aa-auth 0.0.1-rc.4

HTTP authentication and authorization framework for Agent Assembly — API keys, JWTs, scopes, rate limiting, and the deny-by-default auth gate. Leaf crate with no aa-core/aa-gateway dependency.
Documentation
[package]
name = "aa-auth"
version.workspace = true
edition.workspace = true
license.workspace = true
repository.workspace = true
description = "HTTP authentication and authorization framework for Agent Assembly — API keys, JWTs, scopes, rate limiting, and the deny-by-default auth gate. Leaf crate with no aa-core/aa-gateway dependency."

[dependencies]
argon2 = "0.5"
axum = { workspace = true }
dashmap = { workspace = true }
http = { workspace = true }
jsonwebtoken = { workspace = true }
rand = "0.10"
rand_core = { version = "0.6", features = ["getrandom"] }
serde = { workspace = true }
serde_json = { workspace = true }
# Fast lookup-hash for the API-key prefix index (AAASM-4075): a truncated SHA-256
# of the raw key selects the single candidate entry so `validate_detailed` runs
# argon2 once, not once per stored key, on unauthenticated input. sha2 is a
# workspace dependency already pulled in transitively by argon2.
sha2 = { workspace = true }
thiserror = { workspace = true }
tracing = { workspace = true }
utoipa = { workspace = true }

[lints]
workspace = true