{"id":50765106,"url":"https://github.com/mcp-shark/aauth-explorer","last_synced_at":"2026-06-11T13:01:39.727Z","repository":{"id":353351452,"uuid":"1219043741","full_name":"mcp-shark/aauth-explorer","owner":"mcp-shark","description":"Interactive knowledge graph for the AAuth protocol — visualize 72 protocol flows across signing, access, mission, and advanced patterns.","archived":false,"fork":false,"pushed_at":"2026-04-23T14:12:18.000Z","size":63,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-23T15:31:02.145Z","etag":null,"topics":["aauth","agents","ai-agents","authenticaiton","authorization","protocol","security"],"latest_commit_sha":null,"homepage":"https://mcp-shark.github.io/aauth-explorer/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mcp-shark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-23T13:24:55.000Z","updated_at":"2026-04-23T14:13:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mcp-shark/aauth-explorer","commit_stats":null,"previous_names":["mcp-shark/aauth-explorer"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/mcp-shark/aauth-explorer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Faauth-explorer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Faauth-explorer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Faauth-explorer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Faauth-explorer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mcp-shark","download_url":"https://codeload.github.com/mcp-shark/aauth-explorer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcp-shark%2Faauth-explorer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34199516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aauth","agents","ai-agents","authenticaiton","authorization","protocol","security"],"created_at":"2026-06-11T13:01:36.973Z","updated_at":"2026-06-11T13:01:39.710Z","avatar_url":"https://github.com/mcp-shark.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AAuth Knowledge Graph\n\n\u003e An open-source interactive protocol explorer for [AAuth](https://www.aauth.dev/) — contributed to the community by [MCPShark](https://www.mcpshark.sh/).\n\n![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)\n![Built with Cytoscape.js](https://img.shields.io/badge/Built%20with-Cytoscape.js-orange.svg)\n![Protocol: AAuth](https://img.shields.io/badge/Protocol-AAuth-cyan.svg)\n\n---\n\n## Overview\n\nAAuth Knowledge Graph is an interactive, browser-based visualization of the [AAuth (Agent Authorization)](https://www.aauth.dev/) protocol. It maps every participant, token, and protocol flow as a navigable graph — letting developers, architects, and protocol implementers explore AAuth's signing schemes, access modes, mission governance, and advanced patterns in a single unified view.\n\nNo build step. No dependencies to install. Open `index.html` and explore.\n\n---\n\n## About AAuth\n\nAAuth is an open protocol for **agent authorization**. It gives every agent its own cryptographic identity — no pre-registration, no shared secrets, no bearer tokens.\n\nKey properties:\n- **Proof of possession** — every request is signed with HTTP Message Signatures ([RFC 9421](https://www.rfc-editor.org/rfc/rfc9421)). Stolen tokens are worthless without the signing key.\n- **No pre-registration** — agents self-publish identity at HTTPS URLs. Any agent can interact with any resource on first contact.\n- **Async by design** — `202 Accepted` + polling handles consent, approvals, clarification, and headless agents with one pattern.\n- **Mission governance** — the agent states intent, the user approves, and every access is evaluated in that context.\n- **Progressive adoption** — each access mode is independently deployable. Start with 2-party identity, add a Person Server or Access Server later without changing the agent.\n\n**Resources:**\n- Specification: [aauth.dev](https://www.aauth.dev/)\n- Interactive Explorer: [explorer.aauth.dev](https://explorer.aauth.dev/)\n- Internet Drafts: [github.com/dickhardt/AAuth](https://github.com/dickhardt/AAuth)\n\n---\n\n## Motivation\n\nThe official AAuth Explorer walks through each scenario in isolation — one flow at a time, step by step. This is great for learning individual flows but makes it hard to see how the protocol composes: how signing underlies every access mode, how missions layer on top of federation, how call chaining builds on the 4-party flow.\n\nThis knowledge graph addresses that by:\n\n1. **Modeling the full protocol as a graph** — participants as nodes, protocol flows as directed edges, tokens as first-class artifacts\n2. **Progressive disclosure** — explore one flow at a time (Interactive mode) or see the entire protocol at once (Full mode)\n3. **Layer filtering** — isolate Signing, Access, Mission, or Advanced patterns independently\n4. **Contextual detail** — click any node or edge for a protocol-level explanation, token payload structure, and a direct link to the relevant AAuth Explorer page\n\n---\n\n## Features\n\n| Feature | Description |\n|---|---|\n| **Interactive step-through** | Navigate protocol flows step by step using arrow keys or `‹ ›` buttons |\n| **Full view toggle** | Switch between focused (one flow) and full protocol view |\n| **Layer filters** | Signing / Access / Mission / Advanced — each expandable to sub-modes |\n| **Right sidebar** | Click any node or edge for participant role, protocol detail, token payloads |\n| **Explorer links** | Every edge links directly to the corresponding AAuth Explorer scenario page |\n| **Dark security theme** | Trust-domain colour coding — participant colours map to protocol boundaries |\n| **Keyboard shortcuts** | `1`–`4` for layers, `←` `→` for steps, `Esc` to reset |\n| **Zero build step** | Single `index.html` — deployable to GitHub Pages with no toolchain |\n\n---\n\n## Protocol Coverage\n\nAll scenarios validated against [explorer.aauth.dev](https://explorer.aauth.dev/) and [aauth.dev](https://www.aauth.dev/).\n\n### Signing Layer\n\n| Sub-mode | Schemes | Explorer |\n|---|---|---|\n| All Schemes | sig=hwk, sig=jkt-jwt, sig=jwks_uri, sig=jwt | [/signing/compare](https://explorer.aauth.dev/signing/compare) |\n| Pseudonymous | sig=hwk (inline key) | [/signing/pseudonymous](https://explorer.aauth.dev/signing/pseudonymous) |\n| Hardware-backed | sig=jkt-jwt (enclave delegation) | [/signing/hardware-backed](https://explorer.aauth.dev/signing/hardware-backed) |\n| Agent Identity | sig=jwks_uri (HTTPS discovery) | [/signing/identity](https://explorer.aauth.dev/signing/identity) |\n| Agent Tokens | sig=jwt (JWT confirmation key) | [/signing/agent-tokens](https://explorer.aauth.dev/signing/agent-tokens) |\n\n### Access Layer\n\n| Mode | Parties | Description | Explorer |\n|---|---|---|---|\n| Identity-Based | 2 | Resource verifies agent identity directly | [/access/identity-based](https://explorer.aauth.dev/access/identity-based) |\n| Resource-Managed | 2 | Resource issues opaque AAuth-Access token | [/access/resource-managed](https://explorer.aauth.dev/access/resource-managed) |\n| PS-Managed | 3 | Person Server issues auth token (aud=PS) | [/access/ps-managed](https://explorer.aauth.dev/access/ps-managed) |\n| Federated | 4 | AS issues auth token via PS federation (aud=AS) | [/access/federated](https://explorer.aauth.dev/access/federated) |\n| User Delegation | 5 | Deferred consent — 202 + polling + user approval | [/access/user-delegation](https://explorer.aauth.dev/access/user-delegation) |\n\n### Mission Layer\n\n| Scenario | Description | Explorer |\n|---|---|---|\n| Proposal \u0026 Approval | Agent proposes mission; user reviews + approves; s256 fingerprint issued | [/missions/lifecycle](https://explorer.aauth.dev/missions/lifecycle) |\n| Resource Access | Mission claim flows through token chain end-to-end | [/missions/resource-access](https://explorer.aauth.dev/missions/resource-access) |\n| Out-of-Bounds | PS detects scope mismatch; user consent or new mission required | [/missions/out-of-bounds](https://explorer.aauth.dev/missions/out-of-bounds) |\n| Completion | Agent submits summary; user accepts; mission terminated | [/missions/completion](https://explorer.aauth.dev/missions/completion) |\n| Audit | Fire-and-forget action log tied to mission s256 | [/missions/audit](https://explorer.aauth.dev/missions/audit) |\n\n### Advanced Patterns\n\n| Pattern | Description | Explorer |\n|---|---|---|\n| Call Chaining | R1 acts as agent to R2; nested act claims record delegation chain | [/advanced/call-chaining](https://explorer.aauth.dev/advanced/call-chaining) |\n| Clarification Chat | AS poses question before user consent; agent answers inline | [/advanced/clarification](https://explorer.aauth.dev/advanced/clarification) |\n| Interaction Chaining | R1 bubbles 202 back to agent when R2 requires user consent | [/advanced/interaction-chaining](https://explorer.aauth.dev/advanced/interaction-chaining) |\n\n---\n\n## Quick Start\n\n```bash\ngit clone https://github.com/mcp-shark/mcp-shark.git\ncd aauth-explorer\nopen index.html        # macOS\n# or\nstart index.html       # Windows\n# or simply open index.html in any modern browser\n```\n\nNo npm. No webpack. No server required.\n\n### How to Navigate\n\n1. **Select a layer** from the left nav (Signing / Access / Mission / Advanced)\n2. **Select a sub-mode** from the expanded dropdown (e.g. Federated)\n3. **Step through** the flow using `‹ ›` or `←` `→` keyboard shortcuts\n4. **Click any node or edge** to open the detail sidebar\n5. **Toggle Full view** (top right) to see the entire protocol at once\n6. Press **Esc** to reset\n\n---\n\n## Project Structure\n\n```\naauth-explorer/\n├── index.html              # Application shell — no build step required\n├── README.md               # This file\n├── SCHEMA.md               # Complete validated node/edge schema with AAuth source references\n├── LICENSE\n├── assets/\n│   └── images/\n│       └── logo.jpeg       # MCPShark logo\n├── data/\n│   └── graph.js            # Single source of truth — all nodes, edges, metadata\n├── js/\n│   ├── graph.js            # Cytoscape.js initialization, layout, and style\n│   ├── interactions.js     # Click, hover, tooltip, and sidebar logic\n│   └── filters.js          # Layer filter toolbar, view toggle, step navigation\n└── css/\n    └── style.css           # Dark security theme — glassmorphism, trust-domain colours\n```\n\n---\n\n## Data Model\n\nThe graph is encoded in `data/graph.js` as a self-contained JavaScript module (`AAuthGraph`).\n\n### Nodes\n\n| Type | Count | Description |\n|---|---|---|\n| Participants | 11 | Agent, Resource, PS, AS, User, Agent Server, Delegate, R1, R2, AS1, AS2 |\n| Tokens | 4 | aa-agent+jwt, aa-resource+jwt, aa-auth+jwt, Opaque token |\n\n### Edges\n\n| Layer | Count | Description |\n|---|---|---|\n| Signing | 7 | S1–S7: signing schemes and key discovery |\n| Access | 23 | A1–A23: 5 access modes across 2–5 parties |\n| Mission | 21 | M1–M21: proposal, access, out-of-bounds, completion, audit |\n| Advanced | 21 | V1–V21: call chaining, clarification, interaction chaining |\n| **Total** | **72** | |\n\nEach edge carries: `id`, `source`, `target`, `label`, `layer`, `sublayer`, `step`, `tooltip`, `detail`, `url`.\n\nThe `url` field links directly to the corresponding [AAuth Explorer](https://explorer.aauth.dev/) scenario page.\n\nFor the full validated schema including token payloads and HTTP header examples, see [SCHEMA.md](./SCHEMA.md).\n\n---\n\n## Contributing\n\nContributions are welcome. The most valuable contributions are:\n\n1. **Protocol updates** — if AAuth spec changes, update `data/graph.js` (nodes/edges) and `SCHEMA.md`\n2. **Richer sidebar content** — add `example` fields (token payloads, header snippets) to edges in `data/graph.js`\n3. **New scenarios** — add edges for any new Explorer pages using the existing `id/layer/sublayer/step/url` pattern\n4. **UI improvements** — `css/style.css` and `js/interactions.js` for visual and interaction enhancements\n\n### Adding a new edge\n\n```javascript\n{\n  data: {\n    id: 'X1',                          // unique id\n    source: 'agent',                   // participant id\n    target: 'resource',                // participant id\n    label: 'Short label',              // shown on graph edge\n    layer: 'access',                   // signing | access | mission | advanced\n    sublayer: 'access-identity',       // sub-filter key\n    step: 1,                           // temporal order within sub-filter\n    url: 'https://explorer.aauth.dev/access/identity-based',\n    tooltip: 'One-liner for hover',\n    detail: 'Full explanation for sidebar panel.'\n  }\n}\n```\n\n---\n\n## License\n\nMIT © [MCPShark](https://www.mcpshark.sh/)\n\nSee [LICENSE](./LICENSE) for full terms.\n\n---\n\n## Acknowledgements\n\n- **[AAuth Protocol](https://www.aauth.dev/)** — Dick Hardt and contributors\n- **[AAuth Explorer](https://explorer.aauth.dev/)** — all protocol content validated against the official explorer\n- **[Cytoscape.js](https://js.cytoscape.org/)** — graph visualization engine\n- **[MCPShark](https://www.mcpshark.sh/)** — [github.com/mcp-shark/mcp-shark](https://github.com/mcp-shark/mcp-shark)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcp-shark%2Faauth-explorer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmcp-shark%2Faauth-explorer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcp-shark%2Faauth-explorer/lists"}