codex-a2a 0.7.3__tar.gz → 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. codex_a2a-1.0.0/.github/dependabot.yml +32 -0
  2. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.github/workflows/ci.yml +2 -0
  3. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.github/workflows/publish.yml +0 -4
  4. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/CONTRIBUTING.md +1 -1
  5. {codex_a2a-0.7.3/src/codex_a2a.egg-info → codex_a2a-1.0.0}/PKG-INFO +24 -6
  6. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/README.md +18 -1
  7. codex_a2a-1.0.0/docs/a2a-extension-baseline.md +93 -0
  8. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/architecture.md +1 -1
  9. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/compatibility.md +23 -18
  10. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/conformance-triage.md +7 -7
  11. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/conformance.md +3 -3
  12. codex_a2a-1.0.0/docs/extension-specifications.md +135 -0
  13. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/guide.md +92 -95
  14. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/docs/maintainer-architecture.md +1 -2
  15. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/pyproject.toml +6 -5
  16. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/README.md +4 -0
  17. codex_a2a-1.0.0/scripts/audit_low_call_sites.py +402 -0
  18. codex_a2a-1.0.0/scripts/check_dead_code.py +125 -0
  19. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/smoke_test_built_cli.sh +9 -2
  20. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/validate_baseline.sh +24 -3
  21. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/__init__.py +3 -12
  22. codex_a2a-1.0.0/src/codex_a2a/a2a_proto.py +125 -0
  23. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/auth.py +18 -37
  24. codex_a2a-1.0.0/src/codex_a2a/cli.py +246 -0
  25. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/__init__.py +0 -8
  26. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/agent_card.py +4 -6
  27. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/auth.py +5 -17
  28. codex_a2a-1.0.0/src/codex_a2a/client/client.py +435 -0
  29. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/config.py +21 -0
  30. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/errors.py +23 -61
  31. codex_a2a-1.0.0/src/codex_a2a/client/extension_negotiation.py +215 -0
  32. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/client/manager.py +19 -18
  33. codex_a2a-1.0.0/src/codex_a2a/client/payload_text.py +75 -0
  34. codex_a2a-1.0.0/src/codex_a2a/client/request_context.py +61 -0
  35. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/config.py +24 -32
  36. codex_a2a-1.0.0/src/codex_a2a/contracts/extension_registry.py +351 -0
  37. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/contracts/extension_specs.py +13 -93
  38. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/contracts/extensions.py +324 -242
  39. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/contracts/runtime_output.py +3 -13
  40. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/discovery_runtime.py +5 -4
  41. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/exec_runtime.py +11 -14
  42. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/executor.py +95 -47
  43. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/output_mapping.py +9 -16
  44. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/request_metadata.py +63 -26
  45. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/response_emitter.py +24 -7
  46. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/review_runtime.py +9 -9
  47. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/stream_chunks.py +6 -5
  48. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/stream_processor.py +8 -7
  49. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/stream_state.py +10 -9
  50. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/thread_lifecycle_runtime.py +20 -14
  51. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/tool_call_payloads.py +24 -50
  52. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/input_mapping.py +37 -74
  53. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/application.py +65 -64
  54. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/discovery_control.py +6 -7
  55. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/discovery_params.py +45 -104
  56. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/discovery_query.py +3 -2
  57. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/dispatch.py +0 -11
  58. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/errors.py +19 -71
  59. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/exec_control.py +46 -30
  60. codex_a2a-1.0.0/src/codex_a2a/jsonrpc/exec_control_params.py +132 -0
  61. codex_a2a-1.0.0/src/codex_a2a/jsonrpc/interrupt_params.py +202 -0
  62. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/interrupt_recovery.py +8 -4
  63. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/interrupt_recovery_params.py +3 -15
  64. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/interrupts.py +35 -39
  65. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/owner_guard.py +1 -1
  66. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/params.py +0 -52
  67. codex_a2a-1.0.0/src/codex_a2a/jsonrpc/params_common.py +422 -0
  68. codex_a2a-1.0.0/src/codex_a2a/jsonrpc/payload_mapping.py +67 -0
  69. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/query_params.py +43 -66
  70. codex_a2a-1.0.0/src/codex_a2a/jsonrpc/request_models.py +14 -0
  71. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/review_control.py +30 -33
  72. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/review_control_params.py +11 -35
  73. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/session_query.py +14 -8
  74. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/thread_lifecycle_control.py +62 -69
  75. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/thread_lifecycle_params.py +20 -100
  76. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/turn_control.py +14 -6
  77. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/turn_control_params.py +73 -29
  78. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/profile/runtime.py +0 -11
  79. codex_a2a-1.0.0/src/codex_a2a/protocol_versions.py +105 -0
  80. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/agent_card.py +50 -227
  81. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/application.py +81 -68
  82. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/call_context.py +12 -2
  83. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/http_middlewares.py +73 -126
  84. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/migrations.py +16 -1
  85. codex_a2a-1.0.0/src/codex_a2a/server/openapi.py +264 -0
  86. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/openapi_contract_fragments.py +76 -162
  87. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/output_negotiation.py +78 -77
  88. codex_a2a-1.0.0/src/codex_a2a/server/push_config_store.py +65 -0
  89. codex_a2a-1.0.0/src/codex_a2a/server/request_handler.py +564 -0
  90. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/runtime_state_schema.py +51 -2
  91. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/task_store.py +219 -38
  92. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/client.py +78 -163
  93. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/conversation_facade.py +7 -114
  94. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/notification_mapping.py +46 -7
  95. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/request_mapping.py +114 -43
  96. {codex_a2a-0.7.3 → codex_a2a-1.0.0/src/codex_a2a.egg-info}/PKG-INFO +24 -6
  97. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a.egg-info/SOURCES.txt +20 -9
  98. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a.egg-info/requires.txt +5 -4
  99. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/client/test_cli.py +43 -1
  100. codex_a2a-1.0.0/tests/client/test_client_flow.py +522 -0
  101. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/client/test_client_manager.py +5 -0
  102. codex_a2a-1.0.0/tests/client/test_errors.py +67 -0
  103. codex_a2a-1.0.0/tests/client/test_payload_text.py +129 -0
  104. codex_a2a-1.0.0/tests/client/test_request_context.py +99 -0
  105. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/config/test_settings.py +37 -15
  106. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/contracts/test_extension_contract_consistency.py +154 -195
  107. codex_a2a-1.0.0/tests/contracts/test_extension_registry.py +187 -0
  108. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_agent_errors.py +4 -4
  109. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_cancellation.py +2 -2
  110. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_codex_agent_session_binding.py +86 -60
  111. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_directory_validation.py +8 -3
  112. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_discovery_exec_runtime.py +8 -9
  113. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_metrics.py +33 -29
  114. codex_a2a-1.0.0/tests/execution/test_request_metadata.py +101 -0
  115. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_review_runtime.py +4 -5
  116. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_session_ownership.py +8 -7
  117. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_session_persistence.py +33 -3
  118. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_stream_chunks.py +11 -7
  119. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_streaming_output_contract.py +86 -49
  120. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_thread_lifecycle_runtime.py +102 -15
  121. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_tool_call_payloads.py +16 -16
  122. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_codex_discovery_extension.py +22 -21
  123. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_codex_exec_extension.py +36 -33
  124. codex_a2a-1.0.0/tests/jsonrpc/test_codex_session_extension.py +199 -0
  125. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_codex_thread_lifecycle_extension.py +33 -27
  126. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_codex_turn_review_extension.py +19 -11
  127. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_dispatch.py +3 -14
  128. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_guard_hooks.py +60 -29
  129. codex_a2a-1.0.0/tests/jsonrpc/test_interrupt_lifecycle.py +254 -0
  130. codex_a2a-1.0.0/tests/jsonrpc/test_interrupt_protocol_handlers.py +295 -0
  131. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/test_jsonrpc_models.py +156 -271
  132. codex_a2a-1.0.0/tests/jsonrpc/test_protocol_payload_mapping.py +245 -0
  133. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/package/test_release_distribution_contract.py +16 -6
  134. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/package/test_typing_contract.py +5 -0
  135. codex_a2a-1.0.0/tests/package/test_version.py +44 -0
  136. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/profile/test_profile.py +0 -6
  137. codex_a2a-1.0.0/tests/scripts/test_audit_low_call_sites.py +145 -0
  138. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/scripts/test_script_health_contract.py +27 -1
  139. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_agent_card.py +258 -253
  140. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_auth.py +4 -7
  141. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_call_context_builder.py +1 -0
  142. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_cli.py +12 -4
  143. codex_a2a-1.0.0/tests/server/test_database_app_persistence.py +337 -0
  144. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_migrations.py +42 -1
  145. codex_a2a-1.0.0/tests/server/test_push_config_store.py +60 -0
  146. codex_a2a-1.0.0/tests/server/test_request_handler.py +718 -0
  147. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_task_store.py +140 -21
  148. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_transport_contract.py +375 -155
  149. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/support/context.py +14 -5
  150. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/support/dummy_clients.py +2 -80
  151. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/support/fixtures.py +4 -4
  152. codex_a2a-1.0.0/tests/support/http_auth.py +6 -0
  153. codex_a2a-1.0.0/tests/support/jsonrpc_errors.py +38 -0
  154. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/support/settings.py +17 -2
  155. codex_a2a-1.0.0/tests/test_a2a_proto.py +18 -0
  156. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/test_input_mapping.py +52 -25
  157. codex_a2a-1.0.0/tests/test_protocol_versions.py +62 -0
  158. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/upstream/test_codex_client_params.py +123 -135
  159. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/upstream/test_modular_upstream_components.py +5 -46
  160. codex_a2a-1.0.0/tests/upstream/test_request_mapping.py +177 -0
  161. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/uv.lock +319 -192
  162. codex_a2a-0.7.3/.github/dependabot.yml +0 -16
  163. codex_a2a-0.7.3/docs/extension-specifications.md +0 -117
  164. codex_a2a-0.7.3/src/codex_a2a/cli.py +0 -125
  165. codex_a2a-0.7.3/src/codex_a2a/client/client.py +0 -361
  166. codex_a2a-0.7.3/src/codex_a2a/client/payload_text.py +0 -188
  167. codex_a2a-0.7.3/src/codex_a2a/client/request_context.py +0 -41
  168. codex_a2a-0.7.3/src/codex_a2a/client/types.py +0 -76
  169. codex_a2a-0.7.3/src/codex_a2a/execution/cancellation.py +0 -82
  170. codex_a2a-0.7.3/src/codex_a2a/execution/directory_policy.py +0 -44
  171. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/exec_control_params.py +0 -216
  172. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/interrupt_params.py +0 -259
  173. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/params_common.py +0 -200
  174. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/payload_mapping.py +0 -97
  175. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/session_control.py +0 -210
  176. codex_a2a-0.7.3/src/codex_a2a/jsonrpc/session_control_params.py +0 -349
  177. codex_a2a-0.7.3/src/codex_a2a/protocol_versions.py +0 -188
  178. codex_a2a-0.7.3/src/codex_a2a/server/agent_card_extensions.py +0 -272
  179. codex_a2a-0.7.3/src/codex_a2a/server/openapi.py +0 -132
  180. codex_a2a-0.7.3/src/codex_a2a/server/request_handler.py +0 -516
  181. codex_a2a-0.7.3/src/codex_a2a/upstream/exec_facade.py +0 -81
  182. codex_a2a-0.7.3/tests/client/test_client_flow.py +0 -312
  183. codex_a2a-0.7.3/tests/client/test_errors.py +0 -90
  184. codex_a2a-0.7.3/tests/client/test_payload_text.py +0 -71
  185. codex_a2a-0.7.3/tests/client/test_request_context.py +0 -55
  186. codex_a2a-0.7.3/tests/client/test_types.py +0 -45
  187. codex_a2a-0.7.3/tests/jsonrpc/test_codex_session_extension.py +0 -1681
  188. codex_a2a-0.7.3/tests/package/test_version.py +0 -22
  189. codex_a2a-0.7.3/tests/server/test_database_app_persistence.py +0 -280
  190. codex_a2a-0.7.3/tests/server/test_request_handler.py +0 -847
  191. codex_a2a-0.7.3/tests/test_protocol_versions.py +0 -83
  192. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.github/workflows/dependency-health.yml +0 -0
  193. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.gitignore +0 -0
  194. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.pre-commit-config.yaml +0 -0
  195. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/.secrets.baseline +0 -0
  196. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/AGENTS.md +0 -0
  197. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/LICENSE +0 -0
  198. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/SECURITY.md +0 -0
  199. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/mypy.ini +0 -0
  200. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/conformance.sh +0 -0
  201. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/dependency_health.sh +0 -0
  202. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/doctor.sh +0 -0
  203. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/health_common.sh +0 -0
  204. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/publish_github_release.sh +0 -0
  205. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/sync_codex_docs.sh +0 -0
  206. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/scripts/validate_runtime_matrix.sh +0 -0
  207. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/setup.cfg +0 -0
  208. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/contracts/__init__.py +0 -0
  209. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/__init__.py +0 -0
  210. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/request_overrides.py +0 -0
  211. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/session_runtime.py +0 -0
  212. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/stream_interrupts.py +0 -0
  213. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/streaming.py +0 -0
  214. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/execution/watch_events.py +0 -0
  215. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/__init__.py +0 -0
  216. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/discovery_payload_mapping.py +0 -0
  217. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/hooks.py +0 -0
  218. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/jsonrpc/interrupt_lifecycle.py +0 -0
  219. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/logging_context.py +0 -0
  220. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/media_modes.py +0 -0
  221. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/metrics.py +0 -0
  222. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/parts/text.py +0 -0
  223. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/payload_helpers.py +0 -0
  224. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/profile/__init__.py +0 -0
  225. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/py.typed +0 -0
  226. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/__init__.py +0 -0
  227. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/database.py +0 -0
  228. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/server/runtime_state.py +0 -0
  229. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/__init__.py +0 -0
  230. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/discovery_payloads.py +0 -0
  231. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/interrupt_bridge.py +0 -0
  232. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/interrupts.py +0 -0
  233. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/models.py +0 -0
  234. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/startup.py +0 -0
  235. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/stream_bridge.py +0 -0
  236. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a/upstream/transport.py +0 -0
  237. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a.egg-info/dependency_links.txt +0 -0
  238. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a.egg-info/entry_points.txt +0 -0
  239. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/src/codex_a2a.egg-info/top_level.txt +0 -0
  240. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/__init__.py +0 -0
  241. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/client/__init__.py +0 -0
  242. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/client/test_agent_card.py +0 -0
  243. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/client/test_lifecycle.py +0 -0
  244. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/config/__init__.py +0 -0
  245. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/contracts/__init__.py +0 -0
  246. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/__init__.py +0 -0
  247. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_session_runtime.py +0 -0
  248. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/execution/test_stream_interrupts.py +0 -0
  249. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/fixtures/codex_app_server/command_execution_output_delta.json +0 -0
  250. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/fixtures/codex_app_server/file_change_output_delta.json +0 -0
  251. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/jsonrpc/__init__.py +0 -0
  252. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/package/__init__.py +0 -0
  253. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/package/test_logging.py +0 -0
  254. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/package/test_publish_github_release_script.py +0 -0
  255. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/parts/__init__.py +0 -0
  256. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/parts/test_text.py +0 -0
  257. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/profile/__init__.py +0 -0
  258. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/scripts/__init__.py +0 -0
  259. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/__init__.py +0 -0
  260. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_database.py +0 -0
  261. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/server/test_runtime_state.py +0 -0
  262. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/support/__init__.py +0 -0
  263. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/upstream/__init__.py +0 -0
  264. {codex_a2a-0.7.3 → codex_a2a-1.0.0}/tests/upstream/test_interrupt_persistence.py +0 -0
@@ -0,0 +1,32 @@
1
+ version: 2
2
+
3
+ updates:
4
+ - package-ecosystem: "uv"
5
+ directory: "/"
6
+ schedule:
7
+ interval: "weekly"
8
+ open-pull-requests-limit: 1
9
+ commit-message:
10
+ prefix: "deps"
11
+ labels:
12
+ - "dependencies"
13
+ ignore:
14
+ - dependency-name: "fastapi"
15
+ update-types:
16
+ - "version-update:semver-minor"
17
+ - dependency-name: "httpx"
18
+ update-types:
19
+ - "version-update:semver-minor"
20
+ - dependency-name: "protobuf"
21
+ update-types:
22
+ - "version-update:semver-major"
23
+ - dependency-name: "setuptools-scm"
24
+ update-types:
25
+ - "version-update:semver-major"
26
+ - dependency-name: "uvicorn"
27
+ update-types:
28
+ - "version-update:semver-minor"
29
+ groups:
30
+ uv-all-updates:
31
+ patterns:
32
+ - "*"
@@ -17,6 +17,8 @@ jobs:
17
17
  steps:
18
18
  - name: Checkout
19
19
  uses: actions/checkout@v6
20
+ with:
21
+ fetch-depth: 0
20
22
 
21
23
  - name: Setup Python
22
24
  uses: actions/setup-python@v6
@@ -67,10 +67,6 @@ jobs:
67
67
  RELEASE_TAG: ${{ steps.release_tag.outputs.tag }}
68
68
 
69
69
  - name: Build package artifacts
70
- env:
71
- PYTHONWARNINGS: >-
72
- ignore::UserWarning:vcs_versioning._backends._git,
73
- ignore::UserWarning:vcs_versioning.overrides
74
70
  run: uv build --no-sources
75
71
 
76
72
  - name: Capture built wheel path
@@ -45,7 +45,7 @@ export A2A_STATIC_AUTH_CREDENTIALS='[{"id":"local-bearer","scheme":"bearer","tok
45
45
  4. Start this service from the source tree:
46
46
 
47
47
  ```bash
48
- CODEX_WORKSPACE_ROOT=/abs/path/to/workspace uv run codex-a2a
48
+ CODEX_WORKSPACE_ROOT=/abs/path/to/workspace uv run codex-a2a serve
49
49
  ```
50
50
 
51
51
  5. Inspect the discovery surfaces:
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: codex-a2a
3
- Version: 0.7.3
3
+ Version: 1.0.0
4
4
  Summary: Codex A2A runtime adapter
5
5
  Author: liujuanjuan1984@Intelligent-Internet
6
6
  License-Expression: Apache-2.0
@@ -22,18 +22,19 @@ Classifier: Topic :: Internet :: WWW/HTTP
22
22
  Requires-Python: >=3.11
23
23
  Description-Content-Type: text/markdown
24
24
  License-File: LICENSE
25
- Requires-Dist: a2a-sdk==0.3.26
25
+ Requires-Dist: a2a-sdk==1.0.2
26
26
  Requires-Dist: aiosqlite<1.0,>=0.20
27
- Requires-Dist: fastapi<0.136,>=0.121
27
+ Requires-Dist: fastapi<0.137,>=0.121
28
28
  Requires-Dist: httpx<0.29,>=0.28.1
29
- Requires-Dist: protobuf<8.0,>=6.33.5
29
+ Requires-Dist: protobuf<7.0,>=6.33.5
30
30
  Requires-Dist: pyasn1<1.0,>=0.6.3
31
+ Requires-Dist: python-dotenv<2.0,>=1.2.2
31
32
  Requires-Dist: pydantic<3.0,>=2.6
32
33
  Requires-Dist: pydantic-settings<3.0,>=2.2
33
34
  Requires-Dist: requests<3.0,>=2.33.0
34
35
  Requires-Dist: sqlalchemy<3.0,>=2.0
35
36
  Requires-Dist: sse-starlette<4.0,>=2.1
36
- Requires-Dist: uvicorn<0.45,>=0.29
37
+ Requires-Dist: uvicorn<0.46,>=0.29
37
38
  Provides-Extra: dev
38
39
  Requires-Dist: pip-audit<3.0,>=2.9; extra == "dev"
39
40
  Requires-Dist: pre-commit>=3.7; extra == "dev"
@@ -47,8 +48,25 @@ Dynamic: license-file
47
48
 
48
49
  # codex-a2a
49
50
 
51
+ ```text
52
+ _ ___
53
+ | | |__ \
54
+ ___ ___ __| | _____ __ __ _ ) |__ _
55
+ / __/ _ \ / _` |/ _ \ \/ / / _` | / // _` |
56
+ | (_| (_) | (_| | __/> < | (_| |/ /| (_| |
57
+ \___\___/ \__,_|\___/_/\_\ \__,_|____\__,_|
58
+ ```
59
+
50
60
  > Expose Codex through A2A.
51
61
 
62
+ Repository: https://github.com/liujuanjuan1984/codex-a2a
63
+
64
+ Install: `uv tool install --upgrade codex-a2a`
65
+
66
+ Protocol: A2A `1.0` only.
67
+
68
+ Start the runtime explicitly with `codex-a2a serve`.
69
+
52
70
  `codex-a2a` adds an A2A runtime layer to the local Codex runtime, with auth, streaming, session continuity, interrupt handling, a built-in outbound A2A client, and a clear deployment boundary.
53
71
 
54
72
  ## What This Is
@@ -121,7 +139,7 @@ A2A_PORT=8000 \
121
139
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
122
140
  A2A_DATABASE_URL=sqlite+aiosqlite:////abs/path/to/workspace/.codex-a2a/codex-a2a.db \
123
141
  CODEX_WORKSPACE_ROOT=/abs/path/to/workspace \
124
- codex-a2a
142
+ codex-a2a serve
125
143
  ```
126
144
 
127
145
  For the full runtime configuration matrix, outbound client settings, and deployment notes, see [Usage Guide](docs/guide.md).
@@ -1,7 +1,24 @@
1
1
  # codex-a2a
2
2
 
3
+ ```text
4
+ _ ___
5
+ | | |__ \
6
+ ___ ___ __| | _____ __ __ _ ) |__ _
7
+ / __/ _ \ / _` |/ _ \ \/ / / _` | / // _` |
8
+ | (_| (_) | (_| | __/> < | (_| |/ /| (_| |
9
+ \___\___/ \__,_|\___/_/\_\ \__,_|____\__,_|
10
+ ```
11
+
3
12
  > Expose Codex through A2A.
4
13
 
14
+ Repository: https://github.com/liujuanjuan1984/codex-a2a
15
+
16
+ Install: `uv tool install --upgrade codex-a2a`
17
+
18
+ Protocol: A2A `1.0` only.
19
+
20
+ Start the runtime explicitly with `codex-a2a serve`.
21
+
5
22
  `codex-a2a` adds an A2A runtime layer to the local Codex runtime, with auth, streaming, session continuity, interrupt handling, a built-in outbound A2A client, and a clear deployment boundary.
6
23
 
7
24
  ## What This Is
@@ -74,7 +91,7 @@ A2A_PORT=8000 \
74
91
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
75
92
  A2A_DATABASE_URL=sqlite+aiosqlite:////abs/path/to/workspace/.codex-a2a/codex-a2a.db \
76
93
  CODEX_WORKSPACE_ROOT=/abs/path/to/workspace \
77
- codex-a2a
94
+ codex-a2a serve
78
95
  ```
79
96
 
80
97
  For the full runtime configuration matrix, outbound client settings, and deployment notes, see [Usage Guide](docs/guide.md).
@@ -0,0 +1,93 @@
1
+ # A2A 1.0 Extension Baseline
2
+
3
+ This document defines the phase-1 baseline for how `codex-a2a` classifies, documents, and publishes A2A 1.0 extensions and extension-like contracts.
4
+
5
+ Phase 1 is intentionally internal-facing. It does not change the external extension URI strategy yet. The goal is to establish a single source of truth for extension inventory, disclosure surfaces, and negotiation posture before any breaking URI migration or Agent Card expansion.
6
+
7
+ ## Goals
8
+
9
+ - Define which runtime surfaces are true A2A extensions versus auxiliary machine-readable contracts.
10
+ - Define the intended responsibilities of the public Agent Card, authenticated extended Agent Card, and OpenAPI metadata.
11
+ - Centralize extension inventory so that Agent Card, OpenAPI, compatibility guidance, and documentation stop drifting independently.
12
+ - Preserve current externally visible behavior during phase 1 unless a change is required to remove ambiguity.
13
+
14
+ ## Extension Classes
15
+
16
+ `codex-a2a` uses three classes during phase 1:
17
+
18
+ 1. Shared A2A extensions
19
+
20
+ - These are cross-repository conventions layered onto standard A2A requests, responses, or task streams.
21
+ - They belong in `capabilities.extensions`.
22
+ - They may participate in request-level extension negotiation when the behavior is activation-sensitive.
23
+
24
+ 2. Provider-private extensions
25
+
26
+ - These are adapter-managed `codex.*` or shared-repo callback contracts that remain specific to this deployment family.
27
+ - They are still treated as extensions conceptually, but their public disclosure remains conservative.
28
+ - They should be declared through authenticated extended Agent Card `capabilities.extensions`.
29
+ - Their detailed contract payloads remain machine-readable through OpenAPI and human-discoverable through authenticated skill inventory.
30
+
31
+ 3. Machine-readable contract metadata
32
+
33
+ - These describe compatibility posture, wire-level method availability, and service behavior summaries.
34
+ - They are not negotiated runtime extensions.
35
+ - They should not be modeled as fake chat/task capabilities just to fit the Agent Card surface.
36
+
37
+ ## Disclosure Responsibilities
38
+
39
+ ### Public Agent Card
40
+
41
+ - Anonymous discovery surface.
42
+ - Declares only the minimum shared extension surface needed for safe interoperability.
43
+ - Must not be used as a hiding mechanism for real shared extensions.
44
+ - Should remain small even after later phases expand authenticated disclosures.
45
+
46
+ ### Authenticated Extended Agent Card
47
+
48
+ - Authenticated discovery surface with deployment-aware detail.
49
+ - Provider-private extensions that are part of the declared contract should appear here through standard `capabilities.extensions`.
50
+ - Skills and examples remain additive discovery aids rather than the primary declaration path.
51
+
52
+ ### OpenAPI Metadata
53
+
54
+ - Full machine-readable contract surface.
55
+ - Remains the detailed source for provider-private request/response method contracts, transport notes, and compatibility metadata.
56
+ - Should be derived from the same registry as Agent Card declarations whenever possible.
57
+
58
+ ## Negotiation Rules
59
+
60
+ - Shared request/response extensions are the only extensions treated as negotiated by default in phase 1.
61
+ - Shared request/response extensions use request-level `A2A-Extensions` activation only when the request depends on that negotiated behavior.
62
+ - Provider-private `codex.*` contracts and shared callback contracts marked `declaration_only` are discovered through the authenticated extended Agent Card and OpenAPI, then used by directly invoking their documented provider-private methods. They do not require a separate `A2A-Extensions` activation header.
63
+ - Compatibility and wire-profile documents are not negotiable extensions.
64
+
65
+ ## Inventory Rules
66
+
67
+ Every extension-like surface tracked by this repository must define at least:
68
+
69
+ - stable key
70
+ - stable URI
71
+ - classification
72
+ - disclosure surfaces
73
+ - negotiation posture
74
+ - contract parameter builder source
75
+
76
+ That inventory must be reusable by:
77
+
78
+ - Agent Card extension builders
79
+ - OpenAPI extension contract builders
80
+ - compatibility taxonomy reporting
81
+ - extension specification index documentation
82
+
83
+ ## Phase 1 Non-Goals
84
+
85
+ - No migration from `urn:` to HTTPS extension URI yet.
86
+ - No public expansion of provider-private extension declarations.
87
+ - No compatibility shim for A2A 0.3 behavior.
88
+
89
+ ## Follow-On Phases
90
+
91
+ Phase 2 will unify request-level negotiation, disclosure layering, and runtime behavior around the authenticated extension declaration model.
92
+
93
+ Canonical URI and spec-hosting strategy remain a separate follow-up track after declaration-path convergence.
@@ -62,7 +62,7 @@ The service keeps a shared session continuation contract around `metadata.shared
62
62
  When Codex asks for permission or answers, the service exposes:
63
63
 
64
64
  - shared asked/resolved lifecycle metadata in stream status events
65
- - callback methods through A2A JSON-RPC extensions
65
+ - callback methods through the provider-private JSON-RPC control surface
66
66
  - lifecycle and type validation before forwarding callback replies
67
67
 
68
68
  ## Boundary Model
@@ -5,13 +5,13 @@ This document explains the compatibility promises this repository currently trie
5
5
  ## Runtime Support
6
6
 
7
7
  - Python versions: 3.11, 3.12, 3.13
8
- - A2A SDK line: `0.3.x`
9
- - A2A protocol version advertised by default: `0.3.0`
10
- - Normalized protocol compatibility lines declared today: `0.3`, `1.0`
8
+ - A2A SDK line: `1.0.x`
9
+ - A2A protocol version advertised by default: `1.0`
10
+ - Normalized protocol compatibility lines declared today: `1.0`
11
11
 
12
12
  The repository pins the SDK version in `pyproject.toml` and validates the published CLI build in CI. Upgrade the SDK deliberately rather than relying on floating dependency resolution.
13
13
 
14
- The authenticated compatibility profile and wire contract publish `default_protocol_version`, `supported_protocol_versions`, and `protocol_compatibility`. Request-time `A2A-Version` negotiation currently supports the default `0.3` line plus a partial `1.0` compatibility line for response header echo, PascalCase JSON-RPC method aliases, and protocol-aware error shaping. Transport payload schemas, enums, pagination, and push-notification behavior remain SDK-owned `0.3` behavior until separately implemented.
14
+ The OpenAPI-published compatibility profile and wire contract publish `default_protocol_version`, `supported_protocol_versions`, and `protocol_compatibility`. Request-time `A2A-Version` negotiation now targets the repository's `1.0` baseline only, and the published contracts should describe the implemented `1.0` transport surface rather than any legacy compatibility line.
15
15
 
16
16
  ## Contract Honesty
17
17
 
@@ -19,7 +19,7 @@ Machine-readable discovery surfaces must reflect actual runtime behavior:
19
19
 
20
20
  - public Agent Card
21
21
  - authenticated extended card
22
- - OpenAPI metadata
22
+ - OpenAPI metadata, including `x-a2a-extension-contracts` and `x-codex-contracts`
23
23
  - JSON-RPC wire contract
24
24
  - compatibility profile
25
25
 
@@ -28,7 +28,10 @@ If runtime support is not implemented, do not expose it as a supported machine-r
28
28
  Open-source consumption guidance:
29
29
 
30
30
  - Treat the core A2A send / stream / task methods as the portable baseline.
31
+ - Treat the Agent Card `supported_interfaces[].url` value as the shared service discovery root. For `HTTP+JSON`, this repository uses that URL as the REST base root rather than as a concrete method path.
32
+ - Treat `POST /` as the shared JSON-RPC surface for both core A2A methods and provider-private extension methods.
31
33
  - Treat `urn:a2a:*` entries in this repository as shared repo-family conventions, not as claims that they are part of the A2A core baseline.
34
+ - Treat `a2a.interrupt.*` reply methods as a shared provider-private callback contract on `POST /`, declared on authenticated discovery surfaces but not activated through `A2A-Extensions`.
32
35
  - Treat `codex.*` methods plus `metadata.codex.directory` and `metadata.codex.execution` as a Codex-specific control plane layered on top of the portable A2A surface.
33
36
  - Treat [extension-specifications.md](./extension-specifications.md) as the stable URI/spec index, not as the main usage guide.
34
37
 
@@ -54,7 +57,7 @@ This repository still ships as an alpha project. Within that alpha line, these d
54
57
 
55
58
  Changes to those surfaces should be treated as compatibility-sensitive and should include corresponding test updates.
56
59
 
57
- Service-level behavior layered on top of those core methods should also be declared explicitly when this repository depends on it for interoperability. Current example: terminal `tasks/resubscribe` replay-once behavior is published as a service-level contract, not as a claim about generic A2A runtime semantics.
60
+ Service-level behavior layered on top of those core methods should also be declared explicitly when this repository depends on it for interoperability. Current example: terminal `SubscribeToTask` replay-once behavior is published as a service-level contract, not as a claim about generic A2A runtime semantics.
58
61
 
59
62
  Task-store resilience is also service-level behavior in this deployment:
60
63
 
@@ -90,19 +93,19 @@ Execution-environment boundary fields are also published through the runtime pro
90
93
  ## Extension Stability
91
94
 
92
95
  - Shared metadata and extension contracts should stay synchronized across Agent Card, OpenAPI, and runtime behavior.
93
- - Public Agent Card should stay intentionally minimal. Detailed extension params belong in the authenticated extended card and OpenAPI, not back in the anonymous discovery surface.
96
+ - Public Agent Card should stay intentionally minimal. Negotiated shared extension params belong in public `capabilities.extensions`; provider-private and machine-readable extension contracts belong in authenticated extended card `capabilities.extensions`, with OpenAPI `x-codex-contracts` carrying the full payloads and skill decomposition remaining additive discovery guidance.
97
+ - Only shared request/response extensions currently participate in request-level `A2A-Extensions` negotiation. Provider-private extension URIs declared on the authenticated extended card are declaration-only unless explicitly documented otherwise; clients discover them there and then invoke their documented methods directly.
94
98
  - Product-specific extensions should remain stable within the current major line unless explicitly documented otherwise.
95
99
  - Deployment-conditional methods must be declared as conditional rather than silently disappearing.
96
- - `codex.sessions.shell` is compatibility-sensitive as a one-shot shell snapshot contract. Future interactive exec support must use a separate extension family rather than silently widening this method's behavior.
97
- - Rich input mapping is compatibility-sensitive across both `codex.sessions.prompt_async` and the core A2A message surface. Changes to supported part types, FilePart image handling, or DataPart mention/skill mapping should be treated as wire-level behavior changes.
100
+ - Rich input mapping is compatibility-sensitive across the core A2A message surface and `codex.turns.steer`. Changes to supported part types, `Part(url|raw)` image handling, or `Part(data)` mention/skill mapping should be treated as wire-level behavior changes.
98
101
  - `codex.exec.*` is compatibility-sensitive as the standalone interactive exec contract. Changes to handle shapes, task-stream delivery, or lifecycle method names should be treated as wire-level changes.
99
102
  - `codex.discovery.*` is compatibility-sensitive as the stable discovery contract for `skill.path` and `mention_path` identifiers. Changes to normalized item fields, plugin marketplace mapping, or discovery watch task payload kinds should be treated as wire-level changes.
100
103
  - `codex.threads.*` is compatibility-sensitive as the provider-private thread lifecycle contract. Changes to lifecycle method names, watch payload kinds, or watch-task bridge event names should be treated as wire-level changes.
101
104
  - `codex.turns.*` is compatibility-sensitive as the active-turn control contract. Changes to `expected_turn_id` semantics, same-turn rich-input handling, or rejected override fields should be treated as wire-level changes.
102
105
  - `codex.review.*` is compatibility-sensitive as the review control and watch contract. Changes to supported target types, `delivery` semantics, review watch payload kinds, or review watch event names should be treated as wire-level changes.
103
- - Provider-private Agent Card skill decomposition is also compatibility-sensitive. Renaming or re-merging `codex.sessions.query/control`, `codex.discovery.query/watch`, `codex.threads.control/watch`, `codex.turns.control`, `codex.review.control`, `codex.exec.control/stream`, or narrowing `codex.interrupt.callback` output modes should be treated as discoverability contract changes.
106
+ - Provider-private Agent Card skill decomposition is also compatibility-sensitive. Renaming or re-merging `codex.sessions.query`, `codex.discovery.query/watch`, `codex.threads.control/watch`, `codex.turns.control`, `codex.review.control`, `codex.exec.control/stream`, or narrowing `codex.interrupt.callback` output modes should be treated as discoverability contract changes.
104
107
  - Agent Card media modes and `acceptedOutputModes` handling are compatibility-sensitive. Changes to declared default modes, to task-scoped persistence of negotiated modes, or to structured-output downgrade behavior should be treated as wire-level changes.
105
- - For core chat tasks, negotiated output modes are lifecycle-scoped. `message/send`, `message/stream`, `tasks/get`, `tasks/resubscribe`, and push notifications should not drift apart for the same task.
108
+ - For core chat tasks, negotiated output modes are lifecycle-scoped. `SendMessage`, `SendStreamingMessage`, `GetTask`, `SubscribeToTask`, and push notifications should not drift apart for the same task.
106
109
  - For core chat requests, explicit `acceptedOutputModes` are also a compatibility-sensitive fail-fast boundary: requests must remain compatible with declared chat output modes, and current chat turns require `text/plain`.
107
110
 
108
111
  ## Extension Boundary Governance
@@ -128,8 +131,8 @@ Current repository judgment under those rules:
128
131
  - `codex.interrupts.list` is acceptable as an adapter-local recovery surface because it only exposes active pending interrupt handles already known to this adapter and does not mutate upstream state.
129
132
  - `codex.turns.steer` is boundary-sensitive and should remain narrowly scoped, provider-private, and resistant to scope creep into a general orchestration API.
130
133
  - `codex.review.*` is also boundary-sensitive and should stay framed as a provider-private reviewer surface rather than a generic A2A review standard.
131
- - `codex.sessions.shell` and `codex.exec.*` sit closest to the adapter boundary because they expose standalone command execution semantics instead of a stable session/message projection. They remain supported for internal or tightly controlled deployments, but should stay deployment-conditional and provider-private rather than being treated as generic extension templates.
132
- - Current default posture keeps `codex.sessions.shell`, `codex.review.*`, and `codex.exec.*` disabled unless a deployment intentionally opts into them. `codex.turns.steer` is enabled by default but remains narrowly scoped, provider-private, and deployment-configurable.
134
+ - `codex.exec.*` sits closest to the adapter boundary because it exposes standalone interactive command execution semantics instead of a stable session/message projection. It should stay deployment-conditional and provider-private rather than being treated as a generic extension template.
135
+ - Current default posture keeps `codex.review.*` and `codex.exec.*` disabled unless a deployment intentionally opts into them. `codex.turns.steer` is enabled by default but remains narrowly scoped, provider-private, and deployment-configurable.
133
136
  - Inbound auth is intentionally static and deployment-scoped. The current contract requires a static multi-credential registry with stable principals; it does not claim OAuth2, OIDC, or dynamic token introspection.
134
137
  - Stable principal mapping is part of the runtime compatibility surface because session ownership, thread watch ownership, and exec ownership all key off the authenticated principal rather than a rotating token hash.
135
138
 
@@ -140,11 +143,12 @@ This repository distinguishes between three layers:
140
143
  - core A2A surface
141
144
  - standard send / stream / task methods
142
145
  - shared extensions
143
- - repo-family conventions such as session binding, stream hints, and interrupt callbacks (`permission`, `question`, `permissions`, and `elicitation` reply surfaces)
144
- - Codex-specific extensions
146
+ - repo-family conventions such as session binding and stream hints
147
+ - provider-private control contracts
148
+ - `a2a.interrupt.*` reply methods on `POST /`
145
149
  - `codex.*` JSON-RPC methods plus `metadata.codex.directory` and `metadata.codex.execution`
146
150
  - this now includes:
147
- - session query/control
151
+ - session query
148
152
  - discovery/query surfaces
149
153
  - discovery watch task bridge
150
154
  - thread lifecycle watch-task bridge
@@ -162,8 +166,9 @@ Discovery note:
162
166
  - `codex.turns.steer` is the declared active-turn control method for appending additional input to an already-running regular turn.
163
167
  - `codex.review.start` is the declared review-start control method for `uncommittedChanges`, `baseBranch`, `commit`, and `custom` review targets.
164
168
  - `codex.review.watch` is the declared review lifecycle watch-task bridge for `review.started`, `review.status.changed`, `review.completed`, and `review.failed`.
165
- - `codex.review.start` remains a control-handle surface; clients should use `codex.review.watch` plus `tasks/resubscribe` for review lifecycle observation.
166
- - `codex.interrupts.list` is always-on but adapter-local and identity-scoped. `codex.sessions.shell`, `codex.turns.steer`, `codex.review.*`, and `codex.exec.*` remain deployment-conditional surfaces and should be discovered from machine-readable contracts before use.
169
+ - `codex.review.start` remains a control-handle surface; clients should use `codex.review.watch` plus `SubscribeToTask` for review lifecycle observation.
170
+ - `codex.interrupts.list` is always-on but adapter-local and identity-scoped. `codex.turns.steer`, `codex.review.*`, and `codex.exec.*` remain deployment-conditional surfaces and should be discovered from machine-readable contracts before use.
171
+ - `a2a.interrupt.*` reply methods remain shared repo-family callback contracts. They are declared on authenticated discovery surfaces, mirrored in OpenAPI, and used directly rather than through `A2A-Extensions` activation.
167
172
  - `thread/unsubscribe` is intentionally excluded from the stable public contract until this service exposes connection-safe subscription ownership.
168
173
  - This repository does not claim a generic standalone server-push JSON-RPC transport for those notifications; the compatibility contract is the watch-task bridge published through Agent Card and OpenAPI.
169
174
 
@@ -4,18 +4,18 @@ This document is the standing triage template for local `./scripts/conformance.s
4
4
 
5
5
  ## Standards Used For Triage
6
6
 
7
- - `a2a-sdk==0.3.26` as installed in this repository.
8
- - The default A2A protocol version advertised by this repository: `0.3.0`.
7
+ - `a2a-sdk==1.0.2` as installed in this repository.
8
+ - The default A2A protocol version advertised by this repository: `1.0.0`.
9
9
  - Repository compatibility policy:
10
10
  - machine-readable Agent Card and OpenAPI contracts must reflect implemented runtime behavior;
11
11
  - external TCK results are investigation input rather than default merge gates;
12
- - unsupported `1.0` behavior should be tracked as future compatibility work, not silently declared as supported.
12
+ - unsupported behavior should be tracked as implementation work, not silently declared as supported.
13
13
 
14
14
  ## Classification Labels
15
15
 
16
16
  - `Runtime issue`: the failure reproduces against the repository's declared runtime behavior and should be fixed here.
17
- - `TCK mismatch`: the failure appears to conflict with the installed SDK line or this repository's declared v0.3 baseline.
18
- - `Future protocol gap`: the failure is not a v0.3 regression, but it identifies work needed for stronger v1.0 compatibility.
17
+ - `TCK mismatch`: the failure appears to conflict with the installed SDK line or this repository's declared `1.0` baseline.
18
+ - `Protocol gap`: the failure identifies work needed to complete the repository's declared `1.0` surface.
19
19
  - `Local experiment artifact`: the failure comes from the dummy-backed SUT, local auth, local URLs, timing, or other experiment setup details.
20
20
  - `Needs repro`: the failure needs a focused local probe before assigning ownership.
21
21
 
@@ -25,7 +25,7 @@ For each failed or errored node ID:
25
25
 
26
26
  1. Copy the node ID from `failed-tests.json`.
27
27
  2. Inspect the corresponding raw details in `pytest-report.json` and `tck.log`.
28
- 3. Compare the expectation with `docs/compatibility.md`, authenticated Agent Card params, and OpenAPI `x-a2a-extension-contracts`.
28
+ 3. Compare the expectation with `docs/compatibility.md`, authenticated extended card skills/examples, and OpenAPI `x-a2a-extension-contracts` plus `x-codex-contracts`.
29
29
  4. Assign one classification label.
30
30
  5. Record whether the next action belongs in this repository, the TCK, or a future protocol compatibility issue.
31
31
 
@@ -44,6 +44,6 @@ Keep the summary short and separate:
44
44
 
45
45
  - Count clean runtime issues.
46
46
  - Count TCK mismatches.
47
- - Count future protocol gaps.
47
+ - Count protocol gaps.
48
48
  - Count local experiment artifacts.
49
49
  - List follow-up issue numbers when created.
@@ -68,11 +68,11 @@ Each run keeps the following artifacts in the selected output directory:
68
68
  When a TCK run fails, inspect the raw report before changing the runtime:
69
69
 
70
70
  - Some failures may point to real runtime gaps.
71
- - Some failures may come from TCK assumptions that do not match `a2a-sdk==0.3.26`.
72
- - Some failures may come from A2A v0.3 versus v1.0 naming or schema drift.
71
+ - Some failures may come from TCK assumptions that do not match `a2a-sdk==1.0.2`.
72
+ - Some failures may come from older A2A naming or schema expectations that no longer match the repository's `1.0` contract.
73
73
  - Some failures may be local experiment artifacts from the dummy-backed runtime.
74
74
 
75
75
  The experiment is useful only if those categories stay separate during triage.
76
- Use the authenticated compatibility profile and wire contract `protocol_compatibility` fields as the repository-owned declaration of which protocol lines are supported today, partially supported for compatibility, or reserved for future work.
76
+ Use the authenticated compatibility profile and wire contract `protocol_compatibility` fields as the repository-owned declaration of which protocol lines are supported today.
77
77
 
78
78
  Record first-pass classifications in [conformance-triage.md](./conformance-triage.md).
@@ -0,0 +1,135 @@
1
+ # Extension Specifications
2
+
3
+ This document is the stable specification index for the shared-extension and provider-private contract URIs used by `codex-a2a`. It is intentionally a compact URI/spec map, not the main consumer guide. For the phase-1 extension classification and disclosure baseline, see [a2a-extension-baseline.md](./a2a-extension-baseline.md). For runtime behavior, request examples, and operational setup, see [guide.md](./guide.md). For compatibility promises and stability expectations, see [compatibility.md](./compatibility.md).
4
+
5
+ ## Discovery Surface Note
6
+
7
+ `codex-a2a` now splits Agent Card discovery into two layers:
8
+
9
+ - Public Agent Card: minimal anonymous discovery for core interfaces and shared A2A extensions
10
+ - Authenticated extended card: standard extension declarations plus authenticated skill inventory and deployment-aware examples for provider-private controls
11
+ - OpenAPI metadata: full machine-readable contract payloads via `x-a2a-extension-contracts` and `x-codex-contracts`
12
+
13
+ Use the public card for lightweight discovery. Fetch the authenticated extended card when you need authenticated skill discovery or deployment-aware examples. Use OpenAPI when you need the full provider-private contract payloads, compatibility metadata, or detailed transport notes.
14
+
15
+ Provider-private contract note:
16
+
17
+ - `codex.*` methods in this repository are adapter-managed provider extensions, not portable A2A baseline capabilities.
18
+ - Prefer discovery, stable projections, and low-risk watch/control bridges before exposing stronger runtime or host-execution controls.
19
+ - When an upstream behavior is highly runtime-internal or host-shaped, the specification should keep it provider-private and should not force it into fake A2A core object semantics.
20
+
21
+ Negotiation note:
22
+
23
+ - `urn:a2a:session-binding/v1` and `urn:a2a:stream-hints/v1` are the only current request-level negotiated extensions in this repository family.
24
+ - Provider-private `codex.*` extension URIs and the shared interrupt callback URI are declaration-only contracts. Discover them from the authenticated extended Agent Card or OpenAPI, then invoke the documented JSON-RPC methods directly; no additional `A2A-Extensions` activation header is required for those methods.
25
+ - `wire_contract` and `compatibility_profile` are descriptive metadata contracts, not activatable runtime extensions.
26
+
27
+ ## Shared Session Binding v1
28
+
29
+ URI: `urn:a2a:session-binding/v1`
30
+
31
+ - Scope: shared A2A request metadata for rebinding to an existing upstream session
32
+ - Public Agent Card: capability declaration plus minimal routing metadata for `shared.session.id` only
33
+ - Authenticated extended card: full profile, notes, and detailed contract metadata
34
+ - OpenAPI: shared contract payload under `x-a2a-extension-contracts.session_binding`
35
+ - Runtime field: `metadata.shared.session.id`
36
+
37
+ ## Shared Stream Hints v1
38
+
39
+ URI: `urn:a2a:stream-hints/v1`
40
+
41
+ - Scope: shared canonical metadata for block, usage, interrupt, and session hints
42
+ - Public Agent Card: metadata roots plus the minimum discoverability fields for block identity, status source, interrupt lifecycle, session identity, and basic token usage
43
+ - Authenticated extended card: full shared stream contract including detailed block payload mappings and extended usage metadata
44
+ - OpenAPI: shared contract payload under `x-a2a-extension-contracts.streaming`
45
+ - Runtime fields: `metadata.shared.stream`, `metadata.shared.usage`, `metadata.shared.interrupt`, `metadata.shared.session`
46
+
47
+ ## Codex Session Query v1
48
+
49
+ URI: `urn:codex-a2a:codex-session-query/v1`
50
+
51
+ - Scope: provider-private Codex session history and low-risk control methods
52
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.session_query`
53
+ - Transport: provider-private JSON-RPC methods on `POST /`
54
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
55
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
56
+
57
+ ## Codex Discovery v1
58
+
59
+ URI: `urn:codex-a2a:codex-discovery/v1`
60
+
61
+ - Scope: provider-private skills/apps/plugins discovery methods and discovery watch bridge
62
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.discovery`
63
+ - Transport: provider-private JSON-RPC methods on `POST /`
64
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
65
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
66
+
67
+ ## Codex Thread Lifecycle v1
68
+
69
+ URI: `urn:codex-a2a:codex-thread-lifecycle/v1`
70
+
71
+ - Scope: provider-private thread lifecycle control and lifecycle watch bridge
72
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.thread_lifecycle`
73
+ - Transport: provider-private JSON-RPC methods on `POST /`
74
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
75
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
76
+
77
+ ## Codex Turn Control v1
78
+
79
+ URI: `urn:codex-a2a:codex-turn-control/v1`
80
+
81
+ - Scope: provider-private active-turn steering for already-running regular turns
82
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.turn_control`
83
+ - Transport: provider-private JSON-RPC methods on `POST /`
84
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
85
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
86
+
87
+ ## Codex Review Control v1
88
+
89
+ URI: `urn:codex-a2a:codex-review/v1`
90
+
91
+ - Scope: provider-private review-start control and review lifecycle watch bridge for uncommitted changes, branches, commits, and custom reviewer instructions
92
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.review_control`
93
+ - Transport: provider-private JSON-RPC methods on `POST /`
94
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
95
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
96
+
97
+ ## Codex Exec v1
98
+
99
+ URI: `urn:codex-a2a:codex-exec/v1`
100
+
101
+ - Scope: provider-private standalone interactive command execution
102
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.exec_control`
103
+ - Transport: provider-private JSON-RPC methods on `POST /`
104
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
105
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
106
+
107
+ ## Shared Interactive Interrupt v1
108
+
109
+ URI: `urn:a2a:interactive-interrupt/v1`
110
+
111
+ - Scope: shared interrupt callback reply methods
112
+ - Discovery surface: authenticated extended card `capabilities.extensions` plus skill inventory, with full payload mirrored in OpenAPI `x-codex-contracts.interrupt_callback`
113
+ - Transport: provider-private JSON-RPC methods on `POST /`
114
+ - Negotiation: declaration-only; discover first, then invoke the documented methods directly
115
+ - Note: this URI identifies a shared repo-family callback contract and is published on authenticated discovery surfaces
116
+
117
+ ## A2A Compatibility Profile v1
118
+
119
+ URI: `urn:codex-a2a:compatibility-profile/v1`
120
+
121
+ - Scope: compatibility profile describing core baselines, extension retention, and declared service behaviors
122
+ - Discovery surface: authenticated extended card `capabilities.extensions`, with full payload mirrored in OpenAPI `x-codex-contracts.compatibility_profile`
123
+ - Transport: provider-private machine-readable contract metadata
124
+ - Negotiation: not applicable; descriptive metadata only
125
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces
126
+
127
+ ## A2A Wire Contract v1
128
+
129
+ URI: `urn:codex-a2a:wire-contract/v1`
130
+
131
+ - Scope: wire-level contract for supported methods, endpoints, and error semantics
132
+ - Discovery surface: authenticated extended card `capabilities.extensions`, with full payload mirrored in OpenAPI `x-codex-contracts.wire_contract`
133
+ - Transport: provider-private machine-readable contract metadata
134
+ - Negotiation: not applicable; descriptive metadata only
135
+ - Note: this URI remains a stable contract identifier and is published only on authenticated discovery surfaces