Skip to content

feat(registry): remove discovered agents from public surface#3780

Merged
EmmaLouise2018 merged 1 commit into
mainfrom
EmmaLouise2018/remove-discovered-agents
May 2, 2026
Merged

feat(registry): remove discovered agents from public surface#3780
EmmaLouise2018 merged 1 commit into
mainfrom
EmmaLouise2018/remove-discovered-agents

Conversation

@EmmaLouise2018

@EmmaLouise2018 EmmaLouise2018 commented May 1, 2026

Copy link
Copy Markdown
Contributor

Summary

Removes the concept of discovered agents from the AAO public registry surface, per #3772.

The federated registry now contains only AAO-attested, member-enrolled agents and publishers. Crawler-discovered entries from adagents.json no longer surface in /api/registry/agents or /api/registry/publishers.

Removed from response schemas

Renamed (/api/registry/stats)

  • discovered_agentsauth_graph_agents
  • discovered_publishersauth_graph_publishers
  • discovered_propertiesauth_graph_properties

The graph backs the publisher-authorization lookups (lookupDomain, hasValidAdagents) and is populated from BOTH adagents.json crawls AND agent_claim attestations — so auth_graph_* is the accurate name. registered_agents / registered_publishers (the public registry counts) are unchanged.

What stays

The crawler still populates discovered_agents and discovered_publishers tables — they back the publisher-authorization graph (lookupDomain, hasValidAdagents, getSalesAgentsClaimingDomain). The change is to the public registry contract, not the crawler graph.

Backwards compatibility

Wire-visible breaking changes for any external consumer of the registry HTTP surface:

Endpoint Before After
GET /api/registry/agents row carries source, discovered_from, endorsed_by_publisher_member, discovered_at; response wraps sources: {registered, discovered} row has member only; response is {agents, count}
GET /api/registry/agents?source=... merged set, source filter applied 400 with "source query parameter is no longer supported"
GET /api/registry/publishers row carries source, discovered_from, discovered_at; response wraps sources block row has member only; response is {publishers, count}
GET /api/registry/lookup/domain/{domain} authorized_agents[] and sales_agents_claiming[] carry source: 'registered' | 'discovered' rows carry member only when registered, omitted otherwise
GET /api/registry/stats discovered_agents / _publishers / _properties auth_graph_agents / _publishers / _properties

endorsed_by_publisher_member was added two days ago in #3547 and never went out in a release — collapsing it is a pre-release revert, not a wire break.

OpenAPI spec at static/openapi/registry.yaml is regenerated and reflects the new surface, including the explicit /api/registry/stats schema (was additionalProperties: {} previously).

Refs (does not close — see #3772 for remaining work)

This PR ships the schema/type/service-layer half of the issue plus the docs sweep. #3772 stays open to track the remaining table-drop migration — see the follow-up comment on that issue for the checklist.

Test plan

  • npm run typecheck passes
  • npm run test:server-unit passes (2,976 tests, 0 failures)
  • npm run build passes
  • Updated registry-reader-baseline-public-endpoints.test.ts and registry-reader-baseline-mcp.test.ts to assert the new "registered-only public surface" contract
  • Added ?source=registered|discovered|<bogus> 400-rejection test
  • Restored fix(registry): flip type==='buying' filter inversions to 'sales' + add sales to by_type tally #3540 polarity test (sales enriched, buying not) against the registered-only surface
  • Deleted registry-discovered-endorsement.test.ts and registry-agents-source-filter.test.ts (test removed features)
  • Manual: hit /api/registry/agents against staging — confirm registered agents only, no source field
  • Manual: hit /api/registry/agents?source=registered against staging — confirm 400 response
  • Manual: hit /api/registry/publishers against staging — confirm registered publishers only, no sources count block
  • Manual: hit /api/registry/stats against staging — confirm auth_graph_* field names
  • Manual: verify lookupDomain still returns authorized_agents and sales_agents_claiming with member populated where applicable

Comment thread server/src/db/federated-index-db.ts
@EmmaLouise2018 EmmaLouise2018 force-pushed the EmmaLouise2018/remove-discovered-agents branch 3 times, most recently from 6f2ae58 to 0f97260 Compare May 1, 2026 23:19
The federated registry now contains only AAO-attested, member-enrolled
agents and publishers. Crawler-discovered entries from adagents.json
no longer surface in /api/registry/agents or /api/registry/publishers.

Removed from response schemas (FederatedAgent, FederatedPublisher,
DomainLookupResult):

- source: 'registered' | 'discovered'
- discovered_from
- endorsed_by_publisher_member
- discovered_at
- sources: { registered, discovered } count blocks on list endpoints
- ?source= query param on /api/registry/agents now returns 400 with
  a clear error instead of being silently dropped. 400 shape matches
  existing /api/registry/* convention: { error: "<string>" }.

Wire surface cleanups while we're here:

- added_date on /api/registry/agents items is now omitted instead of
  stamped with today. The field has always been optional in the
  OpenAPI schema; the previous fallback value was meaningless for
  member-enrolled agents (no real enrollment-date source on the wire
  today). Agent.added_date is now typed as optional in TypeScript to
  match the schema.

Test coverage:

- registry-reader-baseline-public-endpoints.test.ts now seeds a
  registered profile and asserts the registered agent surfaces with
  member metadata, alongside the negative assertion that crawler-only
  agents do not appear. The previous negative-only assertion was
  true-by-default when the catalog was empty.

The crawler still populates the discovered_agents/discovered_publishers
tables internally as the publisher-authorization graph backing
lookupDomain, hasValidAdagents, and getSalesAgentsClaimingDomain. The
tables and their drop-migration are deferred to a follow-up PR — that
work is tracked under #3772 (PR 3 of the 4-PR migration plan in that
issue), not in scope here.

Docs: registering-an-agent.mdx rewritten to describe the single
enrollment path (no longer "four crawl paths" or two trust levels).
index.mdx drops stale source/discovered framing on /api/registry/agents
and clarifies that the agent.discovered change-feed event represents
an authorization-graph addition, not a catalog entry.

Closes #3772
@EmmaLouise2018 EmmaLouise2018 force-pushed the EmmaLouise2018/remove-discovered-agents branch from 0f97260 to 365133e Compare May 1, 2026 23:37
@EmmaLouise2018 EmmaLouise2018 merged commit 8b2caaa into main May 2, 2026
18 checks passed
@EmmaLouise2018 EmmaLouise2018 deleted the EmmaLouise2018/remove-discovered-agents branch May 2, 2026 04:25
EmmaLouise2018 added a commit that referenced this pull request May 2, 2026
#3780 removed `source: registered/discovered` from the public registry
surface and collapsed the four-paths model. Update the changeset
description to match — the docs change now expands the one enrollment
path that remains, not "section 1" of a four-section list.
EmmaLouise2018 added a commit that referenced this pull request May 2, 2026
* fix(addie): make agent registration self-explanatory

- Rename dashboard CTA "+ Add agent" → "+ Register agent"
- Replace seed prompt sent to Addie. Old: "I want to add an agent
  for compliance monitoring." (compliance framing was confusing for
  first-time registration). New: "I want to register an agent in
  the AAO registry. What information do you require?" Updated in
  dashboard-agents.html (header CTA, empty-state CTA) and
  org-health.ts (org-health quick action)
- Reframe Addie's save_agent description around AAO registry
  registration; surface all four auth modes (none / static
  bearer-or-basic / OAuth client credentials / OAuth user) and
  state explicitly that agent type is auto-detected — never asked
- Teach Addie to drive a structured intake (URL → auth method →
  matching fields → protocol) before calling save_agent
- Add a "Quickstart: register your agent (members)" section to
  docs/registry/registering-an-agent.mdx with the explicit sign-up
  → /dashboard/agents → "+ Register agent" path

* fix(docs): use /auth/login instead of /login (404)

The bare /login route returns 404; the actual entry point is
/auth/login, which redirects to WorkOS AuthKit and handles both
sign-in and sign-up. Caught by check:owned-links in CI.

* docs(registry): consolidate registration into section 1

Remove the duplicate "Quickstart" section that sat above the four-paths
list and fold its content into "1. Self-registration (members only)" so
there's one canonical place a member learns the click path. Also fixes
the ?org parameter (id, not slug), aligns tier wording with the live
gate, and describes type resolution accurately (capability snapshot,
not live probe).

* docs(changeset): align with post-#3780 single-path framing

#3780 removed `source: registered/discovered` from the public registry
surface and collapsed the four-paths model. Update the changeset
description to match — the docs change now expands the one enrollment
path that remains, not "section 1" of a four-section list.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant