Version History
ANIP's version line tracks the progression of protocol capabilities. The current version is v0.23.
Version progression
| Version | What it added | Key concepts |
|---|---|---|
| v0.23 | Capability composition + approval grants | Capabilities declare a kind (atomic or composed); composed capabilities expose a declarative composition step graph as protocol-visible metadata for audit and verification. The approval_required failure persists an ApprovalRequest; approvers issue a signed ApprovalGrant (one_time or session_bound) via POST /anip/approval_grants that the requester redeems on a follow-up invoke. Session identity is bound into the signed delegation token (anip:session_id), so session-bound continuations can't be forged from request bodies. Detached JWS over canonical-sorted JSON for cross-runtime grant signature compatibility. |
| v0.22 | Delegated issuance ergonomics | Canonical parent_token semantics (token ID string, not JWT) aligned across all runtimes. issueDelegatedCapabilityToken() helper in all 5 runtimes. Token issuance responses echo task_id for consumer-side task continuity. |
| v0.21 | Cross-service contracts and recovery targets | cross_service_contract with structured handoff/followup/verification entries (task-local continuity, completion modes). recovery_target in resolution objects (kind, target, continuity, retry_after_target). Stronger than advisory hints, not a workflow engine. |
| v0.20 | Bootstrap auth and capability-targeted issuance | Explicit bootstrap auth hook contract (sync MUST, async MAY). issueCapabilityToken() root-only helper in all 5 runtimes — pre-binds capability, requires explicit scope. |
| v0.19 | Cross-service handoff hints | cross_service optional object on capability declarations with four advisory arrays: handoff_to, refresh_via, verify_via, followup_via. Each entry is a ServiceCapabilityRef (service + capability strings) that names a capability on another ANIP service. Extends the advisory composition model from same-manifest hints to cross-service workflow guidance. |
| v0.18 | Cross-service continuity | upstream_service optional field on invoke request, response, and audit entry — identifies the ANIP service that initiated a call as part of a cross-service workflow. Services MUST echo and record it. Services MUST NOT reject syntactically valid parent_invocation_id or task_id values from foreign services. |
| v0.17 | Advisory composition hints | refresh_via and verify_via on capability declarations — advisory arrays of same-manifest capability names. refresh_via guides agents to re-invoke a source capability when a stale artifact (binding, quote) causes failure. verify_via guides agents to verify side effects after executing irreversible actions. |
| v0.16 | Recovery posture | recovery_class on every resolution object (6-value vocabulary: retry_now, wait_then_retry, refresh_then_retry, redelegation_then_retry, revalidate_then_retry, terminal); 5 new canonical resolution.action values (retry_now, provide_credentials, wait_and_retry, revalidate_state, check_manifest) |
| v0.15 | Authority and blocked-action signals | reason_type on restricted/denied permission entries (5-value vocabulary); resolution_hint on restricted entries; non_delegable_action failure type; canonical request_broader_scope resolution action (deprecates request_scope_grant) |
| v0.14 | Binding/control simplification | Removed bound_reference/freshness_window overlap from control_requirements |
| v0.13 | Budget, binding, and control | Enforceable budget constraints; requires_binding on capabilities; control_requirements vocabulary; 6 new failure types; budget_context in responses; FinancialCost structured type |
| v0.12 | Task identity and invocation lineage | task_id groups related invocations; parent_invocation_id forms invocation trees; token purpose binding; audit filterable by task and parent invocation |
| v0.11 | Runtime observability | Logging, metrics, tracing, diagnostics hooks; getHealth(); health endpoint |
| v0.10 | Horizontal scaling | PostgreSQL storage; leader election; exclusive invocation locks; multi-replica support |
| v0.9 | Audit aggregation | Storage-side redaction; caller-class disclosure; audit entry aggregation for high-volume reads |
| v0.8 | Security hardening | Event classification; two-layer retention; failure redaction; aggregation flushing |
| v0.7 | Discovery posture | Trust posture in discovery; anchoring cadence; metadata disclosure control |
| v0.6 | Streaming invocations | SSE-based streaming responses; response_modes declaration; streaming + unary support |
| v0.5 | Async storage | Non-blocking audit writes; background checkpoint scheduling; retention enforcement |
| v0.4 | Lineage | invocation_id and client_reference_id for cross-delegation lineage tracking |
| v0.3 | Anchored trust | Merkle checkpoints; signed manifests; JWKS; trust levels (declarative → signed → anchored) |
| v0.2 | Cost and failures | Cost declaration and cost_actual; structured failures with resolution guidance |
| v0.1 | Core protocol | Discovery, manifest, capabilities, delegation, permissions, invoke, audit |
What's next
- Federated trust — cross-service delegation chains and token exchange
- Studio streaming visualization — watch streaming invocations in real-time
- Studio lineage tracing — trace invocation chains through audit
- gRPC transport expansion — Java, C#, TypeScript bindings from the shared proto
For the full roadmap, see the SPEC.md in the repo.