a2a-mesh 1.0.0

package/dist/shared/a2a-mesh.DOHcVRN8.mjs

@@ -0,0 +1,119 @@
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+
+class JwtAuthMiddleware {
+  constructor(options) {
+    this.options = options;
+  }
+  remoteSets = /* @__PURE__ */ new Map();
+  async authenticateRequest(req) {
+    const securityRequirements = this.options.security && this.options.security.length > 0 ? this.options.security : [Object.fromEntries(this.options.securitySchemes.map((scheme) => [scheme.id, []]))];
+    let lastError;
+    for (const requirement of securityRequirements) {
+      try {
+        for (const schemeId of Object.keys(requirement)) {
+          const scheme = this.options.securitySchemes.find((item) => item.id === schemeId);
+          if (!scheme) {
+            throw new Error(`Unknown security scheme: ${schemeId}`);
+          }
+          if (scheme.type === "apiKey") {
+            return this.validateApiKey(req, scheme);
+          }
+          if (scheme.type === "http") {
+            return this.validateBearerToken(req);
+          }
+          if (scheme.type === "openIdConnect") {
+            return this.validateOidcToken(req, scheme);
+          }
+        }
+      } catch (error) {
+        lastError = error instanceof Error ? error : new Error(String(error));
+      }
+    }
+    throw lastError ?? new Error("Authentication failed");
+  }
+  middleware() {
+    return async (req, res, next) => {
+      try {
+        const authResult = await this.authenticateRequest(req);
+        Object.assign(req, { auth: authResult });
+        next();
+      } catch (error) {
+        res.status(401).json({
+          jsonrpc: "2.0",
+          error: {
+            code: -32040,
+            message: "Unauthorized",
+            data: { reason: String(error) }
+          },
+          id: req.body && typeof req.body === "object" && "id" in req.body ? req.body.id : null
+        });
+      }
+    };
+  }
+  validateApiKey(req, scheme) {
+    const expected = this.options.apiKeys?.[scheme.id];
+    const validValues = Array.isArray(expected) ? expected : expected ? [expected] : [];
+    if (validValues.length === 0) {
+      throw new Error(`No API key configured for scheme ${scheme.id}`);
+    }
+    const incoming = scheme.in === "header" ? req.header(scheme.name) : typeof req.query[scheme.name] === "string" ? req.query[scheme.name] : void 0;
+    if (typeof incoming !== "string" || !validValues.includes(incoming)) {
+      throw new Error("Invalid API key");
+    }
+    return { schemeId: scheme.id };
+  }
+  async validateOidcToken(req, scheme) {
+    const token = this.readBearerToken(req);
+    const discoveryResponse = await fetch(scheme.openIdConnectUrl);
+    if (!discoveryResponse.ok) {
+      throw new Error(`Failed to fetch OIDC configuration: ${discoveryResponse.status}`);
+    }
+    const discovery = await discoveryResponse.json();
+    const jwksUri = scheme.jwksUri ?? discovery.jwks_uri;
+    if (!jwksUri) {
+      throw new Error("OIDC configuration is missing jwks_uri");
+    }
+    let remoteSet = this.remoteSets.get(jwksUri);
+    if (!remoteSet) {
+      remoteSet = createRemoteJWKSet(new URL(jwksUri));
+      this.remoteSets.set(jwksUri, remoteSet);
+    }
+    const verifyOptions = {
+      ...scheme.audience ? { audience: scheme.audience } : {},
+      ...scheme.issuer ?? discovery.issuer ? { issuer: scheme.issuer ?? discovery.issuer } : {},
+      algorithms: scheme.algorithms ?? ["RS256", "ES256"]
+    };
+    const { payload } = await jwtVerify(token, remoteSet, verifyOptions);
+    return {
+      schemeId: scheme.id,
+      ...payload.sub ? { subject: payload.sub } : {},
+      claims: payload
+    };
+  }
+  async validateBearerToken(req) {
+    const token = this.readBearerToken(req);
+    const payload = this.decodeJwtWithoutValidation(token);
+    return {
+      schemeId: "bearer",
+      ...payload.sub ? { subject: payload.sub } : {},
+      claims: payload
+    };
+  }
+  readBearerToken(req) {
+    const header = req.header("authorization");
+    if (!header || !header.toLowerCase().startsWith("bearer ")) {
+      throw new Error("Missing bearer token");
+    }
+    return header.slice("bearer ".length).trim();
+  }
+  decodeJwtWithoutValidation(token) {
+    const parts = token.split(".");
+    if (parts.length < 2) {
+      throw new Error("Invalid JWT");
+    }
+    const payloadJson = Buffer.from(parts[1] ?? "", "base64url").toString("utf8");
+    return JSON.parse(payloadJson);
+  }
+}
+
+export { JwtAuthMiddleware as J };

package/dist/telemetry/index.cjs

@@ -0,0 +1,27 @@
+'use strict';
+
+const api = require('@opentelemetry/api');
+
+const VERSION = "1.0.0";
+const a2aMeshTracer = api.trace.getTracer("a2a-mesh", VERSION);
+function withA2ABaggage(taskId, contextId) {
+  let currentBaggage = api.propagation.getBaggage(api.context.active()) ?? api.propagation.createBaggage({});
+  if (taskId) {
+    currentBaggage = currentBaggage.setEntry("a2a.task_id", {
+      value: taskId,
+      metadata: api.baggageEntryMetadataFromString("a2a")
+    });
+  }
+  if (contextId) {
+    currentBaggage = currentBaggage.setEntry("a2a.context_id", {
+      value: contextId,
+      metadata: api.baggageEntryMetadataFromString("a2a")
+    });
+  }
+  const nextContext = api.propagation.setBaggage(api.context.active(), currentBaggage);
+  api.context.with(nextContext, () => void 0);
+}
+
+exports.SpanStatusCode = api.SpanStatusCode;
+exports.a2aMeshTracer = a2aMeshTracer;
+exports.withA2ABaggage = withA2ABaggage;

package/dist/telemetry/index.d.cts

@@ -0,0 +1,7 @@
+import * as _opentelemetry_api from '@opentelemetry/api';
+export { SpanStatusCode } from '@opentelemetry/api';
+
+declare const a2aMeshTracer: _opentelemetry_api.Tracer;
+declare function withA2ABaggage(taskId?: string, contextId?: string): void;
+
+export { a2aMeshTracer, withA2ABaggage };

package/dist/telemetry/index.d.mts

@@ -0,0 +1,7 @@
+import * as _opentelemetry_api from '@opentelemetry/api';
+export { SpanStatusCode } from '@opentelemetry/api';
+
+declare const a2aMeshTracer: _opentelemetry_api.Tracer;
+declare function withA2ABaggage(taskId?: string, contextId?: string): void;
+
+export { a2aMeshTracer, withA2ABaggage };

package/dist/telemetry/index.d.ts

@@ -0,0 +1,7 @@
+import * as _opentelemetry_api from '@opentelemetry/api';
+export { SpanStatusCode } from '@opentelemetry/api';
+
+declare const a2aMeshTracer: _opentelemetry_api.Tracer;
+declare function withA2ABaggage(taskId?: string, contextId?: string): void;
+
+export { a2aMeshTracer, withA2ABaggage };

package/dist/telemetry/index.mjs

@@ -0,0 +1,24 @@
+import { trace, propagation, context, baggageEntryMetadataFromString } from '@opentelemetry/api';
+export { SpanStatusCode } from '@opentelemetry/api';
+
+const VERSION = "1.0.0";
+const a2aMeshTracer = trace.getTracer("a2a-mesh", VERSION);
+function withA2ABaggage(taskId, contextId) {
+  let currentBaggage = propagation.getBaggage(context.active()) ?? propagation.createBaggage({});
+  if (taskId) {
+    currentBaggage = currentBaggage.setEntry("a2a.task_id", {
+      value: taskId,
+      metadata: baggageEntryMetadataFromString("a2a")
+    });
+  }
+  if (contextId) {
+    currentBaggage = currentBaggage.setEntry("a2a.context_id", {
+      value: contextId,
+      metadata: baggageEntryMetadataFromString("a2a")
+    });
+  }
+  const nextContext = propagation.setBaggage(context.active(), currentBaggage);
+  context.with(nextContext, () => void 0);
+}
+
+export { a2aMeshTracer, withA2ABaggage };

package/package.json

@@ -0,0 +1,90 @@
+{
+  "name": "a2a-mesh",
+  "version": "1.0.0",
+  "description": "A2A Protocol v1.0 server runtime, task model, auth, telemetry and middleware",
+  "keywords": [
+    "a2a",
+    "agent2agent",
+    "ai-agents",
+    "multi-agent",
+    "typescript"
+  ],
+  "author": "oaslananka",
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/oaslananka/a2a-mesh#readme",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/oaslananka/a2a-mesh.git",
+    "directory": "packages/core"
+  },
+  "bugs": {
+    "url": "https://github.com/oaslananka/a2a-mesh/issues"
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "sideEffects": false,
+  "scripts": {
+    "build": "unbuild",
+    "typecheck": "tsc -b",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "@opentelemetry/api": "^1.9.0",
+    "eventsource": "^2.0.2",
+    "express": "^4.18.2",
+    "jose": "^5.2.0",
+    "uuid": "^9.0.1",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "@types/eventsource": "^1.1.15",
+    "@types/express": "^4.17.21",
+    "@types/uuid": "^9.0.8",
+    "typescript": "^5.2.2"
+  },
+  "type": "module",
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "peerDependencies": {
+    "@opentelemetry/api": "^1.9.0",
+    "better-sqlite3": "^11.10.0"
+  },
+  "peerDependenciesMeta": {
+    "@opentelemetry/api": {
+      "optional": true
+    },
+    "better-sqlite3": {
+      "optional": true
+    }
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs",
+      "types": "./dist/index.d.ts"
+    },
+    "./middleware": {
+      "import": "./dist/middleware/index.mjs",
+      "require": "./dist/middleware/index.cjs",
+      "types": "./dist/middleware/index.d.ts"
+    },
+    "./telemetry": {
+      "import": "./dist/telemetry/index.mjs",
+      "require": "./dist/telemetry/index.cjs",
+      "types": "./dist/telemetry/index.d.ts"
+    },
+    "./auth": {
+      "import": "./dist/auth/index.mjs",
+      "require": "./dist/auth/index.cjs",
+      "types": "./dist/auth/index.d.ts"
+    }
+  },
+  "module": "./dist/index.mjs",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ]
+}