Skip to content

Spec Proposal: Agent Release Policy — Version Availability, Migration Windows & Pre-Release Signaling #55

Description

@ejoaquin

The Problem

Agents evolve. Breaking changes ship. Consumers need time to migrate. Yet today, ARD provides no mechanism for publishers to communicate:

  1. How many versions are concurrently available — Can consumers still use v1.x while v2.0 is live? For how long?
  2. What's coming next — Is a breaking change imminent? Can I discover preview/beta versions to plan ahead?
  3. Migration expectations — How long do I have before the old version disappears? Will I be force-upgraded?
  4. Impact assessment — Is this a minor patch or a rewrite that breaks my integration?

The existing spec has only an optional version string with no semantics. #45 (@marianogonzalez) adds lifecycle and deprecation — which answers "this version is dying." But consumers also need the forward-looking signal: "here's what's coming, when, and what it means for you."

This is especially critical in multi-registry/federated environments where consumers may be in a different organization than the publisher, with no out-of-band channel to learn about upcoming changes.

Prior Art & Dependencies

  • Spec Proposal: No Lifecycle or Deprecation Model #45 (@marianogonzalez) — Lifecycle / Deprecation Model: Defines deprecated.replacedBy, endOfLifeDate, breakingChanges, migrationGuide. Our proposal is the forward-looking complement — signaling what's coming before deprecation happens, and formalizing the multi-version availability contract.
  • Spec Proposal: Deployment metadata #44 (@marianogonzalez) — Deployment Metadata: Different versions may have different instance deployments (v2 only in us-east-1 during canary). Release policy and deployment metadata compose naturally.
  • Spec Proposal: Dependencies manifest #42 (@marianogonzalez) — Dependencies Manifest: A new version may change its dependency requirements (e.g., identityType moves from API key to OBO). Release notes should surface dependency-breaking changes so consumers can pre-flight before upgrading.
  • Semver (semver.org) — Industry standard for version numbering. This proposal does not mandate semver but provides a field to declare the versioning strategy.

Proposal: releasePolicy

Add an optional releasePolicy object to catalog entries that communicates the publisher's version management contract:

{
  "identifier": "urn:air:acme.com:finance:invoice-processor",
  "version": "2.0.0",
  "releasePolicy": {
    "versioningStrategy": "semver",
    "concurrentVersionsSupported": 2,
    "migrationWindow": "P90D",
    "availableVersions": [
      {
        "version": "1.5.2",
        "status": "stable",
        "releasedAt": "2025-11-01T00:00:00Z",
        "supportedUntil": "2027-01-01T00:00:00Z",
        "url": "https://api.acme.com/agents/invoice/v1"
      },
      {
        "version": "2.0.0",
        "status": "stable",
        "releasedAt": "2026-06-01T00:00:00Z",
        "lastModifiedAt": "2026-06-25T14:00:00Z",
        "contentDigest": "sha256:a3f2b8c9d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1",
        "url": "https://api.acme.com/agents/invoice/v2"
      },
      {
        "version": "3.0.0-beta",
        "status": "preview",
        "expectedRelease": "2026-09-01T00:00:00Z",
        "url": "https://preview.acme.com/agents/invoice/v3"
      }
    ],
    "releaseNotes": {
      "3.0.0-beta": {
        "breakingChanges": [
          "Authentication changed from API key to OAuth2",
          "Response schema now uses ISO 8601 dates",
          "Removed legacy XML output format"
        ],
        "newCapabilities": ["batch_processing", "multi_currency"],
        "removedCapabilities": ["xml_export"],
        "dependencyChanges": [
          {
            "identifier": "urn:air:salesforce.com:mcp:sales-cloud",
            "change": "minVersion bumped from 2.x to 3.0.0"
          }
        ],
        "impactAssessment": "high",
        "migrationGuide": "https://docs.acme.com/invoice-v3-migration"
      }
    },
    "deprecationPolicy": {
      "minimumNotice": "P60D",
      "gracePeriodAfterEOL": "P30D",
      "forceUpgradeAllowed": false
    }
  }
}

Field Definitions

Top-Level Fields

Field Type Required Description
versioningStrategy string OPTIONAL Versioning scheme used (semver, calver, incremental, custom)
concurrentVersionsSupported integer OPTIONAL How many versions the publisher runs simultaneously (e.g., 2 = current + previous)
migrationWindow duration (ISO 8601) OPTIONAL Default time given to consumers between a new release and the previous version's EOL
availableVersions array REQUIRED All currently available (or announced) versions
releaseNotes object OPTIONAL Keyed by version string; describes changes
deprecationPolicy object OPTIONAL Publisher's commitment on how deprecation is handled

availableVersions[] Entry

Field Type Required Description
version string REQUIRED Version identifier
status enum REQUIRED preview
releasedAt datetime OPTIONAL When this version became available
expectedRelease datetime OPTIONAL For preview — when GA is planned
lastModifiedAt datetime OPTIONAL When this version's card content was last updated (without a version bump). Consumers can use this to detect if their cached discovery result is stale
contentDigest string OPTIONAL Hash of the version's card content (algorithm-prefixed, e.g. sha256:...). Enables consumers to verify their cached copy matches the current canonical content without re-fetching the full card
supportedUntil datetime OPTIONAL When support/availability ends
url uri OPTIONAL Version-specific endpoint (if different from the entry's url)

releaseNotes[version]

Field Type Description
breakingChanges string[] What breaks from previous version
newCapabilities string[] What's added
removedCapabilities string[] What's removed
dependencyChanges object[] Changes in downstream dependencies (links to #42)
impactAssessment enum low
migrationGuide uri Link to detailed migration documentation

deprecationPolicy

Field Type Description
minimumNotice duration Minimum time between deprecation announcement and actual EOL
gracePeriodAfterEOL duration How long after EOL the version remains accessible (read-only / best-effort)
forceUpgradeAllowed boolean Whether the publisher reserves the right to force-redirect old version calls to new

Discovery Value

Capability What it enables
Pre-release visibility Agents/consumers discover upcoming versions before they go live — plan integration work
Multi-version pinning Consumers know they can safely stay on v1.x until supportedUntil
Breaking change awareness impactAssessment: high + breakingChanges = don't auto-upgrade blindly
Dependency pre-flight dependencyChanges tells you if your credentials/access still work after upgrade
Predictable sunset deprecationPolicy.minimumNotice = contractual guarantee on migration time
Consumer-side freshness lastModifiedAt + contentDigest lets any consumer detect if their cached v2.0 card has gone stale — even without a version bump
Cache invalidation signal Agents can compare contentDigest locally before re-fetching, reducing unnecessary network calls while ensuring accuracy
Consumer choice forceUpgradeAllowed: false = publisher commits to not pulling the rug
Preview/canary discovery Discover beta versions with separate URLs without polluting production results

Interaction With Other Proposals

Proposal How releasePolicy interacts
#45 (Lifecycle) releasePolicy is the forward-looking complement to #45's deprecation model. Together: #45 says "v1 is deprecated"; releasePolicy says "v3 is coming in 90 days with these breaking changes"
#42 (Dependencies) releaseNotes.dependencyChanges surfaces when a new version changes its downstream requirements
#44 (Deployment) A preview version may only be deployed in specific regions/environments — availableVersions[].url can point at the preview instance
Federation (registry interop) When federated, releasePolicy syncs from canonical source — downstream registries get visibility into the publisher's release timeline

Discussion Questions

  1. Should availableVersions include all historical versions (full changelog) or only currently-accessible ones?
  2. Should status: "preview" entries be excluded from default search results (opt-in discovery)?
  3. Is impactAssessment (low/medium/high) too subjective? Should we define criteria, or leave it publisher-declared?
  4. Should deprecationPolicy be per-version or per-agent (i.e., does the publisher commit to the same policy for all versions)?
  5. How does this interact with version range queries in §7.1 search facets (e.g., "find agents with stable versions ≥ 2.0")?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions