跳转到内容
Agent Analytics

Release notes

此内容尚不支持你的语言。

auth.md user-claimed agent authentication

Section titled “auth.md user-claimed agent authentication”

Agent Analytics now publishes auth.md discovery metadata and user-claimed agent registration for the hosted API.

What changed:

  • https://api.agentanalytics.sh/auth.md gives agents Markdown instructions.
  • https://api.agentanalytics.sh/.well-known/oauth-protected-resource exposes OAuth Protected Resource Metadata.
  • https://api.agentanalytics.sh/.well-known/oauth-authorization-server exposes the agent_auth registration endpoints.
  • Protected API 401 responses advertise discovery with WWW-Authenticate: Bearer resource_metadata="https://api.agentanalytics.sh/.well-known/oauth-protected-resource".
  • Compatible agents can request a human-approved aas_* agent session through the user-claimed browser approval flow.

Agent Analytics does not advertise anonymous analytics access or ID-JAG support yet. See auth.md agent authentication for details and links to the WorkOS auth.md protocol.

Identity lookup and public API contract cleanup

Section titled “Identity lookup and public API contract cleanup”

This release updates the public API contract and client-facing docs for the privacy-first identity model.

Breaking changes

Section titled “Breaking changes”
  • Public examples no longer identify users by email address alone. Send a stable, non-email user_id to identify, and put email addresses only in top-level traits.email when the user is authenticated and you need profile stitching.
  • Browser-side email hashing guidance has been removed from tracker docs. Do not compute local SHA-256 email hashes in client code as a user identifier.
  • Identity portfolios are the public contract for cross-project lookup boundaries and membership. Portfolio context remains compact interpretation notes for goals, surface roles, and milestones; do not use it as an identity lookup surface.
  • OpenAPI copies shipped with the docs now include the current identify, lookup, query, portfolio-context, and portfolios contracts.

Privacy-first lookup model

Section titled “Privacy-first lookup model”

Agent Analytics may receive raw email during authenticated identify calls or authenticated lookup requests so the service can stitch profiles and resolve a user safely. Raw email is not stored raw in event rows or profile rows. Lookup guidance is now authenticated/server-side: send raw email only through supported authenticated flows, let Agent Analytics apply its privacy protections, and avoid publishing local-only email hashes or browser-side hash matching logic.

Migration checklist

Section titled “Migration checklist”
  • Replace identify-by-email snippets with a stable app user ID, and include email only as traits.email when authenticated lookup support is needed.
  • Remove client-side SHA-256 email-hash helpers from browser integrations.
  • Update agents and skills to use documented lookup/query/portfolio endpoints instead of guessing profile IDs from hashes.
  • Regenerate clients from https://docs.agentanalytics.sh/openapi.yaml after this release.