Open
Conversation
- Update BouncyCastle to 1.79, add Caffeine and MCP SDK dependencies - Fix Jacoco coverage to only enforce 90% on publishable modules - Add mcp-server-spring example to settings - Enhance AnsExecutors with virtual thread support and named executors - Add CryptoCache for thread-safe caching of crypto operations - Minor CertificateUtils enhancement Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive SCITT (Supply Chain Integrity, Transparency, and Trust) verification infrastructure: - CoseSign1Parser: Parse COSE_Sign1 structures from receipts and tokens - ScittReceipt: Merkle inclusion proof verification - StatusToken: Time-bounded agent status assertions with fingerprint validation - ScittVerifier/DefaultScittVerifier: Full verification pipeline - MerkleProofVerifier: Consistency proof validation - ScittArtifactManager: Caching and refresh management - ScittHeaderProvider: HTTP header extraction (X-SCITT-Receipt, X-ANS-Status-Token) - TrustedDomainRegistry: Domain-based trust configuration Includes CBOR/COSE dependencies and comprehensive test coverage. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- TransparencyClient: Add SCITT root key fetching, domain configuration, and artifact retrieval methods - TransparencyService: Major enhancements for SCITT artifact management, status token validation, and receipt verification - CachingBadgeVerificationService: Refactor to use new SCITT infrastructure with improved caching and refresh logic Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- VerificationPolicy: Add SCITT_REQUIRED policy for full SCITT verification - PreVerificationResult: Add SCITT result fields and builder methods - ConnectionVerifier/DefaultConnectionVerifier: Integrate SCITT verification into the connection flow - ScittVerifierAdapter: Bridge SCITT verification from transparency module to agent-client connection verification - Add ScittVerificationException and ClientConfigurationException - Comprehensive test coverage for all verification components Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- AnsVerifiedClient: High-level client supporting all verification policies (PKI_ONLY, BADGE_REQUIRED, DANE_REQUIRED, SCITT_REQUIRED) - AnsConnection: Connection wrapper with verification result access - ClientRequestVerifier/DefaultClientRequestVerifier: Per-request SCITT verification for response headers - ClientRequestVerificationResult: Structured verification results Provides a simple, fluent API for secure agent-to-agent communication with configurable trust policies. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update all example READMEs with SCITT verification documentation - A2A client example: Add SCITT_REQUIRED policy demonstration - HTTP API example: Add per-request SCITT verification - MCP client example: Simplify and add SCITT support - Add new mcp-server-spring example: Spring Boot MCP server with SCITT header injection and client verification filters Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for SCITT-based verification to the ANS Agent Client SDK and its integration examples, updating documentation, examples, and dependencies to reflect the new approach. The changes provide a high-level, recommended verification flow using SCITT, while retaining and clarifying the existing manual DANE/Badge flow. The documentation and code now clearly distinguish between the two verification patterns, and new dependencies are added to support caching and SCITT artifact handling.
SCITT Verification Support and Example Integration:
AnsVerifiedClientinA2aClientExample.java, including detailed step-by-step output and integration pattern documentation. [1] [2] [3] [4] [5]Verification Policy and Documentation Updates:
FULLin favor ofSCITT_REQUIREDandSCITT_ENHANCED, and clarified the recommended use cases for each policy. [1] [2] [3] [4]Dependency and Build Configuration:
build.gradle.ktsto support SCITT artifact handling and improve test coverage. [1] [2] [3]ans-sdk-agent-clientmodule.CI and Workflow Maintenance:
gradle/actions/wrapper-validationandactions/cachefor better reliability and security. (.github/workflows/ci.yml)These changes modernize the verification flow, making SCITT the recommended approach for production environments, and provide clear guidance and examples for developers integrating with the ANS Agent Client SDK.