Skip to content

Releases: ProwlrBot/roar-protocol

v0.3.2 — RedisTokenStore, AgentCard attestation

16 Mar 22:35
@kdairatchi kdairatchi
v0.3.2
5937a52

Choose a tag to compare

View all tags
v0.3.2 — RedisTokenStore, AgentCard attestation Latest
Latest

What's new

Both SDKs:

  • RedisTokenStore — atomic multi-worker token store (Redis INCR)
  • AgentCard signed attestation (signAgentCard / verifyAgentCard) — mitigates hub discovery poisoning

Python: 76/76 tests passing · pip install roar-sdk==0.3.2
TypeScript: 30/30 golden + 10 unit tests · npm install @roar-protocol/sdk@0.3.2

Bug fixes

  • Added base58>=1.0 to core deps (was missing, broke did:key resolution on clean installs)
Assets 2
Loading

ROAR Protocol SDK v0.3.1

16 Mar 20:49
@kdairatchi kdairatchi
v0.3.1
73d112e

Choose a tag to compare

View all tags
ROAR Protocol SDK v0.3.1

Added StrictMessageVerifier to both SDKs — production-grade receiver with scheme allowlist, recipient DID
binding, directional timestamp checks (age + future skew), and replay detection via IdempotencyGuard.

Loading

ROAR Protocol SDK v0.3.0

16 Mar 20:08
@kdairatchi kdairatchi
v0.3.0
961834c

Choose a tag to compare

View all tags
ROAR Protocol SDK v0.3.0

Changelog

All notable changes to the ROAR Protocol specification and reference SDKs are documented here.

Format: [version] — date — description

[Python SDK 0.3.0] — 2026-03-16

Security (audit fixes)

  • Enforce DelegationToken.max_uses server-side — tokens with exhausted use counts are now rejected at the server layer, not just flagged by is_valid()
  • Timestamp replay window enforced strictly: messages older than 300 seconds are rejected
  • Empty auth: {} field now causes the server to return 403 rather than silently passing

Changed

  • __version__ aligned to 0.3.0 to match pyproject.toml
  • Added py.typed marker (PEP 561) so mypy and pyright recognise inline type annotations

[TypeScript SDK 0.3.0] — 2026-03-16

Security (audit fixes, aligned with Python SDK 0.3.0)

  • verifyMessage now enforces the 300-second replay window
  • Package version bumped from 1.0.0 to 0.3.0 to match spec maturity and Python SDK

Changed

  • Import paths in examples changed from repo-relative paths to @roar-protocol/sdk package imports

[Python SDK 0.2.1] — 2026-03-13

Fixed

  • Minor bug fixes in ROARClient HTTP error handling
  • AgentDirectory.search() now returns an empty list (not None) when no agents match

[Python SDK 0.2.0] — 2026-03-12

Added

  • Initial public release of standalone roar-sdk Python package
  • AgentIdentity, AgentCard, AgentDirectory, ROARMessage, MessageIntent
  • ROARClient (HTTP), ROARServer (FastAPI), ROARHub
  • Ed25519 asymmetric signing (roar_sdk.signing)
  • DelegationToken, issue_token, verify_token
  • DID method support: did:roar, did:key, did:web
  • SQLiteAgentDirectory for persistent discovery
  • DiscoveryCache, IdempotencyGuard, AutonomyLevel
  • MCP, A2A, and ACP protocol adapters

[0.2.0] — 2026-03-12

Added

  • ROAR-SPEC.md — umbrella specification document linking all 5 layers
  • SDK-ROADMAP.md — implementation status and open tasks for Python/TS SDKs
  • spec/schemas/ — JSON Schemas for AgentIdentity, ROARMessage, StreamEvent
  • examples/python/ — runnable echo server and client
  • tests/conformance/ — language-agnostic golden fixtures
  • .github/ISSUE_TEMPLATE/spec_change.md — RFC template for spec proposals
  • Scope section in README clarifying spec vs SDK
  • "Where's the code?" section in README linking to both SDK implementations
  • "Implement ROAR in 5 steps" quickstart in README
  • Concrete scenario in README showing cross-layer message flow
  • Security model section in README (HMAC vs Ed25519, end-to-end signing flow)
  • HTTP endpoints table in ROAR-SPEC.md

Changed

  • README: Fixed incorrect intent names (request/response/subscribe/unsubscribe/error/cancelexecute/delegate/update/ask/respond/notify/discover)
  • README: Added branding and origin story from @kdairatchi
  • spec/VERSION.json: Added python_sdk_min_version and ts_sdk_min_version fields

[0.1.0] — 2026-03-11

Added

  • Initial spec: spec/01-identity.md through spec/05-stream.md
  • README.md with 5-layer overview and comparison table
  • INSTALL.md — ProwlrBot as reference implementation
  • CONTRIBUTING.md, SECURITY.md, LICENSE (MIT)
  • spec/VERSION.json with spec v0.1.0 declaration
  • CI workflow (.github/workflows/ci.yml)
Loading

ROAR Protocol SDK v0.2.2

13 Mar 16:34
@kdairatchi kdairatchi
v0.2.2
0df3830

Choose a tag to compare

View all tags
ROAR Protocol SDK v0.2.2

Full Changelog: v0.2.1...v0.2.2

ROAR Protocol SDK v0.2.2

Real-time Open Agent Runtime — first stable release.

What's in the box

TypeScript SDK (@roar-protocol/sdk)

Zero external dependencies. Node.js 18+. 30/30 conformance.

Layer 1 — Identity

  • Ed25519 key generation and signing
  • did:roar, did:key, did:web DID methods
  • W3C DID Documents
  • Cryptographic delegation tokens with TTL + autonomy levels
  • WATCH → GUIDE → DELEGATE → AUTONOMOUS capability model

Layer 2 — Discovery

  • In-memory AgentDirectory
  • SQLite-backed persistent directory (node:sqlite, zero deps)
  • TTL+LRU DiscoveryCache

Layer 3 — Connect

  • HTTP transport (ROARClient, ROARServer)
  • Native WebSocket (RFC 6455, no ws library)
  • Server-Sent Events
  • stdio transport for CLI agents

Layer 4 — Exchange

  • 7 message intents: execute, delegate, update, ask, respond, notify, discover
  • HMAC-SHA256 signing — byte-for-byte compatible with the Python SDK
  • Protocol auto-detection: ROAR / MCP / A2A / ACP

Layer 5 — Stream

  • EventBus with AIMD backpressure
  • Replay-safe IdempotencyGuard

Python SDK

30/30 conformance. Feature-complete across all 5 layers, including ROARHub with federation.

Security

Full security audit completed. All Critical/High/Medium findings resolved.

  • timingSafeEqual throughout — no timing oracles
  • 1 MiB caps on all network inputs
  • Path canonicalization on SQLite directory
  • trustProxy flag for X-Forwarded-For (off by default)

CI

GitHub Actions runs typecheck + 30-check conformance suite on every PR.

Install

npm install @roar-protocol/sdk

Links

- ./SPEC.md · ./SDK-ROADMAP.md · ./SECURITY-AUDIT-FINAL.md

---

## Your Manual Steps

**1. npm publish** — run this from your terminal:
```bash
cd /home/anon/dev/roar-protocol/ts
npm run build
npm publish --provenance --access public
(Requires npm login + 2FA. --provenance ties the package to the GitHub Actions run — supply chain proof.)

2. GitHub Release — go to github.com/ProwlrBot/roar-protocol/releases/new, tag v1.0.0, paste the release notes above.

3. Tweet copy (I'll draft one):

Just shipped ROAR Protocol SDK v0.2.1 🎉

Real-time Open Agent Runtime — a 5-layer protocol for agents that discover each other, sign messages, delegate capabilities, and
stream events.

• Zero external deps (Node 18+ built-ins only)
• 30/30 conformance, security audited
• TypeScript + Python, cross-language signatures
• did:key, did:web, W3C DID Documents

npm install @roar-protocol/sdk

github.com/ProwlrBot/roar-protocol

---
v0.2.0 roadmap (for after launch):
- WebCrypto async signing (crypto.subtle) — makes the TS SDK browser/Deno/Worker native
- Python DelegationToken server-side use-count enforcement
- ROARHub federation in TypeScript
Loading

v0.2.1

13 Mar 07:30
@kdairatchi kdairatchi
v0.2.1
428b229

Choose a tag to compare

View all tags
v0.2.1

Fix: DelegationToken use_count now enforced server-side. Add: TypeScript WebSocket
transport.

Loading

ROAR Protocol v0.2.0 — First Public Release

13 Mar 07:13
@kdairatchi kdairatchi
v0.2.0
f367c18

Choose a tag to compare

View all tags
ROAR Protocol v0.2.0 — First Public Release

Both SDKs live: pip install roar-sdk | npm install @roar-protocol/sdk

5-layer agent protocol: Identity, Discovery, Connect, Exchange, Stream.
MCP + A2A + ACP adapters. Ed25519 + HMAC signing. 30/30 conformance.

Spec: https://github.com/ProwlrBot/roar-protocol/blob/main/ROAR-SPEC.md
Architecture: https://github.com/ProwlrBot/roar-protocol/blob/main/ARCHITECTURE.md

Loading