Add secrets to protocol

[kaifaust]

Pull Request

Description

This change introduces secrets management to the Agent Protocol. So far, it just changes the schema and needs further evaluation of impact on SDK and other considerations.

Checklist

Please review and check the following items to ensure your pull request can be processed smoothly:

• [ ] My code adheres to the project's coding standards and style guidelines.

• [ ] I have tested my changes thoroughly, including unit tests where applicable.

• [ ] I have updated the documentation to reflect any changes made in this pull request.

• [ ] My branch is up-to-date with the latest changes from the main branch.

• [ ] I have received code review feedback and addressed any comments or concerns.

Additional Notes

If there are any additional details or considerations that reviewers should be aware of, please provide them here.

References, Fixes and Closes

List any other pull requests or issues that this pull request references, fixes, or closes, if applicable.

• References #related_issue_number
• Fixes #related_issue_number
• Closes #related_issue_number

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

| Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **agentprotocolai** | ⬜️ Ignored ([Inspect](https://vercel.com/ai-engineers-foundation/agentprotocolai/AQFho1drkguHWTDVuSp2xAeTddBe)) | [Visit Preview](https://agentprotocolai-git-fork-kaifaus-8ee500-ai-engineers-foundation.vercel.app) | | Feb 6, 2024 5:30pm |

[ntindle]

in what case would you need to get a secret vs only set it? I don't see a strong use case for read/write secrets

[kaifaust]

Thanks to @ntindle 's question, and attempting to answer it by writing an example python app, I've concluded that he's right: Agent Protocol should not include secrets management.

I did not fully consider how secrets are handled in the real world. Keeping secrets management separate allows the Agent Protocol to remain focused on its primary role of facilitating agent interactions and task executions. Secrets also seem irrelevant to benchmarking.

Therefore, I'm closing this PR and redacting this proposal.

The inspiration for this proposal was to enable an ecosystem of AI agents that can interact with Third-Party APIs autonomously. My thinking now is that this problem entirely belongs to a separate protocol.

[ntindle]

I could see a strong reason to upload secrets to agents to use on your behalf so I still see value for this

[kaifaust]

What's the reason you're imagining? It seems like uploading secrets can happen outside the agent, and the application can inform an agent of the existence of a secret. I'll re-open this PR until we establish consensus.

[ntindle]

Imagine I’m a user of AutoGPT, I want to upload a secret for using huggingface or open ai.

It would allow eliminating the need for setting many of our existing environment variables

[kaifaust]

Initiating 1-on-1 dialog with @ntindle to reach mutual understanding, I will update this thread when we accomplish that.

[kaifaust]

This latest commit features changes according to my best understanding of discussions between myself and @ntindle. A summary of the new schema design:

paths

• '/ap/v1/agent/secrets'
• GET: listAgentSecretKeys
• POST: addAgentSecret

components

• TaskSecretKeysListResponse
• SecretKey
• SecretRequestBody

[kaifaust]

I added a deletion endpoint, fixed a response component name for semantic accuracy, and updated the RFC with a detailed Design section.

[kaifaust]

AutoGPT doesn't have an immediate need for this feature, and there are no other companies currently expressing immediate need, so I will close this PR until that changes.