codex-a2a 0.5.3__tar.gz → 0.6.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (211) hide show
  1. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/.gitignore +2 -0
  2. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/CONTRIBUTING.md +4 -3
  3. {codex_a2a-0.5.3/src/codex_a2a.egg-info → codex_a2a-0.6.1}/PKG-INFO +34 -24
  4. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/README.md +33 -23
  5. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/SECURITY.md +2 -2
  6. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/docs/architecture.md +2 -1
  7. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/docs/compatibility.md +47 -2
  8. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/docs/extension-specifications.md +24 -0
  9. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/docs/guide.md +430 -88
  10. codex_a2a-0.6.1/docs/maintainer-architecture.md +83 -0
  11. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/pyproject.toml +3 -0
  12. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/smoke_test_built_cli.sh +15 -1
  13. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/__init__.py +3 -0
  14. codex_a2a-0.6.1/src/codex_a2a/auth.py +144 -0
  15. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/types.py +0 -2
  16. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/config.py +95 -4
  17. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/contracts/extensions.py +650 -16
  18. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/exec_runtime.py +17 -4
  19. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/executor.py +50 -3
  20. codex_a2a-0.6.1/src/codex_a2a/execution/request_metadata.py +110 -0
  21. codex_a2a-0.6.1/src/codex_a2a/execution/request_overrides.py +97 -0
  22. codex_a2a-0.6.1/src/codex_a2a/execution/review_runtime.py +271 -0
  23. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/stream_interrupts.py +13 -5
  24. codex_a2a-0.6.1/src/codex_a2a/execution/thread_lifecycle_runtime.py +399 -0
  25. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/input_mapping.py +0 -9
  26. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/application.py +35 -3
  27. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/control_params.py +16 -0
  28. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/dispatch.py +33 -6
  29. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/errors.py +30 -0
  30. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/exec_control.py +43 -1
  31. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/interrupt_recovery.py +41 -0
  32. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/interrupt_recovery_params.py +56 -0
  33. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/params.py +26 -0
  34. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/params_common.py +30 -0
  35. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/review_control.py +136 -0
  36. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/review_control_params.py +208 -0
  37. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/session_control.py +49 -0
  38. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/session_query.py +16 -0
  39. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/thread_lifecycle_control.py +49 -0
  40. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/thread_lifecycle_params.py +23 -0
  41. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/turn_control.py +122 -0
  42. codex_a2a-0.6.1/src/codex_a2a/jsonrpc/turn_control_params.py +103 -0
  43. codex_a2a-0.6.1/src/codex_a2a/media_modes.py +18 -0
  44. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/profile/runtime.py +36 -3
  45. codex_a2a-0.6.1/src/codex_a2a/server/agent_card.py +891 -0
  46. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/application.py +43 -26
  47. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/call_context.py +6 -0
  48. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/http_middlewares.py +23 -6
  49. codex_a2a-0.6.1/src/codex_a2a/server/migrations.py +119 -0
  50. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/openapi.py +192 -57
  51. codex_a2a-0.6.1/src/codex_a2a/server/output_negotiation.py +388 -0
  52. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/request_handler.py +145 -3
  53. codex_a2a-0.6.1/src/codex_a2a/server/runtime_state.py +1018 -0
  54. codex_a2a-0.6.1/src/codex_a2a/upstream/client.py +630 -0
  55. codex_a2a-0.6.1/src/codex_a2a/upstream/conversation_facade.py +515 -0
  56. codex_a2a-0.6.1/src/codex_a2a/upstream/exec_facade.py +81 -0
  57. codex_a2a-0.6.1/src/codex_a2a/upstream/interrupt_bridge.py +671 -0
  58. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/upstream/interrupts.py +18 -0
  59. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/upstream/models.py +4 -0
  60. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/upstream/request_mapping.py +54 -0
  61. codex_a2a-0.6.1/src/codex_a2a/upstream/startup.py +100 -0
  62. codex_a2a-0.6.1/src/codex_a2a/upstream/stream_bridge.py +394 -0
  63. codex_a2a-0.6.1/src/codex_a2a/upstream/transport.py +280 -0
  64. {codex_a2a-0.5.3 → codex_a2a-0.6.1/src/codex_a2a.egg-info}/PKG-INFO +34 -24
  65. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a.egg-info/SOURCES.txt +30 -1
  66. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/config/test_settings.py +148 -44
  67. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/contracts/test_extension_contract_consistency.py +130 -3
  68. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_cancellation.py +2 -0
  69. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_codex_agent_session_binding.py +66 -3
  70. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_discovery_exec_runtime.py +39 -3
  71. codex_a2a-0.6.1/tests/execution/test_review_runtime.py +178 -0
  72. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_session_ownership.py +32 -3
  73. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_session_persistence.py +143 -0
  74. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_stream_interrupts.py +31 -2
  75. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_streaming_output_contract.py +8 -4
  76. codex_a2a-0.6.1/tests/execution/test_thread_lifecycle_runtime.py +464 -0
  77. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_codex_discovery_extension.py +3 -3
  78. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_codex_exec_extension.py +156 -18
  79. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_codex_session_extension.py +346 -39
  80. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_codex_thread_lifecycle_extension.py +114 -3
  81. codex_a2a-0.6.1/tests/jsonrpc/test_codex_turn_review_extension.py +303 -0
  82. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_dispatch.py +20 -0
  83. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_guard_hooks.py +9 -0
  84. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/jsonrpc/test_jsonrpc_models.py +222 -1
  85. codex_a2a-0.6.1/tests/package/test_logging.py +9 -0
  86. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/package/test_release_distribution_contract.py +11 -4
  87. codex_a2a-0.6.1/tests/package/test_typing_contract.py +9 -0
  88. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/profile/test_profile.py +18 -0
  89. codex_a2a-0.6.1/tests/server/test_agent_card.py +920 -0
  90. codex_a2a-0.6.1/tests/server/test_auth.py +127 -0
  91. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_database_app_persistence.py +22 -6
  92. codex_a2a-0.6.1/tests/server/test_migrations.py +130 -0
  93. codex_a2a-0.6.1/tests/server/test_request_handler.py +770 -0
  94. codex_a2a-0.6.1/tests/server/test_runtime_state.py +113 -0
  95. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_transport_contract.py +220 -5
  96. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/support/dummy_clients.py +140 -6
  97. codex_a2a-0.6.1/tests/support/settings.py +63 -0
  98. codex_a2a-0.6.1/tests/test_input_mapping.py +153 -0
  99. codex_a2a-0.6.1/tests/upstream/__init__.py +0 -0
  100. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/upstream/test_codex_client_params.py +299 -5
  101. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/upstream/test_interrupt_persistence.py +64 -0
  102. codex_a2a-0.6.1/tests/upstream/test_modular_upstream_components.py +787 -0
  103. codex_a2a-0.5.3/src/codex_a2a/execution/request_metadata.py +0 -60
  104. codex_a2a-0.5.3/src/codex_a2a/execution/thread_lifecycle_runtime.py +0 -188
  105. codex_a2a-0.5.3/src/codex_a2a/server/agent_card.py +0 -525
  106. codex_a2a-0.5.3/src/codex_a2a/server/runtime_state.py +0 -567
  107. codex_a2a-0.5.3/src/codex_a2a/upstream/client.py +0 -1679
  108. codex_a2a-0.5.3/tests/execution/test_thread_lifecycle_runtime.py +0 -117
  109. codex_a2a-0.5.3/tests/server/test_agent_card.py +0 -473
  110. codex_a2a-0.5.3/tests/server/test_request_handler.py +0 -295
  111. codex_a2a-0.5.3/tests/support/settings.py +0 -14
  112. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/.github/workflows/ci.yml +0 -0
  113. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/.github/workflows/publish.yml +0 -0
  114. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/.pre-commit-config.yaml +0 -0
  115. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/.secrets.baseline +0 -0
  116. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/AGENTS.md +0 -0
  117. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/LICENSE +0 -0
  118. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/mypy.ini +0 -0
  119. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/README.md +0 -0
  120. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/publish_github_release.sh +0 -0
  121. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/sync_codex_docs.sh +0 -0
  122. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/validate_baseline.sh +0 -0
  123. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/scripts/validate_runtime_matrix.sh +0 -0
  124. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/setup.cfg +0 -0
  125. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/cli.py +0 -0
  126. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/__init__.py +0 -0
  127. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/agent_card.py +0 -0
  128. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/auth.py +0 -0
  129. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/client.py +0 -0
  130. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/config.py +0 -0
  131. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/errors.py +0 -0
  132. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/manager.py +0 -0
  133. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/payload_text.py +0 -0
  134. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/client/request_context.py +0 -0
  135. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/contracts/__init__.py +0 -0
  136. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/contracts/runtime_output.py +0 -0
  137. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/__init__.py +0 -0
  138. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/cancellation.py +0 -0
  139. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/directory_policy.py +0 -0
  140. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/discovery_runtime.py +0 -0
  141. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/output_mapping.py +0 -0
  142. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/response_emitter.py +0 -0
  143. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/session_runtime.py +0 -0
  144. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/stream_chunks.py +0 -0
  145. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/stream_processor.py +0 -0
  146. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/stream_state.py +0 -0
  147. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/streaming.py +0 -0
  148. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/execution/tool_call_payloads.py +0 -0
  149. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/__init__.py +0 -0
  150. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/discovery_control.py +0 -0
  151. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/discovery_params.py +0 -0
  152. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/discovery_payload_mapping.py +0 -0
  153. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/discovery_query.py +0 -0
  154. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/hooks.py +0 -0
  155. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/interrupt_lifecycle.py +0 -0
  156. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/interrupt_params.py +0 -0
  157. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/interrupts.py +0 -0
  158. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/payload_mapping.py +0 -0
  159. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/jsonrpc/query_params.py +0 -0
  160. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/logging_context.py +0 -0
  161. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/metrics.py +0 -0
  162. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/parts/text.py +0 -0
  163. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/profile/__init__.py +0 -0
  164. /codex_a2a-0.5.3/src/codex_a2a/server/__init__.py → /codex_a2a-0.6.1/src/codex_a2a/py.typed +0 -0
  165. {codex_a2a-0.5.3/tests/config → codex_a2a-0.6.1/src/codex_a2a/server}/__init__.py +0 -0
  166. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/database.py +0 -0
  167. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/server/task_store.py +0 -0
  168. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/upstream/__init__.py +0 -0
  169. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a/upstream/notification_mapping.py +0 -0
  170. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a.egg-info/dependency_links.txt +0 -0
  171. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a.egg-info/entry_points.txt +0 -0
  172. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a.egg-info/requires.txt +0 -0
  173. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/src/codex_a2a.egg-info/top_level.txt +0 -0
  174. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/__init__.py +0 -0
  175. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/__init__.py +0 -0
  176. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_agent_card.py +0 -0
  177. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_cli.py +0 -0
  178. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_client_flow.py +0 -0
  179. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_client_manager.py +0 -0
  180. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_errors.py +0 -0
  181. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_lifecycle.py +0 -0
  182. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_payload_text.py +0 -0
  183. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_request_context.py +0 -0
  184. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/client/test_types.py +0 -0
  185. {codex_a2a-0.5.3/tests/contracts → codex_a2a-0.6.1/tests/config}/__init__.py +0 -0
  186. {codex_a2a-0.5.3/tests/execution → codex_a2a-0.6.1/tests/contracts}/__init__.py +0 -0
  187. {codex_a2a-0.5.3/tests/jsonrpc → codex_a2a-0.6.1/tests/execution}/__init__.py +0 -0
  188. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_agent_errors.py +0 -0
  189. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_directory_validation.py +0 -0
  190. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_metrics.py +0 -0
  191. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_session_runtime.py +0 -0
  192. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_stream_chunks.py +0 -0
  193. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/execution/test_tool_call_payloads.py +0 -0
  194. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/fixtures/codex_app_server/command_execution_output_delta.json +0 -0
  195. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/fixtures/codex_app_server/file_change_output_delta.json +0 -0
  196. {codex_a2a-0.5.3/tests/package → codex_a2a-0.6.1/tests/jsonrpc}/__init__.py +0 -0
  197. {codex_a2a-0.5.3/tests/parts → codex_a2a-0.6.1/tests/package}/__init__.py +0 -0
  198. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/package/test_publish_github_release_script.py +0 -0
  199. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/package/test_version.py +0 -0
  200. {codex_a2a-0.5.3/tests/profile → codex_a2a-0.6.1/tests/parts}/__init__.py +0 -0
  201. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/parts/test_text.py +0 -0
  202. {codex_a2a-0.5.3/tests/server → codex_a2a-0.6.1/tests/profile}/__init__.py +0 -0
  203. {codex_a2a-0.5.3/tests/support → codex_a2a-0.6.1/tests/server}/__init__.py +0 -0
  204. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_call_context_builder.py +0 -0
  205. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_cli.py +0 -0
  206. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_database.py +0 -0
  207. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/server/test_task_store.py +0 -0
  208. {codex_a2a-0.5.3/tests/upstream → codex_a2a-0.6.1/tests/support}/__init__.py +0 -0
  209. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/support/context.py +0 -0
  210. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/tests/support/fixtures.py +0 -0
  211. {codex_a2a-0.5.3 → codex_a2a-0.6.1}/uv.lock +0 -0
@@ -43,6 +43,8 @@ logs/
43
43
  run/
44
44
  .codex-a2a/
45
45
  *.db
46
+ *.db-shm
47
+ *.db-wal
46
48
 
47
49
  # Unit test / coverage reports
48
50
  htmlcov/
@@ -35,10 +35,11 @@ uv sync --all-extras
35
35
  - verify `codex` is installed and available on `PATH` (or set `CODEX_CLI_BIN`)
36
36
  - verify Codex provider/auth configuration already works outside this repository
37
37
 
38
- 3. Generate a local bearer token:
38
+ 3. Generate a local inbound credential registry:
39
39
 
40
40
  ```bash
41
- export A2A_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')"
41
+ export DEMO_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')"
42
+ export A2A_STATIC_AUTH_CREDENTIALS='[{"id":"local-bearer","scheme":"bearer","token":"'"${DEMO_BEARER_TOKEN}"'","principal":"automation"}]'
42
43
  ```
43
44
 
44
45
  4. Start this service from the source tree:
@@ -50,7 +51,7 @@ CODEX_WORKSPACE_ROOT=/abs/path/to/workspace uv run codex-a2a
50
51
  5. Inspect the discovery surfaces:
51
52
 
52
53
  - `http://127.0.0.1:8000/.well-known/agent-card.json`
53
- - `curl -H "Authorization: Bearer ${A2A_BEARER_TOKEN}" http://127.0.0.1:8000/v1/card`
54
+ - `curl -H "Authorization: Bearer ${DEMO_BEARER_TOKEN}" http://127.0.0.1:8000/v1/card`
54
55
 
55
56
  ## Validation Baseline
56
57
 
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codex-a2a
3
- Version: 0.5.3
3
+ Version: 0.6.1
4
4
  Summary: Codex A2A runtime adapter
5
5
  Author: liujuanjuan1984@Intelligent-Internet
6
6
  License-Expression: Apache-2.0
@@ -77,6 +77,8 @@ flowchart TD
77
77
  PeerA2A -->|task / stream result| Outbound
78
78
  ```
79
79
 
80
+ For internal module boundaries and maintainer-facing request call chains, see [Maintainer Architecture Guide](docs/maintainer-architecture.md).
81
+
80
82
  ## Quick Start
81
83
 
82
84
  Install the released CLI with `uv tool`:
@@ -107,7 +109,8 @@ Before starting the runtime:
107
109
  Self-start the released CLI against a workspace root:
108
110
 
109
111
  ```bash
110
- A2A_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')" \
112
+ DEMO_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')"
113
+ A2A_STATIC_AUTH_CREDENTIALS='[{"id":"local-bearer","scheme":"bearer","token":"'"${DEMO_BEARER_TOKEN}"'","principal":"automation"}]' \
111
114
  A2A_HOST=127.0.0.1 \
112
115
  A2A_PORT=8000 \
113
116
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
@@ -116,8 +119,14 @@ CODEX_WORKSPACE_ROOT=/abs/path/to/workspace \
116
119
  codex-a2a
117
120
  ```
118
121
 
122
+ For the full runtime configuration matrix, outbound client settings, and deployment notes, see [Usage Guide](docs/guide.md).
123
+
124
+ ## Operational Notes
125
+
119
126
  When `A2A_DATABASE_URL` is unset and `CODEX_WORKSPACE_ROOT` is configured, the default SQLite database is created under `${CODEX_WORKSPACE_ROOT}/.codex-a2a/codex-a2a.db`.
120
127
 
128
+ On startup, `codex-a2a` auto-creates its own runtime-state tables and applies versioned runtime-state schema migrations in place. This migration ownership currently covers only the adapter-managed `a2a_*` runtime-state tables and intentionally excludes the A2A SDK task-store schema.
129
+
121
130
  YOLO-equivalent startup note:
122
131
 
123
132
  - `codex-a2a` does not add a separate `--yolo` flag or `YOLO` environment variable.
@@ -134,6 +143,27 @@ Authenticated extended card:
134
143
 
135
144
  Outbound peer auth is configured with `A2A_CLIENT_BEARER_TOKEN` or `A2A_CLIENT_BASIC_AUTH`; see the Usage Guide for the complete client-side matrix.
136
145
 
146
+ ## When To Use It
147
+
148
+ Use this project when:
149
+
150
+ - you want to keep Codex as the runtime
151
+ - you need A2A transports and Agent Card discovery
152
+ - you want a thin service boundary instead of building your own adapter
153
+ - you want inbound serving and outbound peer access in one deployable unit
154
+
155
+ Prefer [a2a-client-hub](https://github.com/liujuanjuan1984/a2a-client-hub) when:
156
+
157
+ - you need a broader application-facing client integration layer
158
+ - you want higher-level A2A consumption and upstream adapter normalization
159
+ - you want client-side integration concerns separated from the Codex runtime boundary
160
+
161
+ Look elsewhere if:
162
+
163
+ - you need hard multi-tenant isolation inside one shared runtime
164
+ - you want this project to manage your process supervisor or host bootstrap
165
+ - you want a general runtime-agnostic A2A server rather than a Codex adapter
166
+
137
167
  ## Highlights
138
168
 
139
169
  - A2A HTTP+JSON endpoints such as `/v1/message:send` and `/v1/message:stream`
@@ -151,37 +181,17 @@ Outbound peer auth is configured with `A2A_CLIENT_BEARER_TOKEN` or `A2A_CLIENT_B
151
181
  Portable vs Private Surface:
152
182
 
153
183
  - Treat the core A2A send / stream / task methods plus Agent Card discovery as the portable baseline.
154
- - Treat `codex.*` methods and `metadata.codex.directory` as the Codex-specific control plane for Codex-aware clients.
184
+ - Treat `codex.*` methods plus `metadata.codex.directory` and `metadata.codex.execution` as the Codex-specific control plane for Codex-aware clients.
155
185
  - Treat one deployed instance as a single-tenant trust boundary, not a hardened multi-tenant runtime.
156
186
 
157
187
  The normative compatibility split and deployment model live in [Compatibility Guide](docs/compatibility.md) and [Security Policy](SECURITY.md).
158
188
 
159
- ## When To Use It
160
-
161
- Use this project when:
162
-
163
- - you want to keep Codex as the runtime
164
- - you need A2A transports and Agent Card discovery
165
- - you want a thin service boundary instead of building your own adapter
166
- - you want inbound serving and outbound peer access in one deployable unit
167
-
168
- Look elsewhere if:
169
-
170
- - you need hard multi-tenant isolation inside one shared runtime
171
- - you want this project to manage your process supervisor or host bootstrap
172
- - you want a general client integration layer rather than a runtime adapter
173
-
174
- ## Recommended Client Side
175
-
176
- If you want a broader application-facing client integration layer, prefer [a2a-client-hub](https://github.com/liujuanjuan1984/a2a-client-hub).
177
-
178
- It is a better place for higher-level client concerns such as A2A consumption, upstream adapter normalization, and application-facing integration, while `codex-a2a` stays focused on the runtime boundary around Codex plus embedded peer calling.
179
-
180
189
  ## Further Reading
181
190
 
182
191
  - [Usage Guide](docs/guide.md) Runtime configuration, outbound access, transport usage, and client examples.
183
192
  - [Extension Specifications](docs/extension-specifications.md) Stable extension URI/spec index plus public-vs-extended card disclosure rules.
184
193
  - [Architecture Guide](docs/architecture.md) System structure, boundaries, and request flow.
194
+ - [Maintainer Architecture Guide](docs/maintainer-architecture.md) Internal module structure, request call chains, and persistence touchpoints for contributors.
185
195
  - [Compatibility Guide](docs/compatibility.md) Supported Python/runtime surface, extension stability, and ecosystem-facing compatibility expectations.
186
196
  - [Security Policy](SECURITY.md) Threat model, deployment caveats, and vulnerability disclosure guidance.
187
197
 
@@ -35,6 +35,8 @@ flowchart TD
35
35
  PeerA2A -->|task / stream result| Outbound
36
36
  ```
37
37
 
38
+ For internal module boundaries and maintainer-facing request call chains, see [Maintainer Architecture Guide](docs/maintainer-architecture.md).
39
+
38
40
  ## Quick Start
39
41
 
40
42
  Install the released CLI with `uv tool`:
@@ -65,7 +67,8 @@ Before starting the runtime:
65
67
  Self-start the released CLI against a workspace root:
66
68
 
67
69
  ```bash
68
- A2A_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')" \
70
+ DEMO_BEARER_TOKEN="$(python -c 'import secrets; print(secrets.token_hex(24))')"
71
+ A2A_STATIC_AUTH_CREDENTIALS='[{"id":"local-bearer","scheme":"bearer","token":"'"${DEMO_BEARER_TOKEN}"'","principal":"automation"}]' \
69
72
  A2A_HOST=127.0.0.1 \
70
73
  A2A_PORT=8000 \
71
74
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
@@ -74,8 +77,14 @@ CODEX_WORKSPACE_ROOT=/abs/path/to/workspace \
74
77
  codex-a2a
75
78
  ```
76
79
 
80
+ For the full runtime configuration matrix, outbound client settings, and deployment notes, see [Usage Guide](docs/guide.md).
81
+
82
+ ## Operational Notes
83
+
77
84
  When `A2A_DATABASE_URL` is unset and `CODEX_WORKSPACE_ROOT` is configured, the default SQLite database is created under `${CODEX_WORKSPACE_ROOT}/.codex-a2a/codex-a2a.db`.
78
85
 
86
+ On startup, `codex-a2a` auto-creates its own runtime-state tables and applies versioned runtime-state schema migrations in place. This migration ownership currently covers only the adapter-managed `a2a_*` runtime-state tables and intentionally excludes the A2A SDK task-store schema.
87
+
79
88
  YOLO-equivalent startup note:
80
89
 
81
90
  - `codex-a2a` does not add a separate `--yolo` flag or `YOLO` environment variable.
@@ -92,6 +101,27 @@ Authenticated extended card:
92
101
 
93
102
  Outbound peer auth is configured with `A2A_CLIENT_BEARER_TOKEN` or `A2A_CLIENT_BASIC_AUTH`; see the Usage Guide for the complete client-side matrix.
94
103
 
104
+ ## When To Use It
105
+
106
+ Use this project when:
107
+
108
+ - you want to keep Codex as the runtime
109
+ - you need A2A transports and Agent Card discovery
110
+ - you want a thin service boundary instead of building your own adapter
111
+ - you want inbound serving and outbound peer access in one deployable unit
112
+
113
+ Prefer [a2a-client-hub](https://github.com/liujuanjuan1984/a2a-client-hub) when:
114
+
115
+ - you need a broader application-facing client integration layer
116
+ - you want higher-level A2A consumption and upstream adapter normalization
117
+ - you want client-side integration concerns separated from the Codex runtime boundary
118
+
119
+ Look elsewhere if:
120
+
121
+ - you need hard multi-tenant isolation inside one shared runtime
122
+ - you want this project to manage your process supervisor or host bootstrap
123
+ - you want a general runtime-agnostic A2A server rather than a Codex adapter
124
+
95
125
  ## Highlights
96
126
 
97
127
  - A2A HTTP+JSON endpoints such as `/v1/message:send` and `/v1/message:stream`
@@ -109,37 +139,17 @@ Outbound peer auth is configured with `A2A_CLIENT_BEARER_TOKEN` or `A2A_CLIENT_B
109
139
  Portable vs Private Surface:
110
140
 
111
141
  - Treat the core A2A send / stream / task methods plus Agent Card discovery as the portable baseline.
112
- - Treat `codex.*` methods and `metadata.codex.directory` as the Codex-specific control plane for Codex-aware clients.
142
+ - Treat `codex.*` methods plus `metadata.codex.directory` and `metadata.codex.execution` as the Codex-specific control plane for Codex-aware clients.
113
143
  - Treat one deployed instance as a single-tenant trust boundary, not a hardened multi-tenant runtime.
114
144
 
115
145
  The normative compatibility split and deployment model live in [Compatibility Guide](docs/compatibility.md) and [Security Policy](SECURITY.md).
116
146
 
117
- ## When To Use It
118
-
119
- Use this project when:
120
-
121
- - you want to keep Codex as the runtime
122
- - you need A2A transports and Agent Card discovery
123
- - you want a thin service boundary instead of building your own adapter
124
- - you want inbound serving and outbound peer access in one deployable unit
125
-
126
- Look elsewhere if:
127
-
128
- - you need hard multi-tenant isolation inside one shared runtime
129
- - you want this project to manage your process supervisor or host bootstrap
130
- - you want a general client integration layer rather than a runtime adapter
131
-
132
- ## Recommended Client Side
133
-
134
- If you want a broader application-facing client integration layer, prefer [a2a-client-hub](https://github.com/liujuanjuan1984/a2a-client-hub).
135
-
136
- It is a better place for higher-level client concerns such as A2A consumption, upstream adapter normalization, and application-facing integration, while `codex-a2a` stays focused on the runtime boundary around Codex plus embedded peer calling.
137
-
138
147
  ## Further Reading
139
148
 
140
149
  - [Usage Guide](docs/guide.md) Runtime configuration, outbound access, transport usage, and client examples.
141
150
  - [Extension Specifications](docs/extension-specifications.md) Stable extension URI/spec index plus public-vs-extended card disclosure rules.
142
151
  - [Architecture Guide](docs/architecture.md) System structure, boundaries, and request flow.
152
+ - [Maintainer Architecture Guide](docs/maintainer-architecture.md) Internal module structure, request call chains, and persistence touchpoints for contributors.
143
153
  - [Compatibility Guide](docs/compatibility.md) Supported Python/runtime surface, extension stability, and ecosystem-facing compatibility expectations.
144
154
  - [Security Policy](SECURITY.md) Threat model, deployment caveats, and vulnerability disclosure guidance.
145
155
 
@@ -8,7 +8,7 @@ The current deployment model is a single-tenant trust boundary by design.
8
8
 
9
9
  ## Security Boundary
10
10
 
11
- - `A2A_BEARER_TOKEN` protects access to the A2A surface, but it is not a tenant-isolation boundary inside one deployed instance.
11
+ - Statically configured inbound bearer/basic credentials protect access to the A2A surface, but they are not a tenant-isolation boundary inside one deployed instance.
12
12
  - Within one `codex-a2a` instance, consumers share the same underlying Codex workspace/environment by default.
13
13
  - LLM provider keys are consumed by the `codex` process. Prompt injection or indirect exfiltration attempts may still expose sensitive values.
14
14
  - Payload logging is opt-in. When `A2A_LOG_PAYLOADS=true`, this service only logs JSON payload previews, applies size guards, and suppresses full payload logging for `codex.*` JSON-RPC extension calls.
@@ -20,7 +20,7 @@ This project is currently best suited for trusted or internal environments. Impo
20
20
  - Single-tenant trust boundary only; not a secure multi-tenant deployment profile
21
21
  - No per-tenant workspace isolation inside one instance
22
22
  - No hard guarantee that upstream provider keys are inaccessible to agent logic
23
- - Bearer-token auth only by default; stronger identity propagation is still an incremental hardening area
23
+ - Inbound auth is deployment-scoped and static; this repository does not expose OAuth2, OIDC, or dynamic token introspection
24
24
  - Operators remain responsible for host hardening, secret rotation, and process access controls
25
25
 
26
26
  ## Reporting a Vulnerability
@@ -30,7 +30,7 @@ flowchart LR
30
30
  Codex --> Workspace["Shared workspace and provider credentials"]
31
31
  ```
32
32
 
33
- This view emphasizes service responsibility boundaries rather than internal module structure. The root [README](../README.md) keeps the more implementation-oriented logical component view for first-time readers.
33
+ This view emphasizes service responsibility boundaries rather than internal module structure. The root [README](../README.md) keeps the more implementation-oriented logical component view for first-time readers, while [maintainer-architecture.md](./maintainer-architecture.md) covers the internal module graph and request call chains for contributors.
34
34
 
35
35
  ## Request Flow
36
36
 
@@ -90,6 +90,7 @@ Use the docs by responsibility:
90
90
 
91
91
  - [README](../README.md): project overview, quick-start path, and entry navigation
92
92
  - [Usage Guide](guide.md): configuration, transport usage, and runtime examples
93
+ - [Maintainer Architecture Guide](maintainer-architecture.md): internal module boundaries, request call chains, and persistence touchpoints
93
94
  - [Extension Specifications](extension-specifications.md): stable extension URI/spec index and public-vs-extended disclosure rules
94
95
  - [Compatibility Guide](compatibility.md): current compatibility promises and stability expectations
95
96
  - [Contributing Guide](../CONTRIBUTING.md): contributor workflow and validation
@@ -26,7 +26,7 @@ Open-source consumption guidance:
26
26
 
27
27
  - Treat the core A2A send / stream / task methods as the portable baseline.
28
28
  - Treat `urn:a2a:*` entries in this repository as shared repo-family conventions, not as claims that they are part of the A2A core baseline.
29
- - Treat `codex.*` methods and `metadata.codex.directory` as a Codex-specific control plane layered on top of the portable A2A surface.
29
+ - Treat `codex.*` methods plus `metadata.codex.directory` and `metadata.codex.execution` as a Codex-specific control plane layered on top of the portable A2A surface.
30
30
  - Treat [extension-specifications.md](./extension-specifications.md) as the stable URI/spec index, not as the main usage guide.
31
31
 
32
32
  ## Normative Sources
@@ -64,6 +64,8 @@ Task durability is deployment-dependent:
64
64
  - `A2A_DATABASE_URL=<sqlalchemy-async-url>` preserves task lookup/cancel/resubscribe state across process restarts.
65
65
  - `A2A_DATABASE_URL` now defaults to a workspace-local SQLite database at `${CODEX_WORKSPACE_ROOT}/.codex-a2a/codex-a2a.db` when `CODEX_WORKSPACE_ROOT` is configured; otherwise it falls back to `sqlite+aiosqlite:///./codex-a2a.db`. Persistence therefore remains the default runtime behavior.
66
66
  - The same database-backed mode also preserves session-binding ownership state and pending interrupt callback requests that still fall within their TTL. Session-binding and ownership persistence are independent from the in-memory session cache TTL.
67
+ - The default SQLite + WAL profile is intended for a stable local filesystem path, not for network filesystems or sync-managed folders with weaker locking behavior.
68
+ - The repository-local migration helper remains intentionally lightweight: it supports additive, adapter-owned schema evolution such as creating tables, adding nullable columns, and writing per-scope schema versions. It should not be read as a promise that heavier schema rewrites will stay in-scope without a tooling change.
67
69
 
68
70
  ## Deployment Profile
69
71
 
@@ -93,6 +95,40 @@ Execution-environment boundary fields are also published through the runtime pro
93
95
  - `codex.exec.*` is compatibility-sensitive as the standalone interactive exec contract. Changes to handle shapes, task-stream delivery, or lifecycle method names should be treated as wire-level changes.
94
96
  - `codex.discovery.*` is compatibility-sensitive as the stable discovery contract for `skill.path` and `mention_path` identifiers. Changes to normalized item fields, plugin marketplace mapping, or discovery watch task payload kinds should be treated as wire-level changes.
95
97
  - `codex.threads.*` is compatibility-sensitive as the provider-private thread lifecycle contract. Changes to lifecycle method names, watch payload kinds, or watch-task bridge event names should be treated as wire-level changes.
98
+ - `codex.turns.*` is compatibility-sensitive as the active-turn control contract. Changes to `expected_turn_id` semantics, same-turn rich-input handling, or rejected override fields should be treated as wire-level changes.
99
+ - `codex.review.*` is compatibility-sensitive as the review control and watch contract. Changes to supported target types, `delivery` semantics, review watch payload kinds, or review watch event names should be treated as wire-level changes.
100
+ - Provider-private Agent Card skill decomposition is also compatibility-sensitive. Renaming or re-merging `codex.sessions.query/control`, `codex.discovery.query/watch`, `codex.threads.control/watch`, `codex.turns.control`, `codex.review.control`, `codex.exec.control/stream`, or narrowing `codex.interrupt.callback` output modes should be treated as discoverability contract changes.
101
+ - Agent Card media modes and `acceptedOutputModes` handling are compatibility-sensitive. Changes to declared default modes, to task-scoped persistence of negotiated modes, or to structured-output downgrade behavior should be treated as wire-level changes.
102
+ - For core chat tasks, negotiated output modes are lifecycle-scoped. `message/send`, `message/stream`, `tasks/get`, `tasks/resubscribe`, and push notifications should not drift apart for the same task.
103
+ - For core chat requests, explicit `acceptedOutputModes` are also a compatibility-sensitive fail-fast boundary: requests must remain compatible with declared chat output modes, and current chat turns require `text/plain`.
104
+
105
+ ## Extension Boundary Governance
106
+
107
+ When evaluating or evolving `codex.*` methods, this repository uses the following boundary rules:
108
+
109
+ - The adapter may document, validate, route, and normalize stable upstream-facing behavior, but it should not grow into a general replacement for upstream private runtime internals or host-level control planes.
110
+ - New `codex.*` methods default to provider-private extension status. They should not be described as portable A2A baseline capabilities unless they align with shared protocol semantics.
111
+ - Read-only discovery, compatibility-preserving projections, and low-risk control methods are preferred over stronger mutating or destructive provider controls.
112
+ - A2A core object mappings should be used only for stable, low-ambiguity read projections. When the upstream payload is execution-control-specific or highly provider-shaped, the contract should stay as a provider-private result envelope or watch-task payload.
113
+ - Active-turn steering, standalone interactive exec, reviewer control, subtask/subagent fan-out, task-tool internals, and similar runtime mechanisms should be treated as provider-private internals by default even when passthrough support exists.
114
+ - Each new extension proposal should answer, in issue or design form:
115
+ - what client value exists beyond the current chat/session flow?
116
+ - is the upstream behavior stable enough to carry as a maintained contract?
117
+ - should the surface be provider-private, deployment-conditional, or excluded?
118
+ - are authorization, ownership, and destructive-side-effect boundaries enforceable?
119
+ - can the result shape avoid overfitting provider internals into fake A2A core semantics?
120
+
121
+ Current repository judgment under those rules:
122
+
123
+ - `codex.discovery.*` and the `codex.discovery.watch` bridge fit the preferred read-only and low-risk discovery pattern.
124
+ - `codex.threads.*`, especially `codex.threads.watch` and `codex.threads.watch.release`, remain acceptable as provider-private lifecycle surfaces because they expose a bounded watch/control bridge rather than raw upstream subscription internals.
125
+ - `codex.interrupts.list` is acceptable as an adapter-local recovery surface because it only exposes active pending interrupt handles already known to this adapter and does not mutate upstream state.
126
+ - `codex.turns.steer` is boundary-sensitive and should remain narrowly scoped, provider-private, and resistant to scope creep into a general orchestration API.
127
+ - `codex.review.*` is also boundary-sensitive and should stay framed as a provider-private reviewer surface rather than a generic A2A review standard.
128
+ - `codex.sessions.shell` and `codex.exec.*` sit closest to the adapter boundary because they expose standalone command execution semantics instead of a stable session/message projection. They remain supported for internal or tightly controlled deployments, but should stay deployment-conditional and provider-private rather than being treated as generic extension templates.
129
+ - Current default posture keeps `codex.sessions.shell`, `codex.review.*`, and `codex.exec.*` disabled unless a deployment intentionally opts into them. `codex.turns.steer` is enabled by default but remains narrowly scoped, provider-private, and deployment-configurable.
130
+ - Inbound auth is intentionally static and deployment-scoped. The current contract requires a static multi-credential registry with stable principals; it does not claim OAuth2, OIDC, or dynamic token introspection.
131
+ - Stable principal mapping is part of the runtime compatibility surface because session ownership, thread watch ownership, and exec ownership all key off the authenticated principal rather than a rotating token hash.
96
132
 
97
133
  ## Extension Taxonomy
98
134
 
@@ -103,12 +139,14 @@ This repository distinguishes between three layers:
103
139
  - shared extensions
104
140
  - repo-family conventions such as session binding, stream hints, and interrupt callbacks (`permission`, `question`, `permissions`, and `elicitation` reply surfaces)
105
141
  - Codex-specific extensions
106
- - `codex.*` JSON-RPC methods and `metadata.codex.directory`
142
+ - `codex.*` JSON-RPC methods plus `metadata.codex.directory` and `metadata.codex.execution`
107
143
  - this now includes:
108
144
  - session query/control
109
145
  - discovery/query surfaces
110
146
  - discovery watch task bridge
111
147
  - thread lifecycle watch-task bridge
148
+ - active-turn control
149
+ - review start control
112
150
  - standalone interactive exec
113
151
 
114
152
  Discovery note:
@@ -116,6 +154,13 @@ Discovery note:
116
154
  - `codex.discovery.skills.list`, `codex.discovery.apps.list`, `codex.discovery.plugins.list`, and `codex.discovery.plugins.read` are declared read-only discovery methods.
117
155
  - `codex.discovery.watch` is the declared bridge for upstream `skills/changed` and `app/list/updated` notifications.
118
156
  - `codex.threads.watch` is the declared thread lifecycle watch-task bridge for upstream `thread/started`, `thread/status/changed`, `thread/archived`, `thread/unarchived`, and `thread/closed` notifications.
157
+ - `codex.threads.watch.release` is the declared ownership-scoped control method for releasing a watch task created by `codex.threads.watch`.
158
+ - `codex.interrupts.list` is the declared adapter-local recovery method for rediscovering still-active pending interrupt request IDs after reconnecting.
159
+ - `codex.turns.steer` is the declared active-turn control method for appending additional input to an already-running regular turn.
160
+ - `codex.review.start` is the declared review-start control method for `uncommittedChanges`, `baseBranch`, `commit`, and `custom` review targets.
161
+ - `codex.review.watch` is the declared review lifecycle watch-task bridge for `review.started`, `review.status.changed`, `review.completed`, and `review.failed`.
162
+ - `codex.review.start` remains a control-handle surface; clients should use `codex.review.watch` plus `tasks/resubscribe` for review lifecycle observation.
163
+ - `codex.interrupts.list` is always-on but adapter-local and identity-scoped. `codex.sessions.shell`, `codex.turns.steer`, `codex.review.*`, and `codex.exec.*` remain deployment-conditional surfaces and should be discovered from machine-readable contracts before use.
119
164
  - `thread/unsubscribe` is intentionally excluded from the stable public contract until this service exposes connection-safe subscription ownership.
120
165
  - This repository does not claim a generic standalone server-push JSON-RPC transport for those notifications; the compatibility contract is the watch-task bridge published through Agent Card and OpenAPI.
121
166
 
@@ -11,6 +11,12 @@ This document is the stable specification index for the extension URIs published
11
11
 
12
12
  Use the public card for lightweight discovery. Fetch the authenticated extended card when you need full extension params, compatibility metadata, or provider-private routing details.
13
13
 
14
+ Provider-private extension note:
15
+
16
+ - `codex.*` methods in this repository are adapter-managed provider extensions, not portable A2A baseline capabilities.
17
+ - Prefer discovery, stable projections, and low-risk watch/control bridges before exposing stronger runtime or host-execution controls.
18
+ - When an upstream behavior is highly runtime-internal or host-shaped, the specification should keep it provider-private and should not force it into fake A2A core object semantics.
19
+
14
20
  ## Shared Session Binding v1
15
21
 
16
22
  URI: `urn:a2a:session-binding/v1`
@@ -56,6 +62,24 @@ URI: `urn:codex-a2a:codex-thread-lifecycle/v1`
56
62
  - Authenticated extended card: full method contracts, stable thread fields, and watch-task bridge metadata
57
63
  - Transport: A2A JSON-RPC extension methods
58
64
 
65
+ ## Codex Turn Control v1
66
+
67
+ URI: `urn:codex-a2a:codex-turn-control/v1`
68
+
69
+ - Scope: provider-private active-turn steering for already-running regular turns
70
+ - Public Agent Card: capability declaration only
71
+ - Authenticated extended card: full method contracts, rejected override fields, and error metadata
72
+ - Transport: A2A JSON-RPC extension methods
73
+
74
+ ## Codex Review Control v1
75
+
76
+ URI: `urn:codex-a2a:codex-review/v1`
77
+
78
+ - Scope: provider-private review-start control and review lifecycle watch bridge for uncommitted changes, branches, commits, and custom reviewer instructions
79
+ - Public Agent Card: capability declaration only
80
+ - Authenticated extended card: full target contracts, delivery options, watch-task bridge metadata, and error metadata
81
+ - Transport: A2A JSON-RPC extension methods
82
+
59
83
  ## Codex Exec v1
60
84
 
61
85
  URI: `urn:codex-a2a:codex-exec/v1`