codex-a2a 0.3.0__tar.gz

codex_a2a-0.3.0/.github/workflows/ci.yml

@@ -0,0 +1,61 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  quality-gate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+
+      - name: Sync Dependencies
+        run: uv sync --all-extras --frozen
+
+      - name: Run validation baseline
+        run: bash ./scripts/validate_baseline.sh
+
+  runtime-matrix:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+
+      - name: Sync Dependencies
+        run: uv sync --all-extras --frozen
+
+      - name: Run runtime matrix validation
+        run: bash ./scripts/validate_runtime_matrix.sh

codex_a2a-0.3.0/.github/workflows/publish.yml

@@ -0,0 +1,78 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+
+      - name: Build package artifacts
+        run: uv build --no-sources
+
+      - name: Capture built wheel path
+        id: wheel
+        run: |
+          python - <<'PY' >> "$GITHUB_OUTPUT"
+          import pathlib
+
+          wheels = sorted(pathlib.Path("dist").glob("codex_a2a-*.whl"))
+          if len(wheels) != 1:
+              raise SystemExit(f"Expected exactly one wheel in dist/, found {len(wheels)}")
+          print(f"wheel_path={wheels[0]}")
+          PY
+
+      - name: Verify published version matches tag
+        run: |
+          python - <<'PY'
+          import os
+          import pathlib
+
+          wheel = pathlib.Path(os.environ["WHEEL_PATH"]).name
+          version = wheel.removeprefix("codex_a2a-").split("-py3", 1)[0]
+          tag = os.environ["GITHUB_REF_NAME"].removeprefix("v")
+          if version != tag:
+              raise SystemExit(f"Wheel version {version!r} does not match tag {tag!r}")
+          print(f"Validated release version: {version}")
+          PY
+        env:
+          WHEEL_PATH: ${{ steps.wheel.outputs.wheel_path }}
+
+      - name: Smoke test wheel install
+        run: bash ./scripts/smoke_test_built_cli.sh
+        env:
+          WHEEL_PATH: ${{ steps.wheel.outputs.wheel_path }}
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          files: |
+            dist/*.tar.gz
+            dist/*.whl

codex_a2a-0.3.0/.gitignore

@@ -0,0 +1,220 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+!tests/parts/
+!tests/parts/**
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Local logs
+logs/
+run/
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# GitHub CLI temporary body files (should not be committed)
+issue_*.md
+
+# Local documentation sync/vendor cache
+sync_codex_docs.sh
+vendor/

codex_a2a-0.3.0/.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+minimum_pre_commit_version: 4.5.1
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.14.14
+    hooks:
+      - id: ruff
+        args: ["--fix"]
+      - id: ruff-format
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]

codex_a2a-0.3.0/.secrets.baseline

@@ -0,0 +1,131 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {},
+  "generated_at": "2026-03-19T05:12:34Z"
+}

codex_a2a-0.3.0/AGENTS.md

@@ -0,0 +1,55 @@
+# AGENTS.md
+
+以下规范适用于当前仓库内的 coding agent 协作与交付流程。
+
+## 1. 核心原则
+
+- 在保证安全、可追踪的前提下推进任务，避免不必要的流程阻断。
+- 保持与现有仓库结构、实现风格和工程习惯一致。
+
+## 2. Git 工作流
+
+- 禁止直接向受保护分支提交或推送：`main`/`master`/`release/*`。
+- 每项开发任务应在独立分支实施，建议从最新主干切出。
+- 同步主干优先使用 `git fetch` + `git merge --ff-only`，避免隐式合并。
+- 允许将开发分支推送到远端同名分支，便于协作与备份。
+- 禁止改写公共历史：`git push --force`、`git push --force-with-lease`、随意 `rebase`。
+- 仅提交本次任务相关文件，不清理或回滚与任务无关的在地改动。
+
+## 3. Issue 与 PR 协作
+
+- 开发类任务开始前，先检查是否已有相关 open Issue（例如 `gh issue list --state open`）。
+- 若无相关 Issue，应创建新 Issue 跟踪；Issue 建议包含背景、复现步骤、预期/实际、验收标准，并附 `git rev-parse HEAD` 快照。
+- 仅协作规范/流程文档改动（如 `AGENTS.md`）可直接修改，无需额外创建 Issue。
+- Issue 标题前缀建议使用 `[feat]`、`[bug]`、`[docs]`、`[ops]`、`[chore]`。
+- 提交信息若服务于某个 Issue，应在 commit message 中标注对应 `#issue`。
+- PR 默认建议创建为 Draft，并在描述中标明关联关系（如 `Closes #xx` / `Relates to #xx`）。
+- 出现关键进展、方案变化或新风险时，及时在对应 Issue/PR 中同步，避免重复评论。
+
+## 4. 工具与文本规范
+
+- 读写 Issue/PR 使用 `gh` CLI，不通过网页手工编辑。
+- Issue、PR 与评论使用简体中文；专业术语可保留英文。
+- 多行正文先写入临时文件，再用 `--body-file` 传入；不要在 `--body` 中拼接 `\\n`。
+- 同仓引用使用 `#123` 自动链接；跨仓引用使用完整 URL。
+
+## 5. 回归与验证
+
+- 回归策略按改动类型选择；默认基线为：
+  - `bash ./scripts/validate_baseline.sh`
+- Before committing, complete the required validation for the current change set; by default, run the baseline checks above before creating a commit.
+- Before creating or updating a PR, confirm the relevant local validation has passed so CI is not left to catch issues that are already reproducible locally.
+- `pre-commit` 若自动修复文件（如 `ruff --fix`），需复查改动后再提交。
+- If `pre-commit` modifies files, include those changes in the same commit and rerun `uv run pre-commit run --all-files` until it completes without further rewrites.
+- After running `pre-commit`, inspect `git status --short` before committing or pushing; do not assume hook-made rewrites are already included in the pending commit.
+- Do not push or update a PR while the working tree still contains hook-generated edits from the latest `pre-commit` run.
+- Shell/部署脚本改动：在基线之外，至少执行 `bash -n` 对改动脚本做语法校验。
+- 文档-only 改动：可不跑测试，但应自检命令与路径示例可用。
+- `uv sync --all-extras` 仅在首次初始化或依赖变更时需要，不作为每次改动必做项。
+- 若受环境限制无法完成某项验证，必须在汇报中明确说明未执行项与原因。
+
+## 6. 安全与配置
+
+- 严禁提交密钥、令牌、凭证或其他敏感信息（含 `.env` 内容）。
+- 日志与调试输出不得泄露访问令牌或隐私数据。
+- 涉及部署、认证、密钥注入的改动，需同步更新文档并提供最小验收步骤。

codex_a2a-0.3.0/CONTRIBUTING.md

@@ -0,0 +1,104 @@
+# Contributing
+
+Thanks for contributing to `codex-a2a`.
+
+## Scope
+
+This repository is the server/runtime boundary around Codex for A2A clients.
+Keep contributions aligned with that role:
+
+- transport and contract correctness
+- deployment and operations guardrails
+- session, streaming, and interrupt interoperability
+- security and observability for the service boundary
+
+Client-only concerns should usually stay out of this repository.
+
+## Workflow
+
+1. Start from the latest `main`.
+2. Work in a dedicated branch.
+3. Link the change to an issue whenever the work changes runtime behavior,
+   contracts, deployment, or documentation beyond small editorial cleanup.
+4. Keep PRs focused and describe contract or compatibility implications
+   explicitly.
+
+## Development From Source
+
+Use the repository checkout directly only for development, local debugging, or
+validation against unreleased changes on `main`.
+
+1. Install dependencies:
+
+```bash
+uv sync --all-extras
+```
+
+2. Make sure local Codex is already usable:
+
+- verify `codex` is installed and available on `PATH` (or set `CODEX_CLI_BIN`)
+- verify Codex provider/auth configuration already works outside this repository
+
+3. Generate a local bearer token:
+
+```bash
+export A2A_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')"
+```
+
+4. Start this service from the source tree:
+
+```bash
+CODEX_WORKSPACE_ROOT=/abs/path/to/workspace uv run codex-a2a
+```
+
+5. Open the Agent Card:
+
+- `http://127.0.0.1:8000/.well-known/agent-card.json`
+
+## Validation Baseline
+
+Run the default validation baseline before opening or updating a PR:
+
+```bash
+bash ./scripts/validate_baseline.sh
+```
+
+This script runs `pre-commit`, `mypy`, `pytest` with the repository coverage
+floor, then builds the package and smoke-tests the freshly built wheel.
+
+For shell script changes, validate the touched scripts directly, for example:
+
+```bash
+bash -n scripts/validate_baseline.sh
+bash -n scripts/smoke_test_built_cli.sh
+```
+
+If `pre-commit` rewrites files, review the rewritten output and re-run the
+checks until the working tree is clean.
+
+## Compatibility Expectations
+
+- The repository targets Python 3.11, 3.12, and 3.13.
+- Machine-readable declarations should match actual runtime behavior.
+- Custom extensions must remain stable within the current major line unless a
+  change is explicitly documented as breaking.
+- Shared metadata and wire contracts should not drift between Agent Card,
+  OpenAPI, and runtime behavior.
+
+More detail: [Compatibility Guide](docs/compatibility.md)
+
+## Security and Secrets
+
+- Never commit bearer tokens, provider keys, or `.env` contents.
+- Do not add logs that expose raw credentials or private payloads.
+- Deployment, authentication, or secret-handling changes must update the
+  relevant documentation.
+
+## Reviews
+
+Good PRs in this repository are usually:
+
+- small enough to review quickly
+- explicit about contract changes
+- backed by tests when runtime behavior changes
+- clear about residual risk when the work is intentionally partial