opencode-a2a 0.5.0__tar.gz → 0.6.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (162) hide show
  1. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.github/workflows/ci.yml +13 -10
  2. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.github/workflows/dependency-health.yml +3 -5
  3. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.github/workflows/publish.yml +10 -7
  4. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.gitignore +1 -0
  5. opencode_a2a-0.6.0/CODE_OF_CONDUCT.md +29 -0
  6. {opencode_a2a-0.5.0/src/opencode_a2a.egg-info → opencode_a2a-0.6.0}/PKG-INFO +23 -6
  7. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/README.md +21 -5
  8. opencode_a2a-0.6.0/SUPPORT.md +26 -0
  9. opencode_a2a-0.6.0/docs/extension-specifications.md +122 -0
  10. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/docs/guide.md +387 -30
  11. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/pyproject.toml +1 -0
  12. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/README.md +1 -1
  13. opencode_a2a-0.6.0/scripts/dependency_health.sh +19 -0
  14. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/cli.py +8 -17
  15. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/agent_card.py +2 -1
  16. opencode_a2a-0.6.0/src/opencode_a2a/client/auth.py +38 -0
  17. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/client.py +94 -8
  18. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/config.py +95 -0
  19. opencode_a2a-0.6.0/src/opencode_a2a/client/polling.py +68 -0
  20. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/request_context.py +18 -7
  21. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/config.py +11 -9
  22. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/contracts/extensions.py +549 -47
  23. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/executor.py +93 -24
  24. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/request_context.py +8 -0
  25. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/session_manager.py +12 -2
  26. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/stream_runtime.py +6 -1
  27. opencode_a2a-0.6.0/src/opencode_a2a/invocation.py +30 -0
  28. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/application.py +238 -0
  29. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/dispatch.py +211 -0
  30. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/jsonrpc/error_responses.py +23 -0
  31. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/__init__.py +1 -0
  32. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/common.py +351 -0
  33. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/interrupt_callbacks.py +223 -0
  34. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/interrupt_queries.py +64 -0
  35. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/provider_discovery.py +154 -0
  36. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/session_control.py +272 -0
  37. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/session_lifecycle.py +572 -0
  38. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/session_queries.py +176 -0
  39. opencode_a2a-0.6.0/src/opencode_a2a/jsonrpc/handlers/workspace_control.py +239 -0
  40. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/jsonrpc/methods.py +141 -5
  41. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/jsonrpc/params.py +132 -2
  42. opencode_a2a-0.6.0/src/opencode_a2a/opencode_upstream_client.py +893 -0
  43. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/parts/mapping.py +1 -9
  44. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/profile/runtime.py +22 -0
  45. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/runtime_state.py +2 -0
  46. opencode_a2a-0.6.0/src/opencode_a2a/server/agent_card.py +568 -0
  47. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/server/application.py +291 -39
  48. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/server/openapi.py +254 -4
  49. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/server/request_parsing.py +11 -3
  50. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/server/state_store.py +100 -13
  51. opencode_a2a-0.6.0/src/opencode_a2a/server/task_store.py +210 -0
  52. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0/src/opencode_a2a.egg-info}/PKG-INFO +23 -6
  53. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a.egg-info/SOURCES.txt +21 -0
  54. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a.egg-info/requires.txt +1 -0
  55. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/test_agent_card.py +14 -0
  56. opencode_a2a-0.6.0/tests/client/test_client_config.py +81 -0
  57. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/test_client_facade.py +181 -1
  58. opencode_a2a-0.6.0/tests/client/test_polling.py +33 -0
  59. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/test_request_context.py +25 -0
  60. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/config/test_settings.py +6 -0
  61. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/contracts/test_extension_contract_consistency.py +80 -3
  62. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_agent_errors.py +98 -1
  63. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_metrics.py +2 -1
  64. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_opencode_agent_session_binding.py +147 -2
  65. opencode_a2a-0.6.0/tests/execution/test_session_lock_lifecycle.py +33 -0
  66. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_streaming_output_contract_interrupts.py +13 -0
  67. opencode_a2a-0.6.0/tests/jsonrpc/test_dispatch_registry.py +126 -0
  68. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_error_responses.py +23 -1
  69. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_jsonrpc_params.py +55 -0
  70. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_opencode_session_extension_commands.py +34 -0
  71. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_opencode_session_extension_interrupts.py +81 -6
  72. opencode_a2a-0.6.0/tests/jsonrpc/test_opencode_session_extension_lifecycle.py +373 -0
  73. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_opencode_session_extension_prompt_async.py +83 -1
  74. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_opencode_session_extension_queries.py +388 -1
  75. opencode_a2a-0.6.0/tests/jsonrpc/test_opencode_workspace_control_extension.py +199 -0
  76. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/profile/test_profile_runtime.py +6 -0
  77. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_a2a_client_manager.py +7 -0
  78. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_agent_card.py +320 -16
  79. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_app_behaviors.py +149 -4
  80. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_cli.py +10 -18
  81. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_database_app_persistence.py +42 -1
  82. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_state_store.py +48 -16
  83. opencode_a2a-0.6.0/tests/server/test_task_store_factory.py +294 -0
  84. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_transport_contract.py +98 -6
  85. opencode_a2a-0.6.0/tests/support/helpers.py +832 -0
  86. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/support/streaming_output.py +12 -1
  87. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/upstream/test_opencode_upstream_client_params.py +327 -3
  88. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/uv.lock +5 -3
  89. opencode_a2a-0.5.0/scripts/dependency_health.sh +0 -13
  90. opencode_a2a-0.5.0/src/opencode_a2a/jsonrpc/application.py +0 -925
  91. opencode_a2a-0.5.0/src/opencode_a2a/opencode_upstream_client.py +0 -497
  92. opencode_a2a-0.5.0/src/opencode_a2a/server/agent_card.py +0 -288
  93. opencode_a2a-0.5.0/src/opencode_a2a/server/task_store.py +0 -116
  94. opencode_a2a-0.5.0/tests/client/test_client_config.py +0 -44
  95. opencode_a2a-0.5.0/tests/server/test_task_store_factory.py +0 -78
  96. opencode_a2a-0.5.0/tests/support/helpers.py +0 -397
  97. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.pre-commit-config.yaml +0 -0
  98. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/.secrets.baseline +0 -0
  99. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/AGENTS.md +0 -0
  100. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/CONTRIBUTING.md +0 -0
  101. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/LICENSE +0 -0
  102. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/SECURITY.md +0 -0
  103. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/check_coverage.py +0 -0
  104. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/doctor.sh +0 -0
  105. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/health_common.sh +0 -0
  106. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/lint.sh +0 -0
  107. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/scripts/smoke_test_built_cli.sh +0 -0
  108. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/setup.cfg +0 -0
  109. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/__init__.py +0 -0
  110. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/__init__.py +0 -0
  111. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/error_mapping.py +0 -0
  112. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/errors.py +0 -0
  113. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/client/payload_text.py +0 -0
  114. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/contracts/__init__.py +0 -0
  115. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/__init__.py +0 -0
  116. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/event_helpers.py +0 -0
  117. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/stream_events.py +0 -0
  118. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/stream_state.py +0 -0
  119. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/tool_error_mapping.py +0 -0
  120. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/execution/upstream_error_translator.py +0 -0
  121. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/jsonrpc/__init__.py +0 -0
  122. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/parts/__init__.py +0 -0
  123. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/parts/text.py +0 -0
  124. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/profile/__init__.py +0 -0
  125. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/sandbox_policy.py +0 -0
  126. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/server/__init__.py +0 -0
  127. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a/upstream_taxonomy.py +0 -0
  128. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a.egg-info/dependency_links.txt +0 -0
  129. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a.egg-info/entry_points.txt +0 -0
  130. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/src/opencode_a2a.egg-info/top_level.txt +0 -0
  131. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/__init__.py +0 -0
  132. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/__init__.py +0 -0
  133. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/test_error_mapping.py +0 -0
  134. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/client/test_payload_text.py +0 -0
  135. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/config/__init__.py +0 -0
  136. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/conftest.py +0 -0
  137. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/contracts/__init__.py +0 -0
  138. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/__init__.py +0 -0
  139. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_agent_helpers.py +0 -0
  140. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_cancellation.py +0 -0
  141. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_directory_validation.py +0 -0
  142. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_multipart_input.py +0 -0
  143. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_session_ownership.py +0 -0
  144. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_streaming_output_contract_blocks.py +0 -0
  145. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_streaming_output_contract_core.py +0 -0
  146. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/execution/test_streaming_output_contract_logging.py +0 -0
  147. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/__init__.py +0 -0
  148. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_jsonrpc_methods.py +0 -0
  149. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/jsonrpc/test_jsonrpc_unsupported_method.py +0 -0
  150. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/package/__init__.py +0 -0
  151. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/package/test_version.py +0 -0
  152. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/parts/__init__.py +0 -0
  153. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/parts/test_parts_text.py +0 -0
  154. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/profile/__init__.py +0 -0
  155. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/scripts/__init__.py +0 -0
  156. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/scripts/test_script_health_contract.py +0 -0
  157. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/__init__.py +0 -0
  158. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_call_context_builder.py +0 -0
  159. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/server/test_cancel_contract.py +0 -0
  160. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/support/__init__.py +0 -0
  161. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/support/session_extensions.py +0 -0
  162. {opencode_a2a-0.5.0 → opencode_a2a-0.6.0}/tests/upstream/__init__.py +0 -0
@@ -8,8 +8,6 @@ on:
8
8
 
9
9
  permissions:
10
10
  contents: read
11
- env:
12
- FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
13
11
 
14
12
  jobs:
15
13
  quality-gate:
@@ -17,15 +15,15 @@ jobs:
17
15
 
18
16
  steps:
19
17
  - name: Checkout
20
- uses: actions/checkout@v4
18
+ uses: actions/checkout@v6
21
19
 
22
20
  - name: Setup Python
23
- uses: actions/setup-python@v5
21
+ uses: actions/setup-python@v6
24
22
  with:
25
23
  python-version: "3.13"
26
24
 
27
25
  - name: Setup uv
28
- uses: astral-sh/setup-uv@v4
26
+ uses: astral-sh/setup-uv@v7
29
27
  with:
30
28
  enable-cache: false
31
29
 
@@ -41,8 +39,13 @@ jobs:
41
39
  - name: Enforce coverage policy
42
40
  run: uv run python ./scripts/check_coverage.py
43
41
 
44
- - name: Run dependency vulnerability audit
45
- run: uv run pip-audit
42
+ - name: Export runtime requirements for vulnerability audit
43
+ run: >
44
+ uv export --format requirements.txt --no-dev --locked --no-emit-project
45
+ --output-file /tmp/runtime-requirements.txt >/dev/null
46
+
47
+ - name: Run runtime dependency vulnerability audit
48
+ run: uv run pip-audit --requirement /tmp/runtime-requirements.txt
46
49
 
47
50
  - name: Clean previous build artifacts
48
51
  run: rm -rf build dist
@@ -65,15 +68,15 @@ jobs:
65
68
 
66
69
  steps:
67
70
  - name: Checkout
68
- uses: actions/checkout@v4
71
+ uses: actions/checkout@v6
69
72
 
70
73
  - name: Setup Python
71
- uses: actions/setup-python@v5
74
+ uses: actions/setup-python@v6
72
75
  with:
73
76
  python-version: ${{ matrix.python-version }}
74
77
 
75
78
  - name: Setup uv
76
- uses: astral-sh/setup-uv@v4
79
+ uses: astral-sh/setup-uv@v7
77
80
  with:
78
81
  enable-cache: false
79
82
 
@@ -8,8 +8,6 @@ on:
8
8
 
9
9
  permissions:
10
10
  contents: read
11
- env:
12
- FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
13
11
 
14
12
  jobs:
15
13
  dependency-health:
@@ -17,15 +15,15 @@ jobs:
17
15
 
18
16
  steps:
19
17
  - name: Checkout
20
- uses: actions/checkout@v4
18
+ uses: actions/checkout@v6
21
19
 
22
20
  - name: Setup Python
23
- uses: actions/setup-python@v5
21
+ uses: actions/setup-python@v6
24
22
  with:
25
23
  python-version: "3.13"
26
24
 
27
25
  - name: Setup uv
28
- uses: astral-sh/setup-uv@v4
26
+ uses: astral-sh/setup-uv@v7
29
27
  with:
30
28
  enable-cache: false
31
29
 
@@ -9,8 +9,6 @@ on:
9
9
  permissions:
10
10
  contents: write
11
11
  id-token: write
12
- env:
13
- FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
14
12
 
15
13
  jobs:
16
14
  publish:
@@ -18,25 +16,30 @@ jobs:
18
16
 
19
17
  steps:
20
18
  - name: Checkout
21
- uses: actions/checkout@v4
19
+ uses: actions/checkout@v6
22
20
  with:
23
21
  fetch-depth: 0
24
22
 
25
23
  - name: Setup Python
26
- uses: actions/setup-python@v5
24
+ uses: actions/setup-python@v6
27
25
  with:
28
26
  python-version: "3.13"
29
27
 
30
28
  - name: Setup uv
31
- uses: astral-sh/setup-uv@v4
29
+ uses: astral-sh/setup-uv@v7
32
30
  with:
33
31
  enable-cache: false
34
32
 
35
33
  - name: Run regression baseline
36
34
  run: bash ./scripts/doctor.sh
37
35
 
38
- - name: Run dependency vulnerability audit
39
- run: uv run pip-audit
36
+ - name: Export runtime requirements for vulnerability audit
37
+ run: >
38
+ uv export --format requirements.txt --no-dev --locked --no-emit-project
39
+ --output-file /tmp/runtime-requirements.txt >/dev/null
40
+
41
+ - name: Run runtime dependency vulnerability audit
42
+ run: uv run pip-audit --requirement /tmp/runtime-requirements.txt
40
43
 
41
44
  - name: Clean previous build artifacts
42
45
  run: rm -rf build dist
@@ -224,3 +224,4 @@ temp_*.*
224
224
  # Local OpenCode OpenAPI snapshots (high-churn, local reference only)
225
225
  docs/operations/opencode/
226
226
  .swival/
227
+ *.db
@@ -0,0 +1,29 @@
1
+ # Code of Conduct
2
+
3
+ This project expects respectful, technically focused collaboration.
4
+
5
+ ## Expected Behavior
6
+
7
+ - Assume good intent and communicate directly.
8
+ - Keep discussions specific, evidence-based, and relevant to the repository.
9
+ - Use welcoming language in public issues, pull requests, and review comments.
10
+ - Respect maintainers' time by providing reproducible reports and clear context.
11
+
12
+ ## Unacceptable Behavior
13
+
14
+ - Harassment, discrimination, or personal attacks.
15
+ - Doxxing, threats, or sustained hostile behavior.
16
+ - Repeated spam, bad-faith disruption, or intentionally misleading reports.
17
+ - Sharing secrets, tokens, or private data in public threads.
18
+
19
+ ## Reporting
20
+
21
+ For normal collaboration problems, open an issue or discussion with enough
22
+ context to review the situation. For security-sensitive or private concerns,
23
+ follow the disclosure path in [SECURITY.md](SECURITY.md).
24
+
25
+ ## Enforcement
26
+
27
+ Repository maintainers may edit, hide, lock, or remove content that violates
28
+ this policy, and may restrict participation when needed to keep collaboration
29
+ safe and productive.
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: opencode-a2a
3
- Version: 0.5.0
3
+ Version: 0.6.0
4
4
  Summary: OpenCode A2A runtime
5
5
  Author: liujuanjuan1984@Intelligent-Internet
6
6
  License-Expression: Apache-2.0
@@ -25,6 +25,7 @@ Requires-Dist: fastapi<1.0,>=0.110
25
25
  Requires-Dist: httpx<1.0,>=0.27
26
26
  Requires-Dist: pydantic<3.0,>=2.6
27
27
  Requires-Dist: pydantic-settings<3.0,>=2.2
28
+ Requires-Dist: requests<3.0,>=2.33.0
28
29
  Requires-Dist: sqlalchemy<3.0,>=2.0
29
30
  Requires-Dist: sse-starlette<4.0,>=2.1
30
31
  Requires-Dist: uvicorn<1.0,>=0.29
@@ -113,6 +114,7 @@ Then start `opencode-a2a` against that upstream:
113
114
  ```bash
114
115
  A2A_BEARER_TOKEN=dev-token \
115
116
  OPENCODE_BASE_URL=http://127.0.0.1:4096 \
117
+ A2A_TASK_STORE_DATABASE_URL=sqlite+aiosqlite:///./opencode-a2a.db \
116
118
  A2A_HOST=127.0.0.1 \
117
119
  A2A_PORT=8000 \
118
120
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
@@ -131,6 +133,8 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
131
133
  - A2A HTTP+JSON endpoints such as `/v1/message:send` and
132
134
  `/v1/message:stream`
133
135
  - A2A JSON-RPC support on `POST /`
136
+ - SDK-owned A2A task surfaces such as `GET /v1/tasks`, task push notification
137
+ config routes, and JSON-RPC `agent/getAuthenticatedExtendedCard`
134
138
  - Peering capabilities: can act as a client via `opencode-a2a call`
135
139
  - Autonomous tool execution: supports `a2a_call` tool for outbound agent-to-agent communication
136
140
  - SSE streaming with normalized `text`, `reasoning`, and `tool_call` blocks
@@ -146,19 +150,30 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
146
150
  Interact with other A2A agents directly from the command line:
147
151
 
148
152
  ```bash
149
- opencode-a2a call http://other-agent:8000 "How are you?" --token your-outbound-token
153
+ # Using the target peer agent's Bearer token via environment injection
154
+ A2A_CLIENT_BEARER_TOKEN=your-outbound-token \
155
+ opencode-a2a call http://other-agent:8000 "How are you?"
156
+
157
+ # Using the target peer agent's Basic auth via environment injection
158
+ # Accepts raw user:pass or its base64-encoded value
159
+ A2A_CLIENT_BASIC_AUTH="user:pass" \
160
+ opencode-a2a call http://other-agent:8000 "How are you?"
150
161
  ```
151
162
 
152
163
  ### Outbound Agent Calls (Tools)
153
164
  The server can autonomously execute `a2a_call(url, message)` tool calls emitted by the OpenCode runtime. Results are fetched via A2A and returned to the model as tool results, enabling multi-agent orchestration.
154
165
 
155
- When the target peer requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN`
156
- for server-side outbound calls. CLI calls can continue using `--token` or
157
- `A2A_CLIENT_BEARER_TOKEN`.
166
+ When the target peer agent requires bearer auth, configure
167
+ `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer
168
+ agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`.
169
+ These outbound credentials apply to the peer specified by `opencode-a2a call`
170
+ or `a2a_call(url, message)`, not to this service's inbound `A2A_BEARER_TOKEN`.
171
+ The CLI intentionally reads outbound credentials from environment variables only,
172
+ so secrets do not appear in shell history or process arguments.
158
173
 
159
174
  Server-side outbound client settings are fully wired through runtime config:
160
175
  `A2A_CLIENT_TIMEOUT_SECONDS`, `A2A_CLIENT_CARD_FETCH_TIMEOUT_SECONDS`,
161
- `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, and
176
+ `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, `A2A_CLIENT_BASIC_AUTH`, and
162
177
  `A2A_CLIENT_SUPPORTED_TRANSPORTS`.
163
178
 
164
179
  Detailed protocol contracts, examples, and extension docs live in
@@ -201,6 +216,8 @@ Read before deployment:
201
216
 
202
217
  - [SECURITY.md](SECURITY.md)
203
218
  - [docs/guide.md](docs/guide.md)
219
+ - [SUPPORT.md](SUPPORT.md)
220
+ - [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)
204
221
 
205
222
  ## Further Reading
206
223
 
@@ -73,6 +73,7 @@ Then start `opencode-a2a` against that upstream:
73
73
  ```bash
74
74
  A2A_BEARER_TOKEN=dev-token \
75
75
  OPENCODE_BASE_URL=http://127.0.0.1:4096 \
76
+ A2A_TASK_STORE_DATABASE_URL=sqlite+aiosqlite:///./opencode-a2a.db \
76
77
  A2A_HOST=127.0.0.1 \
77
78
  A2A_PORT=8000 \
78
79
  A2A_PUBLIC_URL=http://127.0.0.1:8000 \
@@ -91,6 +92,8 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
91
92
  - A2A HTTP+JSON endpoints such as `/v1/message:send` and
92
93
  `/v1/message:stream`
93
94
  - A2A JSON-RPC support on `POST /`
95
+ - SDK-owned A2A task surfaces such as `GET /v1/tasks`, task push notification
96
+ config routes, and JSON-RPC `agent/getAuthenticatedExtendedCard`
94
97
  - Peering capabilities: can act as a client via `opencode-a2a call`
95
98
  - Autonomous tool execution: supports `a2a_call` tool for outbound agent-to-agent communication
96
99
  - SSE streaming with normalized `text`, `reasoning`, and `tool_call` blocks
@@ -106,19 +109,30 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
106
109
  Interact with other A2A agents directly from the command line:
107
110
 
108
111
  ```bash
109
- opencode-a2a call http://other-agent:8000 "How are you?" --token your-outbound-token
112
+ # Using the target peer agent's Bearer token via environment injection
113
+ A2A_CLIENT_BEARER_TOKEN=your-outbound-token \
114
+ opencode-a2a call http://other-agent:8000 "How are you?"
115
+
116
+ # Using the target peer agent's Basic auth via environment injection
117
+ # Accepts raw user:pass or its base64-encoded value
118
+ A2A_CLIENT_BASIC_AUTH="user:pass" \
119
+ opencode-a2a call http://other-agent:8000 "How are you?"
110
120
  ```
111
121
 
112
122
  ### Outbound Agent Calls (Tools)
113
123
  The server can autonomously execute `a2a_call(url, message)` tool calls emitted by the OpenCode runtime. Results are fetched via A2A and returned to the model as tool results, enabling multi-agent orchestration.
114
124
 
115
- When the target peer requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN`
116
- for server-side outbound calls. CLI calls can continue using `--token` or
117
- `A2A_CLIENT_BEARER_TOKEN`.
125
+ When the target peer agent requires bearer auth, configure
126
+ `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer
127
+ agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`.
128
+ These outbound credentials apply to the peer specified by `opencode-a2a call`
129
+ or `a2a_call(url, message)`, not to this service's inbound `A2A_BEARER_TOKEN`.
130
+ The CLI intentionally reads outbound credentials from environment variables only,
131
+ so secrets do not appear in shell history or process arguments.
118
132
 
119
133
  Server-side outbound client settings are fully wired through runtime config:
120
134
  `A2A_CLIENT_TIMEOUT_SECONDS`, `A2A_CLIENT_CARD_FETCH_TIMEOUT_SECONDS`,
121
- `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, and
135
+ `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, `A2A_CLIENT_BASIC_AUTH`, and
122
136
  `A2A_CLIENT_SUPPORTED_TRANSPORTS`.
123
137
 
124
138
  Detailed protocol contracts, examples, and extension docs live in
@@ -161,6 +175,8 @@ Read before deployment:
161
175
 
162
176
  - [SECURITY.md](SECURITY.md)
163
177
  - [docs/guide.md](docs/guide.md)
178
+ - [SUPPORT.md](SUPPORT.md)
179
+ - [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)
164
180
 
165
181
  ## Further Reading
166
182
 
@@ -0,0 +1,26 @@
1
+ # Support
2
+
3
+ ## When To Open An Issue
4
+
5
+ Open a GitHub issue when you can provide:
6
+
7
+ - a clear problem statement
8
+ - the command, request, or configuration involved
9
+ - expected behavior versus actual behavior
10
+ - relevant logs or payload snippets with secrets removed
11
+
12
+ ## Before You Ask
13
+
14
+ - Read [README.md](README.md) for scope and deployment expectations.
15
+ - Read [docs/guide.md](docs/guide.md) for protocol contracts and examples.
16
+ - Read [SECURITY.md](SECURITY.md) before reporting auth, deployment, or secret-related concerns.
17
+
18
+ ## Security Concerns
19
+
20
+ Do not post active secrets, bearer tokens, or sensitive workspace data in a
21
+ public issue. Use the disclosure guidance in [SECURITY.md](SECURITY.md).
22
+
23
+ ## Commercial Or SLA Support
24
+
25
+ This repository does not currently advertise a separate SLA or managed support
26
+ channel. GitHub issues are the default public support path.
@@ -0,0 +1,122 @@
1
+ # Extension Specifications
2
+
3
+ This document is the stable specification surface referenced by the extension
4
+ URIs published in the Agent Card.
5
+ It is intentionally a compact URI/spec index, not the main consumer guide. For
6
+ runtime behavior, request/response examples, and client integration guidance,
7
+ see [`guide.md`](./guide.md).
8
+
9
+ ## SDK Compatibility Note
10
+
11
+ The current A2A prose specification references an extended-card availability
12
+ flag as `AgentCard.capabilities.extendedAgentCard` in some sections.
13
+
14
+ The current official JSON schema and SDK types expose the supported field as
15
+ top-level `supportsAuthenticatedExtendedCard`.
16
+
17
+ `opencode-a2a` follows the shipped JSON schema and SDK surface, so Agent Card
18
+ payloads emitted by this project use `supportsAuthenticatedExtendedCard`.
19
+
20
+ ## Shared Session Binding v1
21
+
22
+ URI:
23
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#shared-session-binding-v1`
24
+
25
+ - Scope: shared A2A request metadata for rebinding to an existing upstream session
26
+ - Public Agent Card: capability declaration plus minimal routing metadata
27
+ - Authenticated extended card: full profile, notes, and detailed contract metadata
28
+ - Runtime field: `metadata.shared.session.id`
29
+
30
+ ## Shared Model Selection v1
31
+
32
+ URI:
33
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#shared-model-selection-v1`
34
+
35
+ - Scope: shared request-scoped model override on the main chat path
36
+ - Public Agent Card: capability declaration plus required metadata fields
37
+ - Authenticated extended card: full profile, notes, and detailed contract metadata
38
+ - Runtime field: `metadata.shared.model`
39
+
40
+ ## Shared Stream Hints v1
41
+
42
+ URI:
43
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#shared-stream-hints-v1`
44
+
45
+ - Scope: shared canonical metadata for block, usage, interrupt, and session hints
46
+ - Public Agent Card: metadata roots plus the minimum discoverability fields for
47
+ block identity, progress status, interrupt lifecycle, session identity, and
48
+ basic token usage
49
+ - Authenticated extended card: full shared stream contract including detailed
50
+ block payload mappings and extended usage metadata
51
+ - Runtime fields: `metadata.shared.stream`, `metadata.shared.usage`,
52
+ `metadata.shared.interrupt`, `metadata.shared.session`
53
+
54
+ ## OpenCode Session Query v1
55
+
56
+ URI:
57
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-session-query-v1`
58
+
59
+ - Scope: provider-private OpenCode session lifecycle, history, and low-risk control methods
60
+ - Public Agent Card: capability declaration only
61
+ - Authenticated extended card: full method matrix, pagination rules, errors, and context semantics
62
+ - Transport: A2A JSON-RPC extension methods
63
+
64
+ ## OpenCode Provider Discovery v1
65
+
66
+ URI:
67
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-provider-discovery-v1`
68
+
69
+ - Scope: provider-private provider and model discovery methods
70
+ - Public Agent Card: capability declaration only
71
+ - Authenticated extended card: full method contracts, error surface, and routing metadata
72
+ - Transport: A2A JSON-RPC extension methods
73
+
74
+ ## Shared Interactive Interrupt v1
75
+
76
+ URI:
77
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#shared-interactive-interrupt-v1`
78
+
79
+ - Scope: shared interrupt callback reply methods
80
+ - Public Agent Card: capability declaration, supported interrupt events, and request ID field
81
+ - Authenticated extended card: full callback contract, errors, and routing metadata
82
+ - Transport: A2A JSON-RPC extension methods
83
+
84
+ ## OpenCode Interrupt Recovery v1
85
+
86
+ URI:
87
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-interrupt-recovery-v1`
88
+
89
+ - Scope: provider-private recovery methods for pending local interrupt bindings
90
+ - Public Agent Card: capability declaration only
91
+ - Authenticated extended card: full method contracts, error surface, and local-registry notes
92
+ - Transport: A2A JSON-RPC extension methods
93
+
94
+ ## OpenCode Workspace Control v1
95
+
96
+ URI:
97
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-workspace-control-v1`
98
+
99
+ - Scope: provider-private project, workspace, and worktree control-plane methods
100
+ - Public Agent Card: capability declaration only
101
+ - Authenticated extended card: full method contracts, error surface, and routing notes
102
+ - Transport: A2A JSON-RPC extension methods
103
+
104
+ ## A2A Compatibility Profile v1
105
+
106
+ URI:
107
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#a2a-compatibility-profile-v1`
108
+
109
+ - Scope: compatibility profile describing core baselines, extension retention, and service behaviors
110
+ - Public Agent Card: capability declaration only
111
+ - Authenticated extended card: full compatibility profile payload
112
+ - Transport: Agent Card extension params
113
+
114
+ ## A2A Wire Contract v1
115
+
116
+ URI:
117
+ `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#a2a-wire-contract-v1`
118
+
119
+ - Scope: wire-level contract for supported methods, endpoints, and error semantics
120
+ - Public Agent Card: capability declaration only
121
+ - Authenticated extended card: full wire contract payload
122
+ - Transport: Agent Card extension params