a1-ai 2.8.0

A1 — The cryptographic identity and authorization layer that turns anonymous AI agents into accountable, verifiable entities. One Identity. Full Provenance.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

name: Feature Request
description: Propose a new capability, SDK integration, or improvement
labels: ["enhancement", "needs-triage"]
body:
  - type: markdown
    attributes:
      value: |
        Feature requests that align with A1's core mission (cryptographic chain-of-custody for agent delegation) get prioritized. Read [WHY_A1.md](https://github.com/dyologician/a1/blob/main/WHY_A1.md) to understand what we are building.

  - type: dropdown
    id: area
    attributes:
      label: Area
      options:
        - New framework integration (LangChain, AutoGen, etc.)
        - New KMS / Vault backend
        - New storage backend (Redis, Postgres, etc.)
        - New SIEM / audit exporter
        - Gateway REST API
        - CLI
        - A1 Studio (web dashboard)
        - Protocol / wire format
        - Performance
        - Documentation
        - Other
    validations:
      required: true

  - type: textarea
    id: problem
    attributes:
      label: What problem does this solve?
      description: Describe the situation where this is missing or painful.
      placeholder: |
        When deploying A1 in a Kubernetes environment, there is no native integration
        with Kubernetes ServiceAccount tokens for bootstrapping delegation chains.
        We currently have to manually exchange tokens via the JWT bridge, which
        requires extra plumbing for every deployment.
    validations:
      required: true

  - type: textarea
    id: proposal
    attributes:
      label: Proposed solution
      description: What would you like A1 to do? Code sketches are welcome.
      placeholder: |
        A new /v1/k8s/exchange endpoint (similar to /v1/jwt/exchange) that
        accepts a Kubernetes ServiceAccount JWT and verifies it against the
        cluster's OIDC discovery endpoint automatically.
    validations:
      required: true

  - type: textarea
    id: alternatives
    attributes:
      label: Alternatives considered
      placeholder: |
        We could configure A1_JWT_JWKS_URL to point at the Kubernetes OIDC
        endpoint, but that requires knowing the cluster's issuer URL up front
        and does not handle service account token rotation cleanly.

  - type: checkboxes
    id: checklist
    attributes:
      label: Checklist
      options:
        - label: I searched existing issues and this has not been requested before
          required: true
        - label: This request does not weaken the cryptographic security model
          required: true