-intent Phase 3 — interactive Policy Builder

New /policy-builder lets any site author its v0.3 intent policy without writing JSON. Each canonical intent has a cycle-button (untouched → allow → throttle → deny) with optional rpm / daily / require_attestation / min_tier extras. Live preview pane runs §4.5 match locally against a test intent — see "purchase → deny" or "monitor → allow rate=60rpm" instantly. Copy / download the generated JSON. Hosting instructions for Cloudflare Pages, Nginx, anywhere static. Custom x-* extensions supported.

PROTOCOL

v0.3-intent Phase 2 — verifier implementation live

Verifier now parses the `intent` claim, fetches /.well-known/agentpki-intent-policy.json (KV-cached 5 min), computes per-intent disposition (allow / deny / throttle / require_attestation / no_policy / unmatched), and returns `intent_match` in the /v1/verify response. Demo issuer can mint with `?intent=purchase,monitor`. agentpki.dev publishes a moderate site policy (accepts monitor + read-public + index + archive; denies scrape-bulk + manipulate-rank + automate-account; throttles extract-train). Most-restrictive disposition rule §5.2 step 7 enforced — declaring `purchase` + `scrape-bulk` against a strict site yields overall deny. All six spec scenarios verified live.

PROTOCOL

AgentPKI v0.3-intent — declare-and-audit bot intent (draft)

New spec extension: agents declare an `intent` claim ("purchase", "monitor", "scrape-bulk") at signing time; sites publish /.well-known/agentpki-intent-policy.json listing accepted/denied/throttled intents; the verifier computes a match and returns intent_match in /v1/verify. Hash-chained public audit log (RFC 6962-inspired) makes "this bot declared purchase but did scrape-bulk" cryptographically provable after the fact. Bots working *for* you or *against* you become distinguishable. 16-section spec at /spec/v0.3-intent — additive over v0.2. Phase 1 of 5: spec markdown. Phase 2 (verifier impl) next.

INFRA

Revocation notifications — webhook + Atom feed

Two new ways to know the moment a signing key gets revoked. (1) Webhook: POST /v1/notify/subscribe with {webhook_url, events:["revoked_key"]} returns a sub_token. The verifier auto-fans-out to every active subscriber within 2 seconds of the first revoked_key verdict it observes (debounced per (issuer, kid) for 24h so you don't get spammed). KV-stored, SSRF-guarded. (2) Atom feed: every issuer now publishes /.well-known/agentpki-crl.atom — point Feedly/NetNewsWire/IFTTT at it, no subscription state on our side. Subscribe at /notifications.

DEV TOOL

agentpki batch — fleet-wide token audit

New CLI subcommand: `agentpki batch tokens.txt` verifies many tokens in parallel (default 8, max 32 concurrent) with a streaming verdict line per token and a final summary table: counts, deny-reason breakdown, by-issuer breakdown, median + p95 verifier latency, total wall time. Three modes: human (TTY), `--json` (single blob), `--ndjson` (one object per line — pipe to disk or jq). Skip blank lines + `#` comments. Exit codes 0/1/2 by allow/deny/error so it slots into CI. Bundled in agentpki@0.3.0.

PAGE

/issuer-directory — public registry of every known issuer

Edge Pages Function polls /.well-known/agentpki-issuer.json + agentpki-crl.json on every known issuer hostname in parallel, returns aggregated JSON cached 5 min. Page renders one card per issuer: name, tier, current key count, revoked key count, CRL freshness, probe latency, abuse contact, deep links to the raw issuer.json and CRL. Today: 2 issuers (agentpki.dev, demo.agentpki.dev). Submit your domain via dashboard.agentpki.dev — appears here within 5 min of standing up the well-known file.

PROTOCOL

/replay — Mode B replay-cache visualizer (live protocol)

Click Mint Mode B bundle: demo issuer generates an ephemeral Ed25519 keypair, embeds its public key in the passport`s cnf.jwk.x, signs an RFC 9421 canonical request with the matching private key. Click Verify #1: allow + replay_checked=true (Durable Object recorded the jti). Click Verify #2: deny · replay_detected · "signature for jti=... first seen at ...". Real protocol round-trip, no animation. Demo issuer gained /mint-bundle endpoint.

DEV TOOL

agentpki diff — field-by-field token comparison

New CLI subcommand: `agentpki diff <tokenA> <tokenB>` side-by-side decodes both tokens, marks claims as `(=)`, `(≠) differs`, or `(Δ +N)` for numeric deltas (iat / exp), shows footer + signature comparison, and calls the verifier for both tokens to report live verdicts inline. Colorized TTY output, auto-strips when piped. `--json` for scripting, `--skip-verify` for offline diff, `- -` reads two newline-separated tokens from stdin. Use case: "my prod mint pipeline produces tokens that get denied but staging works — what changed?" Bundled in agentpki@0.2.0.

INFRA

/status — live operational health page

Cloudflare Pages Function at /api/status probes 4 surfaces every 15s from the edge: full mint→verify pipeline (not just a /health endpoint that could be green while verify is broken), demo issuer mint, snapshot store, MCP server. Returns roll-up status: operational / degraded / down. /status page renders component cards with live latency, 7-day verdict ribbon (green / yellow / red per day based on allow share), incident log. Cache: 15s edge + 60s SWR.

SDK

Embeddable verify widget — <agentpki-verify token>

Drop a live verdict badge on any page. Two APIs from one 2.7 KB gzipped script: web component `<agentpki-verify token size theme>` for frameworks, data-attribute `<div data-agentpki-verify="…">` for plain HTML. Shadow DOM (no global CSS leak), MutationObserver auto-rescan for SPAs, three sizes × light/dark/auto themes, four verdict states (verified / revoked / unverified / error). Pinned-version URL + SRI hash for vendor compliance. Showcase + copy-paste at /widget.

PAGE

/playground — protocol with no chrome

Dedicated full-page interactive playground. Three panels: Token (paste / mint clean / mint with revoked kid / tamper sig|payload|footer / copy / share-as-URL), Decoded (live local-only JSON syntax highlight), Verify (real POST to /v1/verify with verdict banner + raw response). Shareable token URLs via ?token= param so devs can paste broken tokens for support. ~250 lines of JS, no framework.

PAGE

/api-docs upgraded with one-click client integrations

New toolbar above Swagger UI: "Try in Postman" (opens Postman web with our collection JSON pre-loaded) · "Try in Insomnia" (insomnia:// scheme to import our OpenAPI yaml) · "openapi.yaml" + "postman.json" downloads · "Copy OpenAPI URL" button. Plus a paste-ready "First call · 30 seconds, no signup" code block at the top so curl-first developers don't have to scroll for a working example.

SDK

Browser SDK minified + version-pinned + SRI

Three URLs: /v1/sdk.js (4.9 KB dev source, commented + readable) · /v1/sdk.min.js (3.6 KB raw, 1.6 KB gzipped, latest production) · /v1/sdk-v0.1.0.min.js (version-pinned, immutable, max-age=1y). All three carry SRI sha256-fwS61oHOxj4oU5SvLOovLwht+QcNkn+p4u6kb4VKKp8= via X-AgentPKI-SDK-SRI response header. Vendor-friendly: pin once, never refetch.

INFRA

Public verification counters at verify.agentpki.dev/v1/stats

Verifier now increments KV-backed counters on every /v1/verify call (non-blocking via ctx.waitUntil — zero latency added). Public JSON endpoint at /v1/stats exposes total, total_by_verdict, total_by_reason, and last_7_days breakdown. Privacy: no token, jti, issuer, or sub stored — only verdict counts. /stats marketing page now shows live counter tiles and a 7-day stacked bar chart.

DEV TOOL

AgentPKI for VS Code v0.1.0

Hover any v4.public token in any file → decoded claims inline (iss, sub, iat, exp with ⏰/⚠ tags, tier, scope, jti, kid, sig). CodeLens above every token for one-click Verify or Decode. Diagnostics flag expired or near-expiry tokens. Four palette commands including "Mint demo passport" (auto-copies to clipboard). Hover and decode are local-only; verify and mint only call out when explicitly invoked.

PAGE

/changelog — permanent shipping log

Reverse-chronological archive of every public release. Color-coded category stripes (protocol / sdk / dev-tool / page / extension / infra). Linked from every page via the footer. The homepage "Just shipped" panel covers the most recent week; this page is the durable archive of everything before.

Jun 7, 2026

PAGE

/stats page

Live status page: runs the 3-scenario trust contract (allow / tampered / revoked) against the production verifier on page load, shows the demo issuer's CRL live, lists 16 GitHub repos + 15 production surfaces + spec version + heuristic phishing list count. If the trust contract ever regresses, the status dot turns red and shouts "INVESTIGATE."

DEV TOOL

agentpki/verify-action — GitHub Action

5-line YAML to drop AgentPKI verification into any CI workflow. Asserts allow / deny / specific failure_reason against the live verifier. Composite action — runs on ubuntu, macos, and self-hosted runners with no Node, Docker, or jq required. Self-tests itself daily against the live demo issuer.

DEV TOOL

agentpki.dev/postman.json — Postman collection

7 folders, 9 requests covering Mint → Verify → Abuse → Snapshots → Heuristic → Directory → Bootstrap Claim. Mint request auto-populates {{sample_token}} via test script so the Verify request chains zero-setup. Imports cleanly into Postman or Insomnia.

PAGE

Homepage "Just shipped" panel

Glowing emerald-bordered panel on the homepage between the 4 main layer cards and the Layer 05+ teaser. 8 cards (CLI, MCP, Scopes, OpenAPI, Browser SDK, GitHub Action, Postman, VS Code, plus a "Try them together" CTA). Animated pulse dot + shimmer border. Pill counter ("8 NEW") visible from across the page.

Jun 7, 2026

morning shipment — 5 dev surfaces in one push
DEV TOOL

agentpki CLI v0.1.0

npm i -g agentpki. Subcommands: mint, verify, decode, tamper, check, crl, init, help. Pipe-friendly: every command writes the canonical result to stdout. `agentpki mint | agentpki verify -` and `agentpki mint | agentpki tamper - | agentpki verify -` work. Exit codes 0/1/2 make it CI-shaped.

DEV TOOL

MCP server at mcp.agentpki.dev

5 Model Context Protocol tools so Claude Desktop / Cursor / any MCP-aware client can verify, mint, decode, look up kid status, and check any URL's AgentPKI-Token header — all from chat. Cloudflare Workers. JSON-RPC 2.0 over HTTP.

SDK

@agentpki/scopes — capability templates

Pre-built scope packages so issuers, agents, and verifiers all speak the same language. Categories: commerce, scheduling, news, medical, financial. Helpers: union(), satisfies(), parse(). Published to npm under @agentpki/scopes.

DEV TOOL

OpenAPI 3.1 spec + Swagger UI at /api-docs

Full machine-readable spec at /openapi.yaml covering every public endpoint (verifier, demo issuer, claim API, snapshot store, abuse pipeline, heuristic check, directory). /api-docs renders Swagger UI from it. Import to Postman, Insomnia, or any OpenAPI tool.

SDK

Browser SDK CDN at /v1/sdk.js

5 KB drop-in script tag for any webpage. agentpki.verify(token), agentpki.decode(token), agentpki.mintDemo(), agentpki.tamper(), agentpki.checkUrl(). No build step. CORS open. Cache-Control: max-age=3600.

Jun 5, 2026

DEV TOOL

agentpki/test-agent-template

Real Node project with @agentpki/sdk pre-wired. Three npm scripts (demo:allow / demo:tamper / demo:revoked) that exercise the full trust contract end-to-end with honest exit codes — doubles as a CI regression check. Includes .devcontainer/devcontainer.json so Codespaces and StackBlitz both work out of the box. Bonus demo:agent shows the 5-line signed-Anthropic drop-in.

DEV TOOL

agentpki.dev/bootstrap — 3-scenario trust demo

curl -fsSL https://agentpki.dev/bootstrap | sh (or iwr https://agentpki.dev/bootstrap.ps1 | iex on Windows). Prompts for email, derives a deterministic subdomain via /api/v1/bootstrap-claim, runs three scenarios (allow / tampered / revoked) against the live verifier, prints all three verdicts with real failure_reason codes plus a 24h shareable permalink. Six real HTTP calls in ~1 sec.

PAGE

/demo redesign — 4 end-to-end paths + Tamper Lab + Revoked-Key Lab + CI test runner

Interactive accordion of 4 paths (browser, cloud IDE, terminal, existing agent) — only one path open at a time, strong open-state styling. Tamper Lab and Revoked-Key Lab let the user pick what to corrupt or which kid to sign with, in 3 stages each. CI-style runner that streams all 3 trust-contract verdicts from the browser. All real HTTP, no animations.

Jun 3, 2026

PROTOCOL

v0.2 protocol spec live

Adds: CRL (/.well-known/agentpki-crl.json), abuse aggregation (POST /v1/abuse), replay cache (5-min jti window), KV-backed directory cache (<5ms cache hits). Spec markdown indexed at /spec/v0.1 and /spec/v0.2 for diff visibility.

Jun 1, 2026

PAGE

Web verifier UI at /check (phases 1-4)

Paste any PASETO token, see a structured verdict card. Heuristic checks against 5,000+ phishing domains (PhishStats + OpenPhish + URLhaus, daily refresh GitHub Actions cron). Shareable result permalinks at /check/result/<id> with 24h TTL. /widget.js embed for third-party sites. Scam-reporting flow with optional consented screenshot.

May 28, 2026

EXTENSION

Chrome extension v0.1.0-alpha.1 submitted

Watches outbound HTTPS for AgentPKI-Token response headers as you browse. Inline-verifies via verify.agentpki.dev. Popup shows trusted-issuer ✓ or reputation warning. Activity log. One-click abuse-report modal. Settings UI for trust-tier preferences. Built across a 7-day cycle. Submitted to Chrome Web Store (in review).

May 22, 2026

INFRA

Hosted onboarding dashboard at dashboard.agentpki.dev

Next.js + Postgres + magic-link auth via Resend. Bring a domain → verify via DNS TXT → generate Ed25519 signing keys (one-time reveal) → mint production passports. Full self-serve flow, including delete-issuer.

INFRA

Real-issuer Worker deployed at agentpki.dev

Production-grade Cloudflare Worker template. Real-issuer with full wrangler.toml coverage and static-directory Path B fallback. We are our own first issuer.

May 20, 2026

SDK

TypeScript SDK published — @agentpki/sdk on npm

Exports signPassport, verifyPassport, AgentPKI client (drop-in fetch wrapper that attaches PASETO + RFC 9421 Content-Digest + Signature). 21/21 tests passing. Initial 0.1.0-alpha.1, then 0.2.0-alpha.1 with v0.2 features.

SDK

Python SDK published — agentpki on PyPI

Byte-compatible wire format with the TypeScript SDK. 21/21 tests passing.

INFRA

Reference verifier deployed at verify.agentpki.dev

Cloudflare Worker. Sub-50ms p99 globally. KV-backed issuer-pubkey cache. Durable Object replay detection. CRL revocation checking.

PROTOCOL

v0.1 protocol spec

RFC-style document at /spec/v0.1. PASETO v4 + Ed25519. Apache 2.0.

Want a feed? This page is plain markup; scrape it. If you want a real RSS/Atom feed, open an issue at github.com/agentpki/web/issues — we’ll add it.

Earlier history (pre-2026-05-20 prototype era) lives in the commit graph at github.com/agentpki.