Feature request
The OpenAPI Initiative recently merged a new vendor extension into the official Extensions Registry:
https://spec.openapis.org/registry/extension/x-agent-trust.html
x-agent-trust is designed for APIs that serve AI agents. It sits inside securitySchemes and carries the signing algorithm, trust level vocabulary, JWKS endpoint, and verification mode. It pairs with an apiKey security scheme that uses Agent-Signature as the header.
Example:
components:
securitySchemes:
AgentTrust:
type: apiKey
name: Agent-Signature
in: header
x-agent-trust:
algorithm: ECDSA-P256-SHA256
trust-levels:
- L0-UNTRUSTED
- L1-RESTRICTED
- L2-STANDARD
- L3-ELEVATED
- L4-FULL
minimum-trust-level: L2-STANDARD
jwks-uri: https://example.com/.well-known/agent-trust-keysWhat I'd like
Swagger UI currently renders vendor extensions as raw JSON when the "display extensions" option is enabled. For x-agent-trust specifically, it would be helpful if Swagger UI could render the extension in the security scheme view with:
- Trust level vocabulary listed clearly
- Minimum trust level highlighted
- JWKS URI as a clickable link
- Algorithm shown alongside the header name
This is a UI-only ask. No change needed to OpenAPI parsing -- Swagger UI already reads the extension, it just displays as a generic JSON blob today.
Why
As AI agents start calling APIs at scale, developers viewing an OpenAPI spec in Swagger UI need to understand the trust requirements at a glance. The extension is now registered at the OpenAPI Initiative, so this is an official extension rather than a vendor-specific one.
Happy to contribute a PR if the direction is of interest. Raising as an issue first to get feedback on the approach.
Feature request
The OpenAPI Initiative recently merged a new vendor extension into the official Extensions Registry:
https://spec.openapis.org/registry/extension/x-agent-trust.html
x-agent-trustis designed for APIs that serve AI agents. It sits insidesecuritySchemesand carries the signing algorithm, trust level vocabulary, JWKS endpoint, and verification mode. It pairs with anapiKeysecurity scheme that usesAgent-Signatureas the header.Example:
What I'd like
Swagger UI currently renders vendor extensions as raw JSON when the "display extensions" option is enabled. For
x-agent-trustspecifically, it would be helpful if Swagger UI could render the extension in the security scheme view with:This is a UI-only ask. No change needed to OpenAPI parsing -- Swagger UI already reads the extension, it just displays as a generic JSON blob today.
Why
As AI agents start calling APIs at scale, developers viewing an OpenAPI spec in Swagger UI need to understand the trust requirements at a glance. The extension is now registered at the OpenAPI Initiative, so this is an official extension rather than a vendor-specific one.
Happy to contribute a PR if the direction is of interest. Raising as an issue first to get feedback on the approach.