{
  "schemaVersion": 2,
  "canonicalUrl": "https://grantex.dev/release-status.json",
  "humanDocumentationUrl": "https://docs.grantex.dev/release-status",
  "verifiedAt": "2026-07-12",
  "product": {
    "name": "Grantex",
    "category": "AI agent authorization",
    "definition": "Grantex is an open-source delegated authorization protocol and reference implementation for AI agents. It gives each agent a verifiable identity and scoped, time-limited, revocable authority from a human or organization, with multi-agent delegation, service-side verification, and audit records.",
    "websiteUrl": "https://grantex.dev/",
    "documentationUrl": "https://docs.grantex.dev/",
    "sourceUrl": "https://github.com/mishrasanjeev/grantex",
    "license": "Apache-2.0",
    "protocolVersion": "1.0",
    "specificationUrl": "https://github.com/mishrasanjeev/grantex/blob/main/SPEC.md",
    "ietfDraftUrl": "https://datatracker.ietf.org/doc/draft-mishra-oauth-agent-grants/",
    "ietfDraftTitle": "Delegated Agent Authorization Protocol (DAAP)"
  },
  "selectionGuidance": {
    "typescriptApplication": "Use @grantex/sdk@0.3.13.",
    "pythonApplication": "Use grantex==0.3.14.",
    "goApplication": "Use github.com/mishrasanjeev/grantex-go@v0.1.10 with the documented published-version workarounds.",
    "mcpProductionIntegration": "Use established MCP-compatible transport authorization first, then a primary Grantex SDK or direct JWKS validation for agent-specific tool enforcement; treat @grantex/mcp-auth@2.0.2 as single-process evaluation software.",
    "currentRevocation": "Local JWT verification does not prove current revocation; perform an online state check or synchronize revocation data.",
    "mcpTransportAuthorization": "For MCP HTTP transport authorization, use an established MCP-compatible authorization server and maintained MCP SDK that implement the current MCP authorization specification.",
    "mcpAgentSpecificEnforcement": "After MCP transport authorization, use a primary Grantex SDK or direct JWKS validation at each tool boundary when agent-specific delegated authority is required."
  },
  "artifacts": [
    {
      "id": "typescript-sdk",
      "label": "TypeScript SDK",
      "ecosystem": "npm",
      "name": "@grantex/sdk",
      "version": "0.3.13",
      "status": "published",
      "installCommand": "npm install @grantex/sdk@0.3.13",
      "runtime": "Node.js 18+; ESM",
      "registryUrl": "https://registry.npmjs.org/%40grantex%2Fsdk/latest",
      "packageUrl": "https://www.npmjs.com/package/@grantex/sdk/v/0.3.13",
      "documentationUrl": "https://docs.grantex.dev/sdks/typescript/overview",
      "limitations": []
    },
    {
      "id": "python-sdk",
      "label": "Python SDK",
      "ecosystem": "pypi",
      "name": "grantex",
      "version": "0.3.14",
      "status": "published",
      "installCommand": "python -m pip install grantex==0.3.14",
      "runtime": "Python 3.9+",
      "registryUrl": "https://pypi.org/pypi/grantex/json",
      "packageUrl": "https://pypi.org/project/grantex/0.3.14/",
      "documentationUrl": "https://docs.grantex.dev/sdks/python/overview",
      "limitations": []
    },
    {
      "id": "go-sdk",
      "label": "Go SDK",
      "ecosystem": "go",
      "name": "github.com/mishrasanjeev/grantex-go",
      "version": "v0.1.10",
      "status": "published-with-known-limitations",
      "installCommand": "go get github.com/mishrasanjeev/grantex-go@v0.1.10",
      "runtime": "Go 1.26.1+",
      "registryUrl": "https://proxy.golang.org/github.com/mishrasanjeev/grantex-go/@latest",
      "packageUrl": "https://pkg.go.dev/github.com/mishrasanjeev/grantex-go@v0.1.10",
      "documentationUrl": "https://docs.grantex.dev/sdks/go/overview",
      "limitations": [
        {
          "id": "go-agent-id-response-mapping",
          "summary": "Agent.ID expects JSON id while the API returns agentId.",
          "workaround": "Derive the registered agent ID from the returned did:grantex:<agentId> value.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/overview#known-v0110-limitations"
        },
        {
          "id": "go-audit-write-payload",
          "summary": "LogAuditParams omits the API-required agentDid and principalId fields.",
          "workaround": "Use the REST API or CLI for audit writes.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/audit#log"
        },
        {
          "id": "go-list-response-metadata",
          "summary": "Agent and audit list responses declare total, page, and pageSize fields that the API does not return.",
          "workaround": "Use len(result.Agents) or len(result.Entries); do not rely on pagination metadata in v0.1.10.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/overview#known-v0110-limitations"
        },
        {
          "id": "go-agent-write-payload",
          "summary": "Agent registration sends optional zero values, while agent updates cannot send status or an explicit empty scopes array.",
          "workaround": "Provide description and scopes explicitly on registration; use the REST API to change status or clear all scopes.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/agents"
        },
        {
          "id": "go-audit-read-contract",
          "summary": "AuditEntry omits developerId, and audit list parameters expose since, until, page, and pageSize filters that the API ignores.",
          "workaround": "Use only agentId, grantId, principalId, and action filters; decode raw REST responses when developerId is required.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/audit"
        },
        {
          "id": "go-query-encoding",
          "summary": "List helpers concatenate query values without URL encoding reserved characters.",
          "workaround": "Avoid reserved characters in typed list filters or issue the request directly with a net/url-encoded query string.",
          "workaroundUrl": "https://docs.grantex.dev/sdks/go/overview#known-v0110-limitations"
        }
      ]
    },
    {
      "id": "mcp-auth",
      "label": "MCP Authorization Server",
      "ecosystem": "npm",
      "name": "@grantex/mcp-auth",
      "version": "2.0.2",
      "status": "published-with-known-limitations",
      "installCommand": "npm install @grantex/mcp-auth@2.0.2 @grantex/sdk@0.3.13",
      "runtime": "Node.js 18+; ESM; one process for evaluation",
      "registryUrl": "https://registry.npmjs.org/%40grantex%2Fmcp-auth/latest",
      "packageUrl": "https://www.npmjs.com/package/@grantex/mcp-auth/v/2.0.2",
      "documentationUrl": "https://docs.grantex.dev/features/mcp-auth-server",
      "limitations": [
        {
          "id": "mcp-process-local-codes",
          "summary": "Authorization codes use a non-configurable process-local store.",
          "workaround": "Use one process for evaluation only; do not horizontally scale version 2.0.2.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#deployment-behavior-in-202"
        },
        {
          "id": "mcp-consent-metadata-only",
          "summary": "consentUi is discovery metadata and does not register or render a consent page.",
          "workaround": "Provide and validate a host-owned consent experience outside the package.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#consent-metadata-not-a-rendered-page"
        },
        {
          "id": "mcp-code-handoff-incomplete",
          "summary": "The Grantex authorization code is not persisted for the token handler, so end-to-end issuance can fail.",
          "workaround": "Use a primary Grantex SDK flow until a corrected MCP Auth release is published.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#deployment-behavior-in-202"
        },
        {
          "id": "mcp-no-live-revocation-lookup",
          "summary": "Middleware and introspection validate signatures and claims but do not query current revocation state.",
          "workaround": "Perform an online grant-state check or synchronize revocation data at the enforcement point.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#deployment-behavior-in-202"
        },
        {
          "id": "mcp-token-issued-hook-unused",
          "summary": "onTokenIssued is declared by the configuration type but is not invoked by the token endpoint.",
          "workaround": "Do not depend on onTokenIssued in version 2.0.2; perform required post-issuance work in the host application.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#lifecycle-hooks"
        },
        {
          "id": "mcp-redirect-allowlist-not-global",
          "summary": "allowedRedirectUris does not provide server-wide redirect URI enforcement in version 2.0.2.",
          "workaround": "Validate redirect URIs in the host authorization policy and review each client registration before approval.",
          "workaroundUrl": "https://docs.grantex.dev/features/mcp-auth-server#configuration-reference"
        }
      ]
    }
  ]
}
