aa-auth 0.0.1-rc.4

HTTP authentication and authorization framework for Agent Assembly — API keys, JWTs, scopes, rate limiting, and the deny-by-default auth gate. Leaf crate with no aa-core/aa-gateway dependency.
Documentation

aa-auth

Authentication primitives for Agent Assembly — API-key and JWT verification, credential-token checks, and the fail-closed auth posture the gateway enforces.

crates.io docs.rs License

Owns the shared authentication types and verification logic so the gateway can guard privileged surfaces (e.g. /admin/status) without pulling the full gateway into its dependency graph. Deliberately a leaf crate: it holds the auth mode (AuthMode), the API-key/JWT verifiers, and the request-extractor contracts, and its bypass-default (AuthMode::Off unless auth is explicitly configured) preserves the zero-config developer experience while failing closed the moment auth is turned on.

Extracted from aa-gateway (AAASM-3898) so authentication is independently testable and reusable across the HTTP (aa-api) and gRPC surfaces.

Part of Agent Assemblydocumentation · monorepo.