@openwop/openwop-conformance 1.0.0 → 1.1.0

package/schemas/pack-lockfile.schema.json

@@ -0,0 +1,92 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/pack-lockfile.schema.json",
+  "title": "PackLockfile",
+  "description": "Reproducible-build lockfile pinning resolved versions of every pack a workspace depends on. Per spec/v1/node-packs.md §\"Dependency resolution + lockfile\". A workspace records its lockfile alongside its workflow definitions; on subsequent installs the registry resolver MUST honor the lockfile's exact versions rather than re-running semver resolution. This guarantees that a workflow that ran against `vendor.openwop.rust-hello@1.0.0` will still run against `1.0.0` even after `1.0.1` is published.",
+  "type": "object",
+  "required": ["lockfileVersion", "generatedAt", "packs"],
+  "properties": {
+    "lockfileVersion": {
+      "type": "integer",
+      "minimum": 1,
+      "description": "Lockfile schema version. Bumped when the lockfile structure changes incompatibly. v1.0 ships at lockfileVersion 1."
+    },
+    "generatedAt": {
+      "type": "string",
+      "format": "date-time",
+      "description": "ISO 8601 timestamp the lockfile was written. Used for audit + cache-bust diagnostics; resolvers MUST NOT use this for resolution decisions."
+    },
+    "registry": {
+      "type": "string",
+      "format": "uri",
+      "description": "Optional source-of-truth registry URL the resolved versions were fetched from (e.g., `https://packs.openwop.dev`). Multi-registry workspaces include this for audit. Single-registry workspaces MAY omit."
+    },
+    "packs": {
+      "type": "array",
+      "description": "Resolved pack records, one per pack referenced (transitively) by the workspace's workflow definitions. Order is informational only; resolvers MUST NOT rely on order. Empty arrays are allowed (a workspace with no packs).",
+      "items": { "$ref": "#/$defs/ResolvedPack" }
+    }
+  },
+  "additionalProperties": false,
+  "$defs": {
+    "ResolvedPack": {
+      "type": "object",
+      "required": ["name", "version", "integrity"],
+      "properties": {
+        "name": {
+          "type": "string",
+          "minLength": 3,
+          "maxLength": 256,
+          "pattern": "^(core|vendor|community|private|local)\\.[a-z0-9][a-z0-9.-]*$",
+          "description": "Pack name per node-packs.md §\"Manifest format\" `name`. Reverse-DNS-style; namespace prefix is one of the canonical tiers."
+        },
+        "version": {
+          "type": "string",
+          "minLength": 1,
+          "maxLength": 64,
+          "description": "Resolved exact version (no ranges). Semver MAJOR.MINOR.PATCH[-PRERELEASE][+BUILD]. The resolver MUST pin to this exact version on subsequent installs."
+        },
+        "resolved": {
+          "type": "string",
+          "format": "uri",
+          "description": "Optional canonical URL the tarball was fetched from. Audit aid; resolvers MUST verify the `integrity` field even if this URL is present."
+        },
+        "integrity": {
+          "type": "string",
+          "pattern": "^sha256-[A-Za-z0-9+/]{43}=$",
+          "description": "Subresource-integrity-style hash of the tarball: literal `sha256-` followed by 43-char base64-encoded SHA-256 digest with trailing `=` padding. Resolvers MUST verify the downloaded tarball's SHA-256 matches before extraction. Hash mismatch MUST fail the install with `pack_integrity_mismatch`."
+        },
+        "signature": {
+          "type": "object",
+          "description": "Optional pack signature material (Ed25519 per node-packs.md §Signing). When present, resolvers MUST verify the signature against the publisher's advertised public key.",
+          "required": ["algorithm", "publicKey", "value"],
+          "properties": {
+            "algorithm": { "type": "string", "enum": ["ed25519"] },
+            "publicKey": { "type": "string", "minLength": 1, "description": "Base64-encoded Ed25519 public key bytes." },
+            "value": { "type": "string", "minLength": 1, "description": "Base64-encoded Ed25519 signature over the tarball." }
+          },
+          "additionalProperties": false
+        },
+        "dependencies": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 64
+          },
+          "description": "Pinned versions for this pack's `dependencies` (per its manifest). Each key is a pack name; each value is the resolved exact version. Pinned recursively — a transitively-installed pack appears once in the top-level `packs[]` array AND as a value in each parent's `dependencies` map."
+        },
+        "peerDependencies": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string",
+            "minLength": 1,
+            "maxLength": 64
+          },
+          "description": "Echo of this pack's manifest `peerDependencies` for audit. Resolvers MUST verify that the host's `/.well-known/openwop` advertises every key listed here (per host-capabilities.md §\"Capability negotiation\"). Lockfile records the host-capability values the workspace committed to at lockfile-write time; mismatches at install time MAY warn (host advertises richer set) but MUST fail if a peer-dep is missing."
+        }
+      },
+      "additionalProperties": false
+    }
+  }
+}

package/schemas/registry-version-manifest.schema.json

@@ -0,0 +1,145 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/registry-version-manifest.schema.json",
+  "title": "RegistryVersionManifest",
+  "description": "Registry-augmented version manifest served at `/v1/packs/{name}/-/{version}.json`. Extends the bare pack manifest (`node-pack-manifest.schema.json`) with registry-side metadata (integrity hash, publishedAt timestamp, signed-blob URLs, lifecycle flags). This is the shape clients receive when they GET a specific pack version; the bare manifest is what publishers commit inside the tarball.\n\n**Why two schemas?** The bare manifest is the authoring contract — what a vendor writes in their pack source tree. The registry-augmented version is the SERVING contract — what `packs.openwop.dev` produces after `build-index.mjs` computes integrity hashes + adds URL templates. Validating both surfaces independently catches drift between authored content and served metadata.",
+  "type": "object",
+  "required": ["name", "version", "engines", "runtime", "integrity"],
+  "anyOf": [
+    { "properties": { "nodes": { "type": "array", "minItems": 1 } }, "required": ["nodes"] },
+    { "properties": { "agents": { "type": "array", "minItems": 1 } }, "required": ["agents"] }
+  ],
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Reverse-DNS pack name. Mirrors `node-pack-manifest.schema.json` §name.",
+      "pattern": "^(core|vendor|community|private)\\.[a-z][a-z0-9_-]*(\\.[a-z][a-zA-Z0-9_-]*)+$",
+      "minLength": 1,
+      "maxLength": 256
+    },
+    "version": {
+      "type": "string",
+      "description": "Pack version per SemVer 2.0.0. Must match the URL path the manifest is served at.",
+      "pattern": "^\\d+\\.\\d+\\.\\d+(?:-[0-9A-Za-z.-]+)?(?:\\+[0-9A-Za-z.-]+)?$"
+    },
+    "description": { "type": "string", "maxLength": 1024 },
+    "author": { "type": "string" },
+    "license": { "type": "string" },
+    "homepage": { "type": "string", "format": "uri" },
+    "repository": { "type": "string", "format": "uri" },
+    "keywords": {
+      "type": "array",
+      "items": { "type": "string", "maxLength": 64 },
+      "maxItems": 50
+    },
+    "engines": {
+      "type": "object",
+      "required": ["openwop"],
+      "properties": {
+        "openwop": { "type": "string", "minLength": 1 }
+      },
+      "additionalProperties": { "type": "string" }
+    },
+    "runtime": {
+      "type": "object",
+      "required": ["language"],
+      "properties": {
+        "language": {
+          "type": "string",
+          "enum": ["javascript", "typescript", "wasm", "remote"],
+          "description": "Pack runtime. `javascript`/`typescript` for in-process Node executors; `wasm` for sandboxed WASM (RFC 0008 ABI); `remote` for agent-only packs that dispatch via remote LLM providers + don't ship local executor bytecode."
+        },
+        "entry": { "type": "string" },
+        "abiVersion": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "peerDependencies": {
+      "type": "object",
+      "description": "Host capabilities the pack consumes. Each key is a host-capability identifier (e.g., `host.canvas`); each value declares the support level the pack expects.",
+      "additionalProperties": { "type": "string" }
+    },
+    "dependencies": {
+      "type": "object",
+      "description": "Pack dependencies (other packs). Wire-locked at install time per `pack-lockfile.schema.json`.",
+      "additionalProperties": { "type": "string" }
+    },
+    "signing": {
+      "type": "object",
+      "description": "Embedded signing metadata. The pack's signing key MUST be one of the keys registered in `.well-known/openwop-registry.json` `signingKeys[]` AND MUST be authorized for the pack's namespace via `permittedNamespaces`.\n\nTwo identifier forms in the wild:\n  - `keyId`: canonical (newer packs). Matches an entry in registry's `signingKeys[].keyId`.\n  - `publicKeyRef`: legacy alias of `keyId` (used by `build-pack-tarball.mjs --key-id <id>`). Equivalent semantics.\n\nAt least one of `keyId` / `publicKeyRef` MUST be present; if both, they MUST be equal. The schema's `oneOf` block enforces this.",
+      "required": ["method"],
+      "oneOf": [
+        { "required": ["keyId"] },
+        { "required": ["publicKeyRef"] }
+      ],
+      "properties": {
+        "method": {
+          "type": "string",
+          "enum": ["manual", "ed25519", "sigstore"],
+          "description": "Signing method. `manual` and `ed25519` both denote a detached Ed25519 signature over canonical-JSON pack.json (synonymous in practice; both forms appear in published packs). `sigstore` reserved for the SLSA-friendly OIDC path."
+        },
+        "keyId": { "type": "string", "minLength": 1 },
+        "publicKeyRef": { "type": "string", "minLength": 1 },
+        "publicKeyUrl": { "type": "string", "format": "uri-reference" },
+        "signatureRef": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "nodes": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["typeId", "version", "category", "role"],
+        "additionalProperties": true
+      }
+    },
+    "agents": {
+      "type": "array",
+      "items": { "type": "object", "additionalProperties": true }
+    },
+    "integrity": {
+      "type": "string",
+      "description": "SRI-style integrity hash of the SIGNED tarball (`sha256-<base64(sha256)>`). Computed by `registry/scripts/build-index.mjs` from the on-disk `.tgz`. Consumers MUST verify the fetched tarball's hash matches this field before unpacking.",
+      "pattern": "^sha256-[A-Za-z0-9+/=]+$"
+    },
+    "publishedAt": {
+      "type": "string",
+      "description": "ISO-8601 UTC timestamp of first publish. Immutable per spec — set at first publish, never re-issued on subsequent index rebuilds.",
+      "format": "date-time"
+    },
+    "tarballUrl": {
+      "type": "string",
+      "description": "Registry-relative URL for the signed tarball. Always `/v1/packs/{name}/-/{version}.tgz`.",
+      "pattern": "^/v1/packs/[^/]+/-/[^/]+\\.tgz$"
+    },
+    "signatureUrl": {
+      "type": "string",
+      "description": "Registry-relative URL for the detached Ed25519 signature. Always `/v1/packs/{name}/-/{version}.sig`.",
+      "pattern": "^/v1/packs/[^/]+/-/[^/]+\\.sig$"
+    },
+    "deprecated": {
+      "type": "boolean",
+      "description": "Advisory: this version is deprecated. Consumers MAY refuse to install but registry continues to serve."
+    },
+    "yanked": {
+      "type": "boolean",
+      "description": "Hard refusal: this version was published in error. Registry MUST refuse to serve the tarball; consumers MUST refuse to dispatch nodes from yanked versions."
+    },
+    "yankedReason": {
+      "type": "string",
+      "maxLength": 512,
+      "description": "Optional one-line rationale shown by clients when a yanked install is attempted. Conventionally references the advisory id (`OPENWOP-YYYY-NNNN`) when one was issued."
+    },
+    "deprecationReason": {
+      "type": "string",
+      "maxLength": 512,
+      "description": "Optional one-line rationale shown by clients when an install of a deprecated version is attempted. Typically names the replacement version + migration link."
+    },
+    "advisoryUrl": {
+      "type": "string",
+      "format": "uri",
+      "description": "Optional URL with deprecation / yank rationale + remediation."
+    }
+  },
+  "additionalProperties": false
+}

package/schemas/run-event-payloads.schema.json

@@ -501,10 +501,10 @@
 
     "capBreached": {
       "type": "object",
-      "description": "Emitted when a CapabilityLimit is exceeded (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions).",
+      "description": "Emitted when a CapabilityLimit is exceeded. Protocol-level limits use the four engine kinds (clarificationRounds / schemaRounds / envelopesPerTurn / maxNodeExecutions). RFC 0008 §K WASM-runtime caps use the wasm-* kinds (memory ceiling, fuel exhaustion, execution-time wall-clock).",
       "required": ["kind", "limit", "observed"],
       "properties": {
-        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions"] },
+        "kind":     { "type": "string", "enum": ["clarification", "schema", "envelopes", "node-executions", "wasm-memory", "wasm-fuel", "wasm-execution-time"] },
         "limit":    { "type": "integer", "minimum": 0 },
         "observed": { "type": "integer", "minimum": 0 },
         "nodeId":   { "type": "string" }

package/schemas/security-advisory.schema.json

@@ -0,0 +1,109 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://openwop.dev/spec/v1/security-advisory.schema.json",
+  "title": "SecurityAdvisory",
+  "description": "Registry-owned security advisory for a published OpenWOP pack version. Sourced from registry/security/advisories.json. Every entry MUST be reviewed + merged via maintainer PR; the CI check-advisories gate refuses to deploy if any active advisory targets a pack version that is not already yanked.",
+  "type": "object",
+  "required": ["id", "publishedAt", "severity", "summary", "affected"],
+  "properties": {
+    "id": {
+      "type": "string",
+      "description": "Stable advisory identifier. Format: `OPENWOP-YYYY-NNNN` (sequential, assigned by maintainers at PR merge time). MAY also include an aliased CVE ID via `cveIds[]`.",
+      "pattern": "^OPENWOP-[0-9]{4}-[0-9]{4}$"
+    },
+    "cveIds": {
+      "type": "array",
+      "description": "Aliased CVE identifiers if a CVE was reserved through Mitre or a CNA. Listed in cve.mitre.org format.",
+      "items": {
+        "type": "string",
+        "pattern": "^CVE-[0-9]{4}-[0-9]+$"
+      },
+      "uniqueItems": true
+    },
+    "publishedAt": {
+      "type": "string",
+      "format": "date",
+      "description": "Date the advisory was first published (ISO 8601 yyyy-mm-dd). Frozen at merge time; do not update on revision."
+    },
+    "updatedAt": {
+      "type": "string",
+      "format": "date",
+      "description": "Date of last advisory update. Bump when severity, affected, or fixedIn changes."
+    },
+    "severity": {
+      "type": "string",
+      "enum": ["critical", "high", "medium", "low"],
+      "description": "Severity per the rubric in docs/runbooks/INCIDENT-RESPONSE.md. critical=S0 (yank immediately), high=S1, medium=S2, low=S3."
+    },
+    "cvssV4Score": {
+      "type": "number",
+      "minimum": 0,
+      "maximum": 10,
+      "description": "Optional CVSS 4.0 base score. Informational; severity field is the authoritative classification."
+    },
+    "summary": {
+      "type": "string",
+      "description": "One-line human-readable summary of the vulnerability. Surfaces in tooling output.",
+      "minLength": 1,
+      "maxLength": 200
+    },
+    "details": {
+      "type": "string",
+      "description": "Long-form description: vulnerability mechanism, attack vector, impact, recommended consumer action. May reference external URLs via advisoryUrl."
+    },
+    "advisoryUrl": {
+      "type": "string",
+      "format": "uri",
+      "description": "External advisory link (e.g., GitHub Security Advisory, vendor security page, CVE detail page)."
+    },
+    "affected": {
+      "type": "array",
+      "description": "Pack versions impacted by this advisory. Each entry pins a pack name + a SemVer range. The check-advisories CI gate cross-references this list against every published version and fails if any non-yanked version matches.",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": ["packName", "versions"],
+        "properties": {
+          "packName": {
+            "type": "string",
+            "description": "Pack name (e.g., `vendor.myndhyve.ai`). MUST exist under registry/v1/packs/.",
+            "pattern": "^[a-z][a-z0-9-]*(\\.[a-z][a-z0-9-]*)+$"
+          },
+          "versions": {
+            "type": "string",
+            "description": "SemVer range using node-semver syntax (`<1.0.0`, `>=1.0.0 <1.0.3`, `1.0.0 || 1.0.1`). Matched against published version numbers via the check-advisories gate."
+          },
+          "fixedIn": {
+            "type": "string",
+            "description": "Earliest version that contains the fix. Consumers MUST upgrade to >= this version. Absent if no fix is available yet (defense-only).",
+            "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9.-]+)?(\\+[a-zA-Z0-9.-]+)?$"
+          },
+          "fixedInRef": {
+            "type": "string",
+            "description": "PR or commit reference where the fix landed (e.g., `openwop/openwop#42`). Helps consumers audit the patch."
+          }
+        },
+        "additionalProperties": false
+      }
+    },
+    "credits": {
+      "type": "array",
+      "description": "Acknowledged reporters or researchers.",
+      "items": {
+        "type": "object",
+        "required": ["name"],
+        "properties": {
+          "name": { "type": "string", "minLength": 1 },
+          "url": { "type": "string", "format": "uri" },
+          "role": {
+            "type": "string",
+            "enum": ["finder", "reporter", "analyst", "coordinator", "remediation-developer"],
+            "description": "Per CSAF role vocabulary. Defaults to `finder` when not specified."
+          }
+        },
+        "additionalProperties": false
+      }
+    }
+  },
+  "additionalProperties": false
+}

package/src/lib/a2a-fake-peer.ts

@@ -3,24 +3,29 @@
  *
  * The A2A protocol (https://a2a-protocol.org/) defines an `AgentCard` for
  * discovery plus a Task lifecycle whose `TaskState` enum drives most of
- * the conformance burden. We expose just enough of the HTTP+JSON
+ * the conformance burden. We expose just enough of A2A v0.3 JSON-RPC
  * transport to let conformance scenarios drive the host through the
  * four documented drift points from `spec/v1/a2a-integration.md`
  * §"State projection".
  *
- * Endpoints (minimal):
- *   GET  /agent.json                 — AgentCard
- *   POST /tasks                      — create a task; returns { taskId, state: 'SUBMITTED' }
- *   GET  /tasks/{taskId}             — poll task state + last message
- *   POST /tasks/{taskId}/messages    — append a message (used by host to resume an INPUT_REQUIRED task)
+ * Endpoints (A2A v0.3 wire shape):
+ *   GET  /.well-known/agent-card.json — AgentCard at the spec-mandated
+ *                                       well-known path (per
+ *                                       @a2a-js/sdk@0.3.13 `AGENT_CARD_PATH`)
+ *   POST /a2a/jsonrpc                  — JSON-RPC dispatch:
+ *                                          - method `message/send` →
+ *                                            creates a Task, returns Task obj
+ *                                          - method `tasks/get` → fetches Task
  *
  * Test fixtures set the *next* state transition via `setNextState(...)`
  * so a single scenario can walk the peer through SUBMITTED → WORKING →
  * INPUT_REQUIRED → COMPLETED (or AUTH_REQUIRED, or REJECTED) without
- * implementing a real agent.
+ * implementing a real agent. The internal API uses the UPPERCASE enum
+ * from openwop's a2a-integration.md (which references the gRPC enum);
+ * wire responses use the v0.3 JSON-RPC lowercase-hyphen form.
  *
  * @see spec/v1/a2a-integration.md §"State projection"
- * @see https://a2a-protocol.org/latest/specification/
+ * @see https://a2a-protocol.org/v0.3.0/specification
  */
 
 import { createServer, type Server } from 'node:http';
@@ -37,16 +42,32 @@ export type A2ATaskState =
   | 'CANCELED'
   | 'REJECTED';
 
+/** Translate internal UPPERCASE state to A2A v0.3 wire form (lowercase + hyphen). */
+function wireState(s: A2ATaskState): string {
+  switch (s) {
+    case 'UNSPECIFIED': return 'unknown';
+    case 'SUBMITTED': return 'submitted';
+    case 'WORKING': return 'working';
+    case 'INPUT_REQUIRED': return 'input-required';
+    case 'AUTH_REQUIRED': return 'auth-required';
+    case 'COMPLETED': return 'completed';
+    case 'FAILED': return 'failed';
+    case 'CANCELED': return 'canceled';
+    case 'REJECTED': return 'rejected';
+  }
+}
+
 interface A2ATask {
-  taskId: string;
+  id: string;
+  contextId: string;
   state: A2ATaskState;
-  messages: Array<{ role: 'user' | 'agent'; content: unknown }>;
-  metadata?: Record<string, unknown>;
+  history: Array<{ role: 'user' | 'agent'; parts: unknown[] }>;
 }
 
 export interface A2APeerInvocation {
   readonly method: string;
   readonly path: string;
+  readonly rpcMethod: string | null;
   readonly body: unknown;
   readonly timestamp: number;
 }
@@ -61,7 +82,14 @@ export class A2AFakePeer {
 
   async start(port: number = 0): Promise<void> {
     return new Promise((resolve, reject) => {
-      const server = createServer((req, res) => this._handle(req, res));
+      const server = createServer((req, res) => {
+        this._handle(req, res).catch((err) => {
+          if (!res.headersSent) {
+            res.writeHead(500, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: String(err) }));
+          }
+        });
+      });
       server.on('error', reject);
       server.listen(port, '127.0.0.1', () => {
         const addr = server.address() as AddressInfo;
@@ -121,6 +149,21 @@ export class A2AFakePeer {
     return this._tasks.get(taskId);
   }
 
+  private _taskToWire(t: A2ATask): Record<string, unknown> {
+    return {
+      id: t.id,
+      kind: 'task',
+      contextId: t.contextId,
+      status: { state: wireState(t.state) },
+      history: t.history.map((m) => ({
+        kind: 'message',
+        role: m.role,
+        parts: m.parts,
+        messageId: `msg-${t.id}-${t.history.indexOf(m)}`,
+      })),
+    };
+  }
+
   private async _handle(
     req: import('node:http').IncomingMessage,
     res: import('node:http').ServerResponse,
@@ -138,82 +181,126 @@ export class A2AFakePeer {
       }
     }
 
+    const rpcMethod =
+      body && typeof body === 'object' && body !== null && 'method' in body
+        ? String((body as { method: unknown }).method)
+        : null;
+
     this._invocations.push({
       method: req.method ?? 'GET',
       path: url,
+      rpcMethod,
       body,
       timestamp: Date.now(),
     });
 
-    // GET /agent.json
-    if (req.method === 'GET' && url.startsWith('/agent.json')) {
+    // GET /.well-known/agent-card.json  — A2A v0.3 well-known path
+    if (req.method === 'GET' && url.startsWith('/.well-known/agent-card.json')) {
       const card = {
         protocolVersion: '0.3.0',
         name: 'openwop-conformance-fake-a2a',
         description: 'Synthetic A2A peer for openwop conformance suite',
-        url: this.endpoint(),
+        url: `${this.endpoint()}/a2a/jsonrpc`,
         version: '1.0.0',
-        capabilities: { streaming: false },
+        capabilities: { streaming: false, pushNotifications: false },
         skills: [
           {
             id: 'echo',
             name: 'echo',
             description: 'Returns input verbatim',
+            tags: ['echo'],
           },
         ],
+        defaultInputModes: ['text'],
+        defaultOutputModes: ['text'],
+        additionalInterfaces: [
+          { url: `${this.endpoint()}/a2a/jsonrpc`, transport: 'JSONRPC' },
+        ],
       };
       res.writeHead(200, { 'Content-Type': 'application/json' });
       res.end(JSON.stringify(card));
       return;
     }
 
-    // POST /tasks — create task
-    if (req.method === 'POST' && url === '/tasks') {
-      const taskId = `task-${++this._taskIdCounter}`;
-      const initial: A2ATaskState = this._nextStateOverride ?? 'SUBMITTED';
-      this._nextStateOverride = null;
-      const task: A2ATask = {
-        taskId,
-        state: initial,
-        messages: body && typeof body === 'object' ? [{ role: 'user', content: body }] : [],
-      };
-      this._tasks.set(taskId, task);
-      res.writeHead(200, { 'Content-Type': 'application/json' });
-      res.end(JSON.stringify({ taskId, state: task.state }));
-      return;
-    }
+    // POST /a2a/jsonrpc  — A2A v0.3 JSON-RPC transport
+    if (req.method === 'POST' && url === '/a2a/jsonrpc') {
+      if (
+        !body ||
+        typeof body !== 'object' ||
+        (body as { jsonrpc?: unknown }).jsonrpc !== '2.0'
+      ) {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(
+          JSON.stringify({
+            jsonrpc: '2.0',
+            id: null,
+            error: { code: -32600, message: 'Invalid JSON-RPC envelope' },
+          }),
+        );
+        return;
+      }
+      const rpc = body as { id?: string | number; method?: string; params?: unknown };
 
-    // GET /tasks/{taskId}
-    const getMatch = url.match(/^\/tasks\/([^/?]+)$/);
-    if (req.method === 'GET' && getMatch) {
-      const task = this._tasks.get(decodeURIComponent(getMatch[1]));
-      if (!task) {
-        res.writeHead(404, { 'Content-Type': 'application/json' });
-        res.end(JSON.stringify({ error: 'not_found' }));
+      if (rpc.method === 'message/send') {
+        const taskId = `task-${++this._taskIdCounter}`;
+        const contextId = `ctx-${taskId}`;
+        const initial: A2ATaskState = this._nextStateOverride ?? 'SUBMITTED';
+        this._nextStateOverride = null;
+        const userMessage = (rpc.params as { message?: { parts?: unknown[] } } | undefined)
+          ?.message;
+        const task: A2ATask = {
+          id: taskId,
+          contextId,
+          state: initial,
+          history: userMessage
+            ? [{ role: 'user', parts: userMessage.parts ?? [] }]
+            : [],
+        };
+        this._tasks.set(taskId, task);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(
+          JSON.stringify({
+            jsonrpc: '2.0',
+            id: rpc.id ?? null,
+            result: this._taskToWire(task),
+          }),
+        );
         return;
       }
-      res.writeHead(200, { 'Content-Type': 'application/json' });
-      res.end(JSON.stringify(task));
-      return;
-    }
 
-    // POST /tasks/{taskId}/messages — host resumes an INPUT_REQUIRED task
-    const msgMatch = url.match(/^\/tasks\/([^/?]+)\/messages$/);
-    if (req.method === 'POST' && msgMatch) {
-      const task = this._tasks.get(decodeURIComponent(msgMatch[1]));
-      if (!task) {
-        res.writeHead(404, { 'Content-Type': 'application/json' });
-        res.end(JSON.stringify({ error: 'not_found' }));
+      if (rpc.method === 'tasks/get') {
+        const params = (rpc.params ?? {}) as { id?: string };
+        const task = params.id ? this._tasks.get(params.id) : undefined;
+        if (!task) {
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(
+            JSON.stringify({
+              jsonrpc: '2.0',
+              id: rpc.id ?? null,
+              error: { code: -32001, message: 'Task not found' },
+            }),
+          );
+          return;
+        }
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(
+          JSON.stringify({
+            jsonrpc: '2.0',
+            id: rpc.id ?? null,
+            result: this._taskToWire(task),
+          }),
+        );
         return;
       }
-      task.messages.push({ role: 'user', content: body });
-      // Move from INPUT_REQUIRED back to WORKING then to COMPLETED for the
-      // simple roundtrip. Tests that need a different next-state set it
-      // via setNextState() before posting the message.
-      task.state = this._nextStateOverride ?? 'COMPLETED';
-      this._nextStateOverride = null;
+
       res.writeHead(200, { 'Content-Type': 'application/json' });
-      res.end(JSON.stringify({ taskId: task.taskId, state: task.state }));
+      res.end(
+        JSON.stringify({
+          jsonrpc: '2.0',
+          id: rpc.id ?? null,
+          error: { code: -32601, message: `Method not found: ${rpc.method}` },
+        }),
+      );
       return;
     }