@axiom-lattice/gateway 2.1.89 → 2.1.90

package/dist/index.js

@@ -68,6 +68,578 @@ var init_sender = __esm({
   }
 });
 
+// src/routes/a2a.ts
+var a2a_exports = {};
+__export(a2a_exports, {
+  refreshStoreKeyMap: () => refreshStoreKeyMap,
+  registerA2ARoutes: () => registerA2ARoutes,
+  setA2AKeyStore: () => setA2AKeyStore
+});
+function setA2AKeyStore(store) {
+  _a2aKeyStore = store;
+}
+async function refreshStoreKeyMap() {
+  if (!_a2aKeyStore) return;
+  _storeKeyMap = await _a2aKeyStore.loadIntoMap();
+}
+function parseEnvKeyMap() {
+  const keysEnv = process.env.A2A_API_KEYS || "";
+  const defaultTenantId = process.env.A2A_DEFAULT_TENANT_ID || "a2a-default-tenant";
+  const defaultProjectId = process.env.A2A_DEFAULT_PROJECT_ID || "";
+  const defaultWorkspaceId = process.env.A2A_DEFAULT_WORKSPACE_ID || "";
+  const map = /* @__PURE__ */ new Map();
+  if (keysEnv) {
+    keysEnv.split(",").forEach((entry) => {
+      const trimmed = entry.trim();
+      if (!trimmed) return;
+      const parts = trimmed.split(":");
+      const key = parts[0];
+      if (!key) return;
+      map.set(key, {
+        key,
+        tenantId: parts[1]?.trim() || defaultTenantId,
+        projectId: parts[2]?.trim() || defaultProjectId || void 0,
+        workspaceId: parts[3]?.trim() || defaultWorkspaceId || void 0
+      });
+    });
+  }
+  return map;
+}
+function getA2AConfig() {
+  const envMap = parseEnvKeyMap();
+  const apiKeyMap = new Map([..._storeKeyMap, ...envMap]);
+  return {
+    agentName: process.env.A2A_AGENT_NAME || "Axiom Lattice Agent",
+    agentDescription: process.env.A2A_AGENT_DESCRIPTION || "AI agent powered by Axiom Lattice framework",
+    organization: process.env.A2A_ORGANIZATION || "Axiom Lattice",
+    organizationUrl: process.env.A2A_ORGANIZATION_URL || "https://axiom-lattice.ai",
+    version: process.env.A2A_VERSION || "1.0.0",
+    defaultAssistantId: process.env.A2A_DEFAULT_AGENT_ID || "",
+    defaultTenantId: process.env.A2A_DEFAULT_TENANT_ID || "a2a-default-tenant",
+    defaultProjectId: process.env.A2A_DEFAULT_PROJECT_ID || "",
+    defaultWorkspaceId: process.env.A2A_DEFAULT_WORKSPACE_ID || "",
+    apiKeyMap
+  };
+}
+function authenticateA2A(request) {
+  const config = getA2AConfig();
+  const noAuthRequired = config.apiKeyMap.size === 0;
+  const token = request.headers.authorization?.startsWith("Bearer ") ? request.headers.authorization.substring(7) : request.headers["x-api-key"];
+  if (!token) {
+    return {
+      authenticated: noAuthRequired,
+      tenantId: config.defaultTenantId,
+      projectId: config.defaultProjectId || void 0,
+      workspaceId: config.defaultWorkspaceId || void 0
+    };
+  }
+  const entry = config.apiKeyMap.get(token);
+  if (entry) {
+    return {
+      authenticated: true,
+      apiKey: token,
+      tenantId: entry.tenantId,
+      projectId: entry.projectId,
+      workspaceId: entry.workspaceId,
+      source: request.headers.authorization?.startsWith("Bearer ") ? "bearer" : "x-api-key"
+    };
+  }
+  return { authenticated: false };
+}
+function requireAuth(request, reply) {
+  const auth = authenticateA2A(request);
+  if (!auth.authenticated) {
+    reply.status(401).send({
+      error: "Unauthorized",
+      message: "Valid API key required via Bearer token or X-API-Key header"
+    });
+  }
+  return auth;
+}
+function buildAgentCard(baseUrl) {
+  const config = getA2AConfig();
+  return {
+    name: config.agentName,
+    description: config.agentDescription,
+    url: `${baseUrl}/api/a2a`,
+    provider: {
+      organization: config.organization,
+      url: config.organizationUrl
+    },
+    version: config.version,
+    capabilities: {
+      streaming: true,
+      pushNotifications: false,
+      stateTransitionHistory: false
+    },
+    defaultInputModes: ["text", "text/plain"],
+    defaultOutputModes: ["text", "text/plain", "text/markdown"],
+    skills: []
+  };
+}
+function extractTextFromParts(parts) {
+  return parts.filter((p) => p.type === "text").map((p) => p.text).join("\n");
+}
+function buildTextPart(text) {
+  return { type: "text", text };
+}
+function isoNow() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+async function streamChunksAsA2A(stream, taskId, sendEvent, onInterrupt) {
+  let accumulatedText = "";
+  for await (const chunk of stream) {
+    const chunkText = chunk.data?.content || "";
+    const chunkType = chunk.type;
+    if (chunkType === import_protocols4.MessageChunkTypes.INTERRUPT) {
+      sendEvent("status-update", {
+        id: taskId,
+        status: {
+          state: "input-required",
+          message: {
+            role: "agent",
+            parts: [buildTextPart(accumulatedText)]
+          },
+          timestamp: isoNow()
+        },
+        final: false
+      });
+      onInterrupt?.();
+      continue;
+    }
+    if (chunkType === import_protocols4.MessageChunkTypes.AI || chunkType === import_protocols4.MessageChunkTypes.TOOL) {
+      if (chunkText) {
+        accumulatedText += chunkText;
+        sendEvent("status-update", {
+          id: taskId,
+          status: {
+            state: "working",
+            message: {
+              role: "agent",
+              parts: [buildTextPart(chunkText)]
+            },
+            timestamp: isoNow()
+          },
+          final: false
+        });
+      }
+    }
+  }
+  return accumulatedText;
+}
+async function getTaskStatus(taskId) {
+  const record = taskStore.get(taskId);
+  if (!record) return null;
+  return {
+    id: record.id,
+    status: {
+      state: record.status,
+      timestamp: record.updatedAt
+    },
+    artifacts: [],
+    history: record.history
+  };
+}
+async function handleAgentCard(request, reply) {
+  const protocol = request.headers["x-forwarded-proto"] || request.protocol;
+  const host = request.hostname;
+  const baseUrl = `${protocol}://${host}`;
+  const card = buildAgentCard(baseUrl);
+  reply.status(200).send(card);
+}
+async function handleTasksGet(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  const task = await getTaskStatus(request.params.taskId);
+  if (!task) {
+    reply.status(404).send({ error: "Task not found" });
+    return;
+  }
+  reply.status(200).send(task);
+}
+async function handleTasksSend(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  const config = getA2AConfig();
+  const body = request.body;
+  if (!body.message || !body.message.parts || body.message.parts.length === 0) {
+    reply.status(400).send({ error: "message.parts is required" });
+    return;
+  }
+  const text = extractTextFromParts(body.message.parts);
+  if (!text.trim()) {
+    reply.status(400).send({ error: "message must contain text content" });
+    return;
+  }
+  const assistantId = request.headers["x-a2a-agent-id"] || config.defaultAssistantId;
+  if (!assistantId) {
+    reply.status(500).send({
+      error: "No agent configured",
+      message: "Set A2A_DEFAULT_AGENT_ID env var or provide x-a2a-agent-id header"
+    });
+    return;
+  }
+  const taskId = body.id || (0, import_uuid9.v4)();
+  const threadId = (0, import_uuid9.v4)();
+  const tenantId = auth.tenantId || config.defaultTenantId;
+  const now = isoNow();
+  const record = {
+    id: taskId,
+    threadId,
+    assistantId,
+    tenantId,
+    projectId: auth.projectId || void 0,
+    workspaceId: auth.workspaceId || void 0,
+    status: "working",
+    createdAt: now,
+    updatedAt: now,
+    history: [
+      {
+        role: "user",
+        parts: body.message.parts
+      }
+    ]
+  };
+  taskStore.set(taskId, record);
+  let agent;
+  try {
+    agent = import_core31.agentInstanceManager.getAgent({
+      assistant_id: assistantId,
+      thread_id: threadId,
+      tenant_id: tenantId,
+      workspace_id: auth.workspaceId || void 0,
+      project_id: auth.projectId || void 0
+    });
+  } catch (err) {
+    record.status = "failed";
+    record.updatedAt = isoNow();
+    reply.status(500).send({
+      id: taskId,
+      error: "Failed to initialize agent",
+      message: err instanceof Error ? err.message : String(err)
+    });
+    return;
+  }
+  reply.hijack();
+  reply.raw.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    Connection: "keep-alive",
+    "Access-Control-Allow-Origin": "*"
+  });
+  const sendEvent = (event, data) => {
+    reply.raw.write(`event: ${event}
+data: ${JSON.stringify(data)}
+
+`);
+  };
+  try {
+    const result = await agent.addMessage({
+      input: { message: text }
+    });
+    record.messageId = result.messageId;
+    const stream = agent.chunkStream(result.messageId, [
+      import_protocols4.MessageChunkTypes.MESSAGE_COMPLETED
+    ]);
+    const accumulatedText = await streamChunksAsA2A(stream, taskId, sendEvent, () => {
+      record.status = "input-required";
+      record.updatedAt = isoNow();
+    });
+    record.status = "completed";
+    record.updatedAt = isoNow();
+    record.history.push({
+      role: "agent",
+      parts: [buildTextPart(accumulatedText)]
+    });
+    sendEvent("status-update", {
+      id: taskId,
+      status: {
+        state: "completed",
+        timestamp: isoNow()
+      },
+      final: true
+    });
+  } catch (err) {
+    record.status = "failed";
+    record.updatedAt = isoNow();
+    sendEvent("error", {
+      code: "EXECUTION_ERROR",
+      message: err instanceof Error ? err.message : String(err)
+    });
+    sendEvent("status-update", {
+      id: taskId,
+      status: {
+        state: "failed",
+        timestamp: isoNow()
+      },
+      final: true
+    });
+  } finally {
+    reply.raw.end();
+  }
+}
+async function handleTasksCancel(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  const { taskId } = request.params;
+  const record = taskStore.get(taskId);
+  if (!record) {
+    reply.status(404).send({ error: "Task not found" });
+    return;
+  }
+  if (record.status === "completed" || record.status === "failed" || record.status === "canceled") {
+    reply.status(409).send({
+      error: "Task is already in a terminal state",
+      task: { id: record.id, status: record.status }
+    });
+    return;
+  }
+  try {
+    const agent = import_core31.agentInstanceManager.getAgent({
+      assistant_id: record.assistantId,
+      thread_id: record.threadId,
+      tenant_id: record.tenantId,
+      workspace_id: record.workspaceId,
+      project_id: record.projectId
+    });
+    await agent.abort();
+  } catch (err) {
+    console.warn({
+      event: "a2a:cancel:no_agent",
+      taskId,
+      threadId: record.threadId,
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+  record.status = "canceled";
+  record.updatedAt = isoNow();
+  reply.status(200).send({
+    id: taskId,
+    status: {
+      state: "canceled",
+      timestamp: record.updatedAt
+    }
+  });
+}
+async function handleTasksStream(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  const { taskId } = request.params;
+  const record = taskStore.get(taskId);
+  if (!record) {
+    reply.status(404).send({ error: "Task not found" });
+    return;
+  }
+  let agent;
+  try {
+    agent = import_core31.agentInstanceManager.getAgent({
+      assistant_id: record.assistantId,
+      thread_id: record.threadId,
+      tenant_id: record.tenantId,
+      workspace_id: record.workspaceId,
+      project_id: record.projectId
+    });
+  } catch {
+    reply.status(404).send({
+      error: "Agent session not found. The task may have already completed."
+    });
+    return;
+  }
+  reply.hijack();
+  reply.raw.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    Connection: "keep-alive",
+    "Access-Control-Allow-Origin": "*"
+  });
+  const sendEvent = (event, data) => {
+    reply.raw.write(`event: ${event}
+data: ${JSON.stringify(data)}
+
+`);
+  };
+  if (!record.messageId) {
+    sendEvent("status-update", {
+      id: taskId,
+      status: {
+        state: record.status,
+        timestamp: record.updatedAt
+      },
+      final: true
+    });
+    reply.raw.end();
+    return;
+  }
+  try {
+    const stream = agent.chunkStream(record.messageId, [
+      import_protocols4.MessageChunkTypes.MESSAGE_COMPLETED
+    ]);
+    await streamChunksAsA2A(stream, taskId, sendEvent);
+    sendEvent("status-update", {
+      id: taskId,
+      status: {
+        state: record.status,
+        timestamp: record.updatedAt
+      },
+      final: true
+    });
+  } catch (err) {
+    sendEvent("error", {
+      code: "STREAM_ERROR",
+      message: err instanceof Error ? err.message : String(err)
+    });
+  } finally {
+    reply.raw.end();
+  }
+}
+async function handleApiKeyList(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  const records = await _a2aKeyStore.list({
+    tenantId: request.query.tenantId,
+    limit: request.query.limit ? parseInt(request.query.limit, 10) : void 0,
+    offset: request.query.offset ? parseInt(request.query.offset, 10) : void 0
+  });
+  reply.status(200).send({
+    success: true,
+    data: {
+      records: records.map((r) => ({ ...r, key: r.key.slice(0, 8) + "..." })),
+      total: records.length
+    }
+  });
+}
+async function handleApiKeyCreate(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  const body = request.body;
+  const tenantId = body.tenantId || request.headers["x-tenant-id"] || auth.tenantId;
+  const projectId = body.projectId || request.headers["x-project-id"] || auth.projectId || "default";
+  const workspaceId = body.workspaceId || request.headers["x-workspace-id"] || auth.workspaceId;
+  if (!tenantId) {
+    reply.status(400).send({
+      error: "tenantId is required",
+      message: "Provide via body.tenantId, x-tenant-id header, or authenticate with a scoped API key"
+    });
+    return;
+  }
+  const record = await _a2aKeyStore.create({
+    tenantId,
+    projectId,
+    workspaceId,
+    label: body.label
+  });
+  await refreshStoreKeyMap();
+  reply.status(201).send({ success: true, data: record });
+}
+async function handleApiKeyDelete(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  await _a2aKeyStore.delete(request.params.id);
+  await refreshStoreKeyMap();
+  reply.status(200).send({ success: true });
+}
+async function handleApiKeyDisable(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  await _a2aKeyStore.disable(request.params.id);
+  await refreshStoreKeyMap();
+  reply.status(200).send({ success: true });
+}
+async function handleApiKeyEnable(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  await _a2aKeyStore.enable(request.params.id);
+  await refreshStoreKeyMap();
+  reply.status(200).send({ success: true });
+}
+async function handleApiKeyRotate(request, reply) {
+  const auth = requireAuth(request, reply);
+  if (!auth.authenticated) return;
+  if (!_a2aKeyStore) {
+    reply.status(501).send({ error: "Key store not configured" });
+    return;
+  }
+  const record = await _a2aKeyStore.rotate(request.params.id);
+  await refreshStoreKeyMap();
+  reply.status(200).send({ success: true, data: record });
+}
+function registerA2ARoutes(app2) {
+  app2.get("/api/a2a/.well-known/agent.json", handleAgentCard);
+  app2.get("/api/a2a/.well-known/agent-card.json", handleAgentCard);
+  app2.post(
+    "/api/a2a/tasks/send",
+    handleTasksSend
+  );
+  app2.get(
+    "/api/a2a/tasks/:taskId",
+    handleTasksGet
+  );
+  app2.get(
+    "/api/a2a/tasks/:taskId/stream",
+    handleTasksStream
+  );
+  app2.post(
+    "/api/a2a/tasks/:taskId/cancel",
+    handleTasksCancel
+  );
+  app2.get(
+    "/api/a2a/keys",
+    handleApiKeyList
+  );
+  app2.post(
+    "/api/a2a/keys",
+    handleApiKeyCreate
+  );
+  app2.delete(
+    "/api/a2a/keys/:id",
+    handleApiKeyDelete
+  );
+  app2.post(
+    "/api/a2a/keys/:id/disable",
+    handleApiKeyDisable
+  );
+  app2.post(
+    "/api/a2a/keys/:id/enable",
+    handleApiKeyEnable
+  );
+  app2.post(
+    "/api/a2a/keys/:id/rotate",
+    handleApiKeyRotate
+  );
+}
+var import_uuid9, import_core31, import_protocols4, taskStore, _a2aKeyStore, _storeKeyMap;
+var init_a2a = __esm({
+  "src/routes/a2a.ts"() {
+    "use strict";
+    import_uuid9 = require("uuid");
+    import_core31 = require("@axiom-lattice/core");
+    import_protocols4 = require("@axiom-lattice/protocols");
+    taskStore = /* @__PURE__ */ new Map();
+    _a2aKeyStore = null;
+    _storeKeyMap = /* @__PURE__ */ new Map();
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
@@ -6464,8 +7036,183 @@ function registerChannelBindingRoutes(app2) {
   app2.delete("/api/channel-bindings/:id", deleteBinding);
 }
 
+// src/routes/a2a-bridge.ts
+var import_uuid8 = require("uuid");
+var log = {
+  info(msg, ctx) {
+    console.log(JSON.stringify({ level: "info", msg, ...ctx }));
+  },
+  warn(msg, ctx) {
+    console.warn(JSON.stringify({ level: "warn", msg, ...ctx }));
+  },
+  error(msg, ctx) {
+    console.error(JSON.stringify({ level: "error", msg, ...ctx }));
+  }
+};
+var connections = /* @__PURE__ */ new Map();
+var pending = /* @__PURE__ */ new Map();
+function getAgentIdFromPath(path3) {
+  const match = path3.match(/^\/api\/a2a\/bridge\/proxy\/([^/]+)/);
+  return match ? match[1] : null;
+}
+function handleBridgeConnection(socket, _request) {
+  let agentId = null;
+  log.info("Bridge WebSocket connected");
+  socket.on("message", (raw) => {
+    let msg;
+    try {
+      msg = JSON.parse(raw.toString());
+    } catch {
+      log.warn("Bridge invalid message");
+      return;
+    }
+    switch (msg.type) {
+      case "agent:register": {
+        agentId = msg.agentId;
+        if (!agentId) {
+          socket.send(JSON.stringify({ type: "error", message: "agentId required" }));
+          socket.close();
+          return;
+        }
+        connections.set(agentId, {
+          ws: socket,
+          agentId,
+          agentCard: msg.agentCard ?? {},
+          connectedAt: Date.now()
+        });
+        log.info("Agent registered via bridge", { agentId });
+        socket.send(JSON.stringify({ type: "agent:registered", agentId }));
+        break;
+      }
+      case "http:response": {
+        const requestId = msg.requestId;
+        const p = pending.get(requestId);
+        if (p) {
+          clearTimeout(p.timer);
+          pending.delete(requestId);
+          p.resolve({
+            status: msg.status ?? 200,
+            headers: msg.headers ?? {},
+            body: msg.body ?? ""
+          });
+        }
+        break;
+      }
+      case "http:error": {
+        const requestId = msg.requestId;
+        const p = pending.get(requestId);
+        if (p) {
+          clearTimeout(p.timer);
+          pending.delete(requestId);
+          p.reject(new Error(msg.message ?? "Agent error"));
+        }
+        break;
+      }
+    }
+  });
+  socket.on("close", () => {
+    if (agentId) {
+      connections.delete(agentId);
+      log.info("Bridge WebSocket disconnected", { agentId });
+      for (const [reqId, p] of pending) {
+        if (p.agentId === agentId) {
+          clearTimeout(p.timer);
+          p.reject(new Error("Agent disconnected"));
+          pending.delete(reqId);
+        }
+      }
+    }
+  });
+  socket.on("error", (err) => {
+    log.error("Bridge WebSocket error", { agentId, error: err.message });
+  });
+}
+async function handleBridgeProxy(request, reply) {
+  const agentId = getAgentIdFromPath(request.url);
+  if (!agentId) {
+    reply.status(400).send({ error: "Agent ID not found in path" });
+    return;
+  }
+  const conn = connections.get(agentId);
+  if (!conn) {
+    reply.status(503).send({
+      error: "Agent not connected",
+      message: `Agent "${agentId}" is not connected via WebSocket bridge`
+    });
+    return;
+  }
+  const requestId = (0, import_uuid8.v4)();
+  const subPath = request.url.replace(`/api/a2a/bridge/proxy/${agentId}`, "") || "/";
+  let body;
+  if (request.method === "POST" || request.method === "PUT") {
+    body = typeof request.body === "string" ? request.body : JSON.stringify(request.body ?? {});
+  }
+  const bridgeRequest = {
+    type: "http:request",
+    requestId,
+    method: request.method,
+    path: subPath,
+    headers: {
+      "content-type": request.headers["content-type"] ?? "application/json",
+      "accept": request.headers["accept"] ?? "*/*"
+    },
+    body: body ?? ""
+  };
+  const timeout = 3e5;
+  try {
+    const response = await new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        pending.delete(requestId);
+        reject(new Error(`Bridge request timeout after ${timeout}ms`));
+      }, timeout);
+      pending.set(requestId, { resolve, reject, timer, agentId });
+      try {
+        if (conn.ws.readyState !== conn.ws.OPEN) {
+          pending.delete(requestId);
+          reject(new Error("WebSocket not open"));
+          return;
+        }
+        conn.ws.send(JSON.stringify(bridgeRequest));
+      } catch (err) {
+        clearTimeout(timer);
+        pending.delete(requestId);
+        reject(err);
+      }
+    });
+    for (const [key, value] of Object.entries(response.headers)) {
+      if (!["content-length", "transfer-encoding", "connection"].includes(key.toLowerCase())) {
+        reply.header(key, value);
+      }
+    }
+    reply.status(response.status);
+    try {
+      const parsed = JSON.parse(response.body);
+      reply.send(parsed);
+    } catch {
+      reply.send(response.body);
+    }
+  } catch (err) {
+    log.error("Bridge proxy error", { agentId, error: err.message });
+    reply.status(502).send({
+      error: "Bridge proxy error",
+      message: err.message
+    });
+  }
+}
+function registerA2ABridgeRoutes(app2) {
+  app2.get("/api/a2a/bridge", { websocket: true }, (socket, req) => {
+    handleBridgeConnection(socket, req);
+  });
+  app2.route({
+    method: ["GET", "POST", "PUT", "DELETE", "PATCH"],
+    url: "/api/a2a/bridge/proxy/*",
+    handler: handleBridgeProxy
+  });
+}
+
 // src/routes/index.ts
 var registerLatticeRoutes = (app2, channelDeps) => {
+  registerA2ABridgeRoutes(app2);
   app2.post("/api/runs", createRun);
   app2.post("/api/resume_stream", resumeStream);
   app2.post("/api/assistants/:assistantId/threads/:threadId/abort", abortRun);
@@ -7105,7 +7852,7 @@ function createAuditLoggerMiddleware() {
 }
 
 // src/index.ts
-var import_core31 = require("@axiom-lattice/core");
+var import_core32 = require("@axiom-lattice/core");
 
 // src/swagger.ts
 var import_swagger = __toESM(require("@fastify/swagger"));
@@ -7428,8 +8175,8 @@ _AgentTaskConsumer.agent_run_endpoint = "http://localhost:4001/api/runs";
 var AgentTaskConsumer = _AgentTaskConsumer;
 
 // src/index.ts
-var import_core32 = require("@axiom-lattice/core");
-var import_protocols4 = require("@axiom-lattice/protocols");
+var import_core33 = require("@axiom-lattice/core");
+var import_protocols5 = require("@axiom-lattice/protocols");
 var import_meta = {};
 process.on("unhandledRejection", (reason, promise) => {
   console.error("\u672A\u5904\u7406\u7684Promise\u62D2\u7EDD:", reason);
@@ -7437,18 +8184,18 @@ process.on("unhandledRejection", (reason, promise) => {
 var DEFAULT_LOGGER_CONFIG = {
   name: "default",
   description: "Default logger for lattice-gateway service",
-  type: import_protocols4.LoggerType.PINO,
+  type: import_protocols5.LoggerType.PINO,
   serviceName: "lattice/gateway",
   loggerName: "lattice/gateway"
 };
 var loggerLattice = initializeLogger(DEFAULT_LOGGER_CONFIG);
 var logger3 = loggerLattice.client;
 function initializeLogger(config) {
-  if (import_core32.loggerLatticeManager.hasLattice("default")) {
-    import_core32.loggerLatticeManager.removeLattice("default");
+  if (import_core33.loggerLatticeManager.hasLattice("default")) {
+    import_core33.loggerLatticeManager.removeLattice("default");
   }
-  (0, import_core32.registerLoggerLattice)("default", config);
-  return (0, import_core32.getLoggerLattice)("default");
+  (0, import_core33.registerLoggerLattice)("default", config);
+  return (0, import_core33.getLoggerLattice)("default");
 }
 var app = (0, import_fastify.default)({
   logger: false,
@@ -7490,6 +8237,12 @@ app.addHook("preHandler", async (request, reply) => {
     error: "Unauthorized - Missing or invalid token"
   });
 });
+app.addHook("onRequest", (request, reply, done) => {
+  if (!request.headers["x-project-id"]) {
+    request.headers["x-project-id"] = "default";
+  }
+  done();
+});
 app.addHook("onRequest", (request, reply, done) => {
   const context = {
     "x-tenant-id": getHeaderValue(request.headers["x-tenant-id"]),
@@ -7551,7 +8304,7 @@ app.setErrorHandler((error, request, reply) => {
 });
 function getConfiguredSandboxProvider() {
   const sandboxProviderType = process.env.SANDBOX_PROVIDER_TYPE || "microsandbox-remote";
-  return (0, import_core32.createSandboxProvider)({
+  return (0, import_core33.createSandboxProvider)({
     type: sandboxProviderType,
     remoteBaseURL: process.env.SANDBOX_BASE_URL,
     microsandboxServiceBaseURL: process.env.MICROSANDBOX_SERVICE_BASE_URL,
@@ -7583,7 +8336,7 @@ var start = async (config) => {
       const { getStoreLattice: getStoreLattice16 } = await import("@axiom-lattice/core");
       const bindingStore = getStoreLattice16("default", "channelBinding").store;
       const installationStore = getStoreLattice16("default", "channelInstallation").store;
-      (0, import_core31.setBindingRegistry)(bindingStore);
+      (0, import_core32.setBindingRegistry)(bindingStore);
       const adapterRegistry = new ChannelAdapterRegistry();
       adapterRegistry.register(larkChannelAdapter);
       const router = new MessageRouter({
@@ -7597,11 +8350,19 @@ var start = async (config) => {
         installationStore
       });
       channelDeps = { router, installationStore };
+      try {
+        const a2aKeyStore = getStoreLattice16("default", "a2aApiKey").store;
+        const a2a = await Promise.resolve().then(() => (init_a2a(), a2a_exports));
+        a2a.setA2AKeyStore(a2aKeyStore);
+        await a2a.refreshStoreKeyMap();
+        logger3.info("A2A key store initialized");
+      } catch {
+      }
     } catch {
     }
     registerLatticeRoutes(app, channelDeps);
-    if (!import_core32.sandboxLatticeManager.hasLattice("default")) {
-      import_core32.sandboxLatticeManager.registerLattice("default", getConfiguredSandboxProvider());
+    if (!import_core33.sandboxLatticeManager.hasLattice("default")) {
+      import_core33.sandboxLatticeManager.registerLattice("default", getConfiguredSandboxProvider());
       logger3.info("Registered sandbox manager from env configuration");
     }
     const target_port = config?.port || Number(process.env.PORT) || 4001;
@@ -7622,7 +8383,7 @@ var start = async (config) => {
     }
     try {
       logger3.info("Starting agent instance recovery...");
-      const restoreStats = await import_core32.agentInstanceManager.restore();
+      const restoreStats = await import_core33.agentInstanceManager.restore();
       logger3.info(`Agent recovery complete: ${restoreStats.restored} threads restored, ${restoreStats.errors} errors`);
     } catch (error) {
       logger3.error("Agent recovery failed", { error });