opencode-a2a 0.6.1__tar.gz → 0.7.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (183) hide show
  1. opencode_a2a-0.6.1/.github/workflows/dependency-health.yml → opencode_a2a-0.7.1/.github/workflows/dependency-review.yml +4 -3
  2. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/.github/workflows/publish.yml +7 -6
  3. opencode_a2a-0.6.1/.github/workflows/ci.yml → opencode_a2a-0.7.1/.github/workflows/validate.yml +12 -10
  4. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/.gitignore +3 -0
  5. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/CONTRIBUTING.md +9 -1
  6. {opencode_a2a-0.6.1/src/opencode_a2a.egg-info → opencode_a2a-0.7.1}/PKG-INFO +14 -5
  7. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/README.md +12 -3
  8. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/SECURITY.md +2 -2
  9. opencode_a2a-0.7.1/docs/conformance-triage.md +89 -0
  10. opencode_a2a-0.7.1/docs/conformance.md +67 -0
  11. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/docs/extension-specifications.md +11 -7
  12. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/docs/guide.md +184 -20
  13. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/pyproject.toml +4 -1
  14. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/README.md +2 -0
  15. opencode_a2a-0.7.1/scripts/conformance.sh +248 -0
  16. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/smoke_test_built_cli.sh +13 -1
  17. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/__init__.py +3 -0
  18. opencode_a2a-0.7.1/src/opencode_a2a/auth.py +139 -0
  19. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/agent_card.py +4 -0
  20. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/client.py +18 -11
  21. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/config.py +23 -0
  22. opencode_a2a-0.7.1/src/opencode_a2a/client/request_context.py +80 -0
  23. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/config.py +137 -3
  24. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/contracts/extensions.py +346 -41
  25. opencode_a2a-0.7.1/src/opencode_a2a/execution/coordinator.py +499 -0
  26. opencode_a2a-0.7.1/src/opencode_a2a/execution/executor.py +579 -0
  27. opencode_a2a-0.7.1/src/opencode_a2a/execution/metrics.py +20 -0
  28. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/stream_runtime.py +3 -0
  29. opencode_a2a-0.7.1/src/opencode_a2a/execution/tool_orchestration.py +153 -0
  30. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/application.py +44 -13
  31. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/dispatch.py +25 -21
  32. opencode_a2a-0.7.1/src/opencode_a2a/jsonrpc/error_responses.py +382 -0
  33. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/common.py +22 -0
  34. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/interrupt_callbacks.py +14 -0
  35. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/session_control.py +20 -0
  36. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/workspace_control.py +34 -9
  37. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/opencode_upstream_client.py +33 -4
  38. opencode_a2a-0.7.1/src/opencode_a2a/output_modes.py +29 -0
  39. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/profile/runtime.py +24 -0
  40. opencode_a2a-0.7.1/src/opencode_a2a/protocol_versions.py +103 -0
  41. opencode_a2a-0.7.1/src/opencode_a2a/py.typed +0 -0
  42. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/runtime_state.py +1 -0
  43. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/sandbox_policy.py +13 -0
  44. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/agent_card.py +116 -47
  45. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/application.py +126 -529
  46. opencode_a2a-0.7.1/src/opencode_a2a/server/client_manager.py +158 -0
  47. opencode_a2a-0.7.1/src/opencode_a2a/server/lifespan.py +43 -0
  48. opencode_a2a-0.7.1/src/opencode_a2a/server/middleware.py +583 -0
  49. opencode_a2a-0.7.1/src/opencode_a2a/server/migrations.py +240 -0
  50. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/openapi.py +106 -75
  51. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/request_parsing.py +41 -3
  52. opencode_a2a-0.7.1/src/opencode_a2a/server/rest_tasks.py +336 -0
  53. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/state_store.py +139 -116
  54. opencode_a2a-0.7.1/src/opencode_a2a/server/task_store.py +449 -0
  55. opencode_a2a-0.7.1/src/opencode_a2a/trace_context.py +125 -0
  56. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1/src/opencode_a2a.egg-info}/PKG-INFO +14 -5
  57. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a.egg-info/SOURCES.txt +22 -2
  58. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a.egg-info/requires.txt +1 -1
  59. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_client_config.py +8 -0
  60. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_client_facade.py +1 -2
  61. opencode_a2a-0.7.1/tests/client/test_request_context.py +123 -0
  62. opencode_a2a-0.7.1/tests/config/test_settings.py +345 -0
  63. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/contracts/test_extension_contract_consistency.py +40 -23
  64. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_agent_errors.py +28 -1
  65. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_directory_validation.py +1 -1
  66. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_metrics.py +2 -2
  67. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_multipart_input.py +1 -1
  68. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_opencode_agent_session_binding.py +86 -2
  69. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_session_ownership.py +2 -2
  70. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_streaming_output_contract_blocks.py +39 -0
  71. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_streaming_output_contract_logging.py +2 -2
  72. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_dispatch_registry.py +48 -5
  73. opencode_a2a-0.7.1/tests/jsonrpc/test_error_responses.py +200 -0
  74. opencode_a2a-0.7.1/tests/jsonrpc/test_jsonrpc_unsupported_method.py +250 -0
  75. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_session_extension_commands.py +255 -25
  76. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_session_extension_interrupts.py +83 -19
  77. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_session_extension_lifecycle.py +14 -14
  78. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_session_extension_prompt_async.py +92 -21
  79. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_session_extension_queries.py +46 -46
  80. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_opencode_workspace_control_extension.py +116 -9
  81. opencode_a2a-0.7.1/tests/package/test_logging.py +9 -0
  82. opencode_a2a-0.7.1/tests/package/test_typing_contract.py +9 -0
  83. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/profile/test_profile_runtime.py +31 -4
  84. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/scripts/test_script_health_contract.py +17 -0
  85. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_a2a_client_manager.py +26 -12
  86. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_agent_card.py +297 -69
  87. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_app_behaviors.py +250 -18
  88. opencode_a2a-0.7.1/tests/server/test_auth.py +120 -0
  89. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_call_context_builder.py +26 -0
  90. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_database_app_persistence.py +5 -3
  91. opencode_a2a-0.7.1/tests/server/test_state_store.py +591 -0
  92. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_task_store_factory.py +165 -6
  93. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_transport_contract.py +579 -33
  94. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/support/helpers.py +81 -10
  95. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/support/streaming_output.py +1 -1
  96. opencode_a2a-0.7.1/tests/test_trace_context.py +53 -0
  97. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/upstream/test_opencode_upstream_client_params.py +121 -35
  98. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/uv.lock +5 -5
  99. opencode_a2a-0.6.1/src/opencode_a2a/client/request_context.py +0 -97
  100. opencode_a2a-0.6.1/src/opencode_a2a/execution/executor.py +0 -1129
  101. opencode_a2a-0.6.1/src/opencode_a2a/jsonrpc/error_responses.py +0 -160
  102. opencode_a2a-0.6.1/src/opencode_a2a/server/task_store.py +0 -210
  103. opencode_a2a-0.6.1/tests/client/test_request_context.py +0 -79
  104. opencode_a2a-0.6.1/tests/config/test_settings.py +0 -150
  105. opencode_a2a-0.6.1/tests/jsonrpc/test_error_responses.py +0 -101
  106. opencode_a2a-0.6.1/tests/jsonrpc/test_jsonrpc_unsupported_method.py +0 -120
  107. opencode_a2a-0.6.1/tests/server/test_state_store.py +0 -296
  108. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/.pre-commit-config.yaml +0 -0
  109. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/.secrets.baseline +0 -0
  110. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/AGENTS.md +0 -0
  111. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/CODE_OF_CONDUCT.md +0 -0
  112. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/LICENSE +0 -0
  113. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/SUPPORT.md +0 -0
  114. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/check_coverage.py +0 -0
  115. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/dependency_health.sh +0 -0
  116. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/doctor.sh +0 -0
  117. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/health_common.sh +0 -0
  118. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/scripts/lint.sh +0 -0
  119. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/setup.cfg +0 -0
  120. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/cli.py +0 -0
  121. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/__init__.py +0 -0
  122. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/auth.py +0 -0
  123. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/error_mapping.py +0 -0
  124. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/errors.py +0 -0
  125. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/payload_text.py +0 -0
  126. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/client/polling.py +0 -0
  127. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/contracts/__init__.py +0 -0
  128. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/__init__.py +0 -0
  129. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/event_helpers.py +0 -0
  130. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/request_context.py +0 -0
  131. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/session_manager.py +0 -0
  132. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/stream_events.py +0 -0
  133. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/stream_state.py +0 -0
  134. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/tool_error_mapping.py +0 -0
  135. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/execution/upstream_error_translator.py +0 -0
  136. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/invocation.py +0 -0
  137. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/__init__.py +0 -0
  138. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/__init__.py +0 -0
  139. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/interrupt_queries.py +0 -0
  140. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/provider_discovery.py +0 -0
  141. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/session_lifecycle.py +0 -0
  142. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/handlers/session_queries.py +0 -0
  143. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/methods.py +0 -0
  144. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/jsonrpc/params.py +0 -0
  145. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/parts/__init__.py +0 -0
  146. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/parts/mapping.py +0 -0
  147. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/parts/text.py +0 -0
  148. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/profile/__init__.py +0 -0
  149. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/server/__init__.py +0 -0
  150. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a/upstream_taxonomy.py +0 -0
  151. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a.egg-info/dependency_links.txt +0 -0
  152. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a.egg-info/entry_points.txt +0 -0
  153. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/src/opencode_a2a.egg-info/top_level.txt +0 -0
  154. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/__init__.py +0 -0
  155. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/__init__.py +0 -0
  156. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_agent_card.py +0 -0
  157. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_error_mapping.py +0 -0
  158. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_payload_text.py +0 -0
  159. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/client/test_polling.py +0 -0
  160. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/config/__init__.py +0 -0
  161. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/conftest.py +0 -0
  162. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/contracts/__init__.py +0 -0
  163. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/__init__.py +0 -0
  164. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_agent_helpers.py +0 -0
  165. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_cancellation.py +0 -0
  166. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_session_lock_lifecycle.py +0 -0
  167. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_streaming_output_contract_core.py +0 -0
  168. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/execution/test_streaming_output_contract_interrupts.py +0 -0
  169. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/__init__.py +0 -0
  170. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_jsonrpc_methods.py +0 -0
  171. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/jsonrpc/test_jsonrpc_params.py +0 -0
  172. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/package/__init__.py +0 -0
  173. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/package/test_version.py +0 -0
  174. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/parts/__init__.py +0 -0
  175. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/parts/test_parts_text.py +0 -0
  176. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/profile/__init__.py +0 -0
  177. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/scripts/__init__.py +0 -0
  178. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/__init__.py +0 -0
  179. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_cancel_contract.py +0 -0
  180. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/server/test_cli.py +0 -0
  181. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/support/__init__.py +0 -0
  182. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/support/session_extensions.py +0 -0
  183. {opencode_a2a-0.6.1 → opencode_a2a-0.7.1}/tests/upstream/__init__.py +0 -0
@@ -1,4 +1,4 @@
1
- name: Dependency Health
1
+ name: Review Development Dependencies
2
2
 
3
3
  on:
4
4
  workflow_dispatch:
@@ -11,18 +11,19 @@ permissions:
11
11
 
12
12
  jobs:
13
13
  dependency-health:
14
+ name: Audit Development Dependencies
14
15
  runs-on: ubuntu-latest
15
16
 
16
17
  steps:
17
18
  - name: Checkout
18
19
  uses: actions/checkout@v6
19
20
 
20
- - name: Setup Python
21
+ - name: Set up Python
21
22
  uses: actions/setup-python@v6
22
23
  with:
23
24
  python-version: "3.13"
24
25
 
25
- - name: Setup uv
26
+ - name: Set up uv
26
27
  uses: astral-sh/setup-uv@v7
27
28
  with:
28
29
  enable-cache: false
@@ -1,4 +1,4 @@
1
- name: Publish
1
+ name: Release Publish and Repair
2
2
 
3
3
  on:
4
4
  push:
@@ -31,6 +31,7 @@ permissions:
31
31
 
32
32
  jobs:
33
33
  publish:
34
+ name: Build and Publish Release Artifacts
34
35
  runs-on: ubuntu-latest
35
36
 
36
37
  steps:
@@ -40,17 +41,17 @@ jobs:
40
41
  fetch-depth: 0
41
42
  ref: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref }}
42
43
 
43
- - name: Setup Python
44
+ - name: Set up Python
44
45
  uses: actions/setup-python@v6
45
46
  with:
46
47
  python-version: "3.13"
47
48
 
48
- - name: Setup uv
49
+ - name: Set up uv
49
50
  uses: astral-sh/setup-uv@v7
50
51
  with:
51
52
  enable-cache: false
52
53
 
53
- - name: Run regression baseline
54
+ - name: Run default regression baseline
54
55
  run: bash ./scripts/doctor.sh
55
56
 
56
57
  - name: Export runtime requirements for vulnerability audit
@@ -94,10 +95,10 @@ jobs:
94
95
  print(f"Validated release version: {version}")
95
96
  PY
96
97
 
97
- - name: Smoke test wheel install
98
+ - name: Smoke test wheel artifact
98
99
  run: bash ./scripts/smoke_test_built_cli.sh dist/opencode_a2a-*.whl
99
100
 
100
- - name: Smoke test sdist install
101
+ - name: Smoke test sdist artifact
101
102
  run: bash ./scripts/smoke_test_built_cli.sh dist/opencode_a2a-*.tar.gz
102
103
 
103
104
  - name: Publish to PyPI
@@ -1,4 +1,4 @@
1
- name: CI
1
+ name: Validate PRs and Main
2
2
 
3
3
  on:
4
4
  pull_request:
@@ -11,29 +11,30 @@ permissions:
11
11
 
12
12
  jobs:
13
13
  quality-gate:
14
+ name: Validate Default Toolchain
14
15
  runs-on: ubuntu-latest
15
16
 
16
17
  steps:
17
18
  - name: Checkout
18
19
  uses: actions/checkout@v6
19
20
 
20
- - name: Setup Python
21
+ - name: Set up Python
21
22
  uses: actions/setup-python@v6
22
23
  with:
23
24
  python-version: "3.13"
24
25
 
25
- - name: Setup uv
26
+ - name: Set up uv
26
27
  uses: astral-sh/setup-uv@v7
27
28
  with:
28
29
  enable-cache: false
29
30
 
30
- - name: Sync Dependencies
31
+ - name: Sync locked dependencies
31
32
  run: uv sync --all-extras --frozen
32
33
 
33
- - name: Run pre-commit
34
+ - name: Run lint checks
34
35
  run: bash ./scripts/lint.sh
35
36
 
36
- - name: Run pytest
37
+ - name: Run test suite
37
38
  run: uv run pytest
38
39
 
39
40
  - name: Enforce coverage policy
@@ -60,6 +61,7 @@ jobs:
60
61
  run: bash ./scripts/smoke_test_built_cli.sh dist/opencode_a2a-*.tar.gz
61
62
 
62
63
  runtime-matrix:
64
+ name: Validate Runtime Matrix (Python ${{ matrix.python-version }})
63
65
  runs-on: ubuntu-latest
64
66
  strategy:
65
67
  fail-fast: false
@@ -70,18 +72,18 @@ jobs:
70
72
  - name: Checkout
71
73
  uses: actions/checkout@v6
72
74
 
73
- - name: Setup Python
75
+ - name: Set up Python
74
76
  uses: actions/setup-python@v6
75
77
  with:
76
78
  python-version: ${{ matrix.python-version }}
77
79
 
78
- - name: Setup uv
80
+ - name: Set up uv
79
81
  uses: astral-sh/setup-uv@v7
80
82
  with:
81
83
  enable-cache: false
82
84
 
83
- - name: Sync Dependencies
85
+ - name: Sync locked dependencies
84
86
  run: uv sync --all-extras --frozen
85
87
 
86
- - name: Run pytest runtime matrix
88
+ - name: Run runtime regression tests
87
89
  run: uv run pytest --no-cov
@@ -225,3 +225,6 @@ temp_*.*
225
225
  docs/operations/opencode/
226
226
  .swival/
227
227
  *.db
228
+ .codex-a2a/
229
+ opencode-a2a.db
230
+ opencode-a2a.db*
@@ -33,7 +33,7 @@ opencode serve --hostname 127.0.0.1 --port 4096
33
33
  Then start the A2A runtime in another terminal:
34
34
 
35
35
  ```bash
36
- A2A_BEARER_TOKEN=dev-token \
36
+ A2A_STATIC_AUTH_CREDENTIALS='[{"scheme":"bearer","token":"dev-token","principal":"automation"}]' \
37
37
  OPENCODE_BASE_URL=http://127.0.0.1:4096 \
38
38
  OPENCODE_WORKSPACE_ROOT=/abs/path/to/workspace \
39
39
  uv run opencode-a2a serve
@@ -55,6 +55,14 @@ bash -n scripts/doctor.sh
55
55
  bash -n scripts/lint.sh
56
56
  ```
57
57
 
58
+ External interoperability experiments stay outside the default regression baseline. When you need to reproduce current official-tool behavior, run:
59
+
60
+ ```bash
61
+ bash ./scripts/conformance.sh
62
+ ```
63
+
64
+ Treat that output as investigation input. Do not fold it into `doctor.sh` or the default CI quality gate unless the repository explicitly decides to promote a specific experiment into a maintained policy.
65
+
58
66
  If you change extension methods, extension metadata, or Agent Card/OpenAPI contract surfaces, also run:
59
67
 
60
68
  ```bash
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: opencode-a2a
3
- Version: 0.6.1
3
+ Version: 0.7.1
4
4
  Summary: OpenCode A2A runtime
5
5
  Author: liujuanjuan1984@Intelligent-Internet
6
6
  License-Expression: Apache-2.0
@@ -25,7 +25,6 @@ Requires-Dist: fastapi<1.0,>=0.110
25
25
  Requires-Dist: httpx<1.0,>=0.27
26
26
  Requires-Dist: pydantic<3.0,>=2.6
27
27
  Requires-Dist: pydantic-settings<3.0,>=2.2
28
- Requires-Dist: requests<3.0,>=2.33.0
29
28
  Requires-Dist: sqlalchemy<3.0,>=2.0
30
29
  Requires-Dist: sse-starlette<4.0,>=2.1
31
30
  Requires-Dist: uvicorn<1.0,>=0.29
@@ -33,6 +32,7 @@ Provides-Extra: dev
33
32
  Requires-Dist: mypy<2.0,>=1.19.1; extra == "dev"
34
33
  Requires-Dist: pip-audit<3.0,>=2.9; extra == "dev"
35
34
  Requires-Dist: pre-commit<5.0,>=4.5.1; extra == "dev"
35
+ Requires-Dist: pygments<3.0,>=2.20.0; extra == "dev"
36
36
  Requires-Dist: pytest<10.0,>=8.0; extra == "dev"
37
37
  Requires-Dist: pytest-asyncio<2.0,>=0.23; extra == "dev"
38
38
  Requires-Dist: pytest-cov<8.0.0,>=7.0.0; extra == "dev"
@@ -104,7 +104,8 @@ Treat the deployed OpenCode user's HOME/XDG config directories as part of the ru
104
104
  Then start `opencode-a2a` against that upstream:
105
105
 
106
106
  ```bash
107
- A2A_BEARER_TOKEN=dev-token \
107
+ DEMO_BEARER_TOKEN="$(python3 -c 'import secrets; print(secrets.token_hex(24))')"
108
+ A2A_STATIC_AUTH_CREDENTIALS='[{"scheme":"bearer","token":"'"${DEMO_BEARER_TOKEN}"'","principal":"automation"}]' \
108
109
  OPENCODE_BASE_URL=http://127.0.0.1:4096 \
109
110
  A2A_TASK_STORE_DATABASE_URL=sqlite+aiosqlite:///./opencode-a2a.db \
110
111
  A2A_HOST=127.0.0.1 \
@@ -132,6 +133,14 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
132
133
  - Request-scoped model selection through `metadata.shared.model`
133
134
  - OpenCode-oriented JSON-RPC extensions for session and model/provider queries
134
135
 
136
+ ## A2A Protocol Support
137
+
138
+ - Default protocol line: `0.3`
139
+ - Declared supported protocol lines: `0.3`, `1.0`
140
+ - `0.3` is the stable interoperability baseline for the current runtime surface.
141
+ - `1.0` currently covers version negotiation plus protocol-aware JSON-RPC and REST error shaping, while transport payloads, enums, pagination, signatures, and interface-level protocol declarations still follow the shipped SDK baseline.
142
+ - The detailed compatibility matrix and machine-readable support boundary are documented in [`docs/guide.md`](docs/guide.md).
143
+
135
144
  ## Peering Node / Outbound Access
136
145
 
137
146
  `opencode-a2a` supports a "Peering Node" architecture where a single process handles both inbound (Server) and outbound (Client) A2A traffic.
@@ -153,7 +162,7 @@ opencode-a2a call http://other-agent:8000 "How are you?"
153
162
  ### Outbound Agent Calls (Tools)
154
163
  The server can autonomously execute `a2a_call(url, message)` tool calls emitted by the OpenCode runtime. Results are fetched via A2A and returned to the model as tool results, enabling multi-agent orchestration.
155
164
 
156
- When the target peer agent requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`. These outbound credentials apply to the peer specified by `opencode-a2a call` or `a2a_call(url, message)`, not to this service's inbound `A2A_BEARER_TOKEN`. The CLI intentionally reads outbound credentials from environment variables only, so secrets do not appear in shell history or process arguments.
165
+ When the target peer agent requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`. These outbound credentials apply to the peer specified by `opencode-a2a call` or `a2a_call(url, message)`, not to this service's inbound `A2A_STATIC_AUTH_CREDENTIALS`. The CLI intentionally reads outbound credentials from environment variables only, so secrets do not appear in shell history or process arguments.
157
166
 
158
167
  Server-side outbound client settings are fully wired through runtime config: `A2A_CLIENT_TIMEOUT_SECONDS`, `A2A_CLIENT_CARD_FETCH_TIMEOUT_SECONDS`, `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, `A2A_CLIENT_BASIC_AUTH`, and `A2A_CLIENT_SUPPORTED_TRANSPORTS`.
159
168
 
@@ -179,7 +188,7 @@ For client-side integration, prefer [a2a-client-hub](https://github.com/liujuanj
179
188
 
180
189
  This repository improves the service boundary around OpenCode, but it does not turn OpenCode into a hardened multi-tenant platform.
181
190
 
182
- - `A2A_BEARER_TOKEN` protects the A2A surface.
191
+ - `A2A_STATIC_AUTH_CREDENTIALS` protects the A2A surface.
183
192
  - Provider auth and default model configuration remain on the OpenCode side; deployment-time precedence details and HOME/XDG state impact are documented in [docs/guide.md](docs/guide.md#troubleshooting-provider-auth-state).
184
193
  - Use `A2A_CLIENT_BEARER_TOKEN` for server-side outbound peer calls initiated by `a2a_call`.
185
194
  - Deployment supervision is intentionally BYO. Use `systemd`, Docker, Kubernetes, or another supervisor if you need long-running operation.
@@ -63,7 +63,8 @@ Treat the deployed OpenCode user's HOME/XDG config directories as part of the ru
63
63
  Then start `opencode-a2a` against that upstream:
64
64
 
65
65
  ```bash
66
- A2A_BEARER_TOKEN=dev-token \
66
+ DEMO_BEARER_TOKEN="$(python3 -c 'import secrets; print(secrets.token_hex(24))')"
67
+ A2A_STATIC_AUTH_CREDENTIALS='[{"scheme":"bearer","token":"'"${DEMO_BEARER_TOKEN}"'","principal":"automation"}]' \
67
68
  OPENCODE_BASE_URL=http://127.0.0.1:4096 \
68
69
  A2A_TASK_STORE_DATABASE_URL=sqlite+aiosqlite:///./opencode-a2a.db \
69
70
  A2A_HOST=127.0.0.1 \
@@ -91,6 +92,14 @@ curl http://127.0.0.1:8000/.well-known/agent-card.json
91
92
  - Request-scoped model selection through `metadata.shared.model`
92
93
  - OpenCode-oriented JSON-RPC extensions for session and model/provider queries
93
94
 
95
+ ## A2A Protocol Support
96
+
97
+ - Default protocol line: `0.3`
98
+ - Declared supported protocol lines: `0.3`, `1.0`
99
+ - `0.3` is the stable interoperability baseline for the current runtime surface.
100
+ - `1.0` currently covers version negotiation plus protocol-aware JSON-RPC and REST error shaping, while transport payloads, enums, pagination, signatures, and interface-level protocol declarations still follow the shipped SDK baseline.
101
+ - The detailed compatibility matrix and machine-readable support boundary are documented in [`docs/guide.md`](docs/guide.md).
102
+
94
103
  ## Peering Node / Outbound Access
95
104
 
96
105
  `opencode-a2a` supports a "Peering Node" architecture where a single process handles both inbound (Server) and outbound (Client) A2A traffic.
@@ -112,7 +121,7 @@ opencode-a2a call http://other-agent:8000 "How are you?"
112
121
  ### Outbound Agent Calls (Tools)
113
122
  The server can autonomously execute `a2a_call(url, message)` tool calls emitted by the OpenCode runtime. Results are fetched via A2A and returned to the model as tool results, enabling multi-agent orchestration.
114
123
 
115
- When the target peer agent requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`. These outbound credentials apply to the peer specified by `opencode-a2a call` or `a2a_call(url, message)`, not to this service's inbound `A2A_BEARER_TOKEN`. The CLI intentionally reads outbound credentials from environment variables only, so secrets do not appear in shell history or process arguments.
124
+ When the target peer agent requires bearer auth, configure `A2A_CLIENT_BEARER_TOKEN` for server-side outbound calls. When the target peer agent requires Basic auth, use `A2A_CLIENT_BASIC_AUTH`. These outbound credentials apply to the peer specified by `opencode-a2a call` or `a2a_call(url, message)`, not to this service's inbound `A2A_STATIC_AUTH_CREDENTIALS`. The CLI intentionally reads outbound credentials from environment variables only, so secrets do not appear in shell history or process arguments.
116
125
 
117
126
  Server-side outbound client settings are fully wired through runtime config: `A2A_CLIENT_TIMEOUT_SECONDS`, `A2A_CLIENT_CARD_FETCH_TIMEOUT_SECONDS`, `A2A_CLIENT_USE_CLIENT_PREFERENCE`, `A2A_CLIENT_BEARER_TOKEN`, `A2A_CLIENT_BASIC_AUTH`, and `A2A_CLIENT_SUPPORTED_TRANSPORTS`.
118
127
 
@@ -138,7 +147,7 @@ For client-side integration, prefer [a2a-client-hub](https://github.com/liujuanj
138
147
 
139
148
  This repository improves the service boundary around OpenCode, but it does not turn OpenCode into a hardened multi-tenant platform.
140
149
 
141
- - `A2A_BEARER_TOKEN` protects the A2A surface.
150
+ - `A2A_STATIC_AUTH_CREDENTIALS` protects the A2A surface.
142
151
  - Provider auth and default model configuration remain on the OpenCode side; deployment-time precedence details and HOME/XDG state impact are documented in [docs/guide.md](docs/guide.md#troubleshooting-provider-auth-state).
143
152
  - Use `A2A_CLIENT_BEARER_TOKEN` for server-side outbound peer calls initiated by `a2a_call`.
144
153
  - Deployment supervision is intentionally BYO. Use `systemd`, Docker, Kubernetes, or another supervisor if you need long-running operation.
@@ -6,7 +6,7 @@ This repository wraps OpenCode as an A2A runtime. It exposes A2A HTTP+JSON and J
6
6
 
7
7
  ## Security Boundary
8
8
 
9
- - `A2A_BEARER_TOKEN` protects access to the A2A surface, but it is not a tenant-isolation boundary inside one deployed instance.
9
+ - `A2A_STATIC_AUTH_CREDENTIALS` protects access to the A2A surface, but it is not a tenant-isolation boundary inside one deployed instance.
10
10
  - One `OpenCode + opencode-a2a` instance pair is treated as a single-tenant trust boundary by design.
11
11
  - Tenant isolation across consumers is expected to come from parameterized self-deployment.
12
12
  - For mutually untrusted tenants, use separate instance pairs with distinct Linux users, workspace roots, credentials, and runtime ports.
@@ -21,7 +21,7 @@ This project is currently best suited for trusted or internal environments. Impo
21
21
 
22
22
  - no per-tenant workspace isolation inside one instance
23
23
  - no hard guarantee that upstream provider keys are inaccessible to agent logic
24
- - bearer-token auth only by default; stronger identity propagation is still a follow-up hardening area
24
+ - static credential auth only by default; stronger identity propagation is still a follow-up hardening area
25
25
  - operators remain responsible for host hardening, secret rotation, process access controls, and reverse-proxy exposure strategy
26
26
 
27
27
  ## Reporting a Vulnerability
@@ -0,0 +1,89 @@
1
+ # External Conformance Triage
2
+
3
+ This document records the first local `./scripts/conformance.sh mandatory` run against the official `a2aproject/a2a-tck` using the repository's dummy-backed SUT.
4
+
5
+ ## Standards Used For Triage
6
+
7
+ - `a2a-sdk==0.3.25` as installed in this repository:
8
+ - `AgentCard` uses `additionalInterfaces`, not `supportedInterfaces`.
9
+ - JSON-RPC request models use `message/send`, `tasks/get`, `tasks/cancel`, and `agent/getAuthenticatedExtendedCard`.
10
+ - The installed SDK does not expose a JSON-RPC `ListTasks` request model.
11
+ - A2A v0.3.0 specification:
12
+ - JSON-RPC methods use the `{category}/{action}` pattern such as `message/send` and `tasks/get`.
13
+ - Transport declarations use `preferredTransport` plus `additionalInterfaces`.
14
+ - The method mapping table lists `tasks/list` as gRPC/REST only.
15
+ - Repository compatibility policy:
16
+ - `A2A-Version` negotiation supports both `0.3` and `1.0`.
17
+ - Payloads still follow the shipped `0.3` SDK baseline.
18
+ - `1.0` compatibility is currently documented as partial rather than complete.
19
+
20
+ ## Classification Labels
21
+
22
+ - `TCK issue`: the failing expectation conflicts with `a2a-sdk==0.3.25` and the v0.3.0 baseline used by this repository.
23
+ - `TCK issue; also a repo v1.0 gap`: the exact failure is caused by a TCK mismatch, but the same area would still need extra work for stronger `1.0` compatibility.
24
+ - `TCK issue / local experiment artifact`: the failure comes from an aggressive heuristic or from local dummy-run characteristics and should not be treated as a runtime protocol bug.
25
+
26
+ ## Per-Test Triage
27
+
28
+ - `tests/mandatory/authentication/test_auth_compliance_v030.py::test_security_scheme_structure_compliance`: `TCK issue`. The TCK expects each `securitySchemes` entry to be wrapped as `{httpAuthSecurityScheme: {...}}`, but `a2a-sdk==0.3.25` exposes the flattened OpenAPI-shaped object with fields like `type`, `scheme`, `description`, and `bearerFormat`.
29
+ - `tests/mandatory/authentication/test_auth_enforcement.py::test_authentication_scheme_consistency`: `TCK issue`. Same root cause as the previous test: the TCK validates a non-SDK wrapper shape instead of the installed SDK schema.
30
+ - `tests/mandatory/jsonrpc/test_a2a_error_codes_enhanced.py::test_push_notification_not_supported_error_32003_enhanced`: `TCK issue`. The failure is a TCK helper bug: `transport_create_task_push_notification_config()` is called with the wrong positional signature before the runtime behavior is even exercised.
31
+ - `tests/mandatory/jsonrpc/test_json_rpc_compliance.py::test_rejects_invalid_json_rpc_requests[invalid_request4--32602]`: `TCK issue`. The test sends JSON-RPC method `SendMessage`; under the v0.3.0 / SDK 0.3.25 baseline the correct method is `message/send`, so the runtime correctly returns `-32601` for an unknown method instead of `-32602`.
32
+ - `tests/mandatory/jsonrpc/test_json_rpc_compliance.py::test_rejects_invalid_params`: `TCK issue`. Same method-name mismatch as above; with the correct `message/send` method the runtime returns `-32602` for invalid parameters.
33
+ - `tests/mandatory/jsonrpc/test_protocol_violations.py::test_duplicate_request_ids`: `TCK issue`. The first request already fails because the TCK uses `SendMessage` instead of `message/send`, so the duplicate-ID assertion never reaches the actual duplicate-ID behavior.
34
+ - `tests/mandatory/protocol/test_a2a_v030_new_methods.py::TestMethodMappingCompliance::test_core_method_mapping_compliance`: `TCK issue; also a repo v1.0 gap`. The JSON-RPC client uses PascalCase methods (`SendMessage`, `GetTask`, `CancelTask`) that do not match the v0.3.0 JSON-RPC mapping, but the repository also does not currently provide PascalCase aliases even when `A2A-Version: 1.0` is negotiated.
35
+ - `tests/mandatory/protocol/test_message_send_method.py::test_message_send_valid_text`: `TCK issue; also a repo v1.0 gap`. The failing request uses `SendMessage` over JSON-RPC; the repository correctly supports `message/send` for the current SDK baseline, but not the PascalCase alias.
36
+ - `tests/mandatory/protocol/test_message_send_method.py::test_message_send_invalid_params`: `TCK issue; also a repo v1.0 gap`. Direct cause is the same PascalCase JSON-RPC method mismatch.
37
+ - `tests/mandatory/protocol/test_message_send_method.py::test_message_send_continue_task`: `TCK issue; also a repo v1.0 gap`. Direct cause is again `SendMessage` instead of `message/send`.
38
+ - `tests/mandatory/protocol/test_state_transitions.py::test_task_history_length`: `TCK issue; also a repo v1.0 gap`. Task creation fails only because the TCK uses `SendMessage` on JSON-RPC.
39
+ - `tests/mandatory/protocol/test_tasks_cancel_method.py::test_tasks_cancel_valid`: `TCK issue; also a repo v1.0 gap`. The fixture cannot create a task because the TCK uses `SendMessage`; the runtime's `tasks/cancel` behavior is not the direct failing cause in this run.
40
+ - `tests/mandatory/protocol/test_tasks_cancel_method.py::test_tasks_cancel_nonexistent`: `TCK issue; also a repo v1.0 gap`. The TCK calls JSON-RPC `CancelTask`; under the v0.3.0 baseline the method is `tasks/cancel`. With the correct method, the runtime returns `Task not found` / `-32001`.
41
+ - `tests/mandatory/protocol/test_tasks_get_method.py::test_tasks_get_valid`: `TCK issue; also a repo v1.0 gap`. The task-creation fixture fails first because the TCK uses `SendMessage`.
42
+ - `tests/mandatory/protocol/test_tasks_get_method.py::test_tasks_get_with_history_length`: `TCK issue; also a repo v1.0 gap`. Same fixture failure via `SendMessage`.
43
+ - `tests/mandatory/protocol/test_tasks_get_method.py::test_tasks_get_nonexistent`: `TCK issue; also a repo v1.0 gap`. The TCK calls JSON-RPC `GetTask`; under the v0.3.0 baseline the method is `tasks/get`. With the correct method, the runtime returns `Task not found` / `-32001`.
44
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestBasicListing::test_list_all_tasks`: `TCK issue; also a repo v1.0 gap`. The test suite uses JSON-RPC `ListTasks`, which is outside the `a2a-sdk==0.3.25` JSON-RPC surface and outside the v0.3.0 JSON-RPC mapping.
45
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestBasicListing::test_list_tasks_empty_when_none_exist`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
46
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestBasicListing::test_list_tasks_validates_required_fields`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
47
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestBasicListing::test_list_tasks_sorted_by_timestamp_descending`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
48
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestFiltering::test_filter_by_context_id`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
49
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestFiltering::test_filter_by_status`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
50
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestFiltering::test_filter_by_last_updated_after`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
51
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestFiltering::test_combined_filters`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
52
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestPagination::test_default_page_size`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
53
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestPagination::test_custom_page_size`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
54
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestPagination::test_page_token_navigation`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
55
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestPagination::test_last_page_detection`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
56
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestPagination::test_total_size_accuracy`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
57
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestHistoryLimiting::test_history_length_zero`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
58
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestHistoryLimiting::test_history_length_custom`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
59
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestHistoryLimiting::test_history_length_exceeds_actual`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
60
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestArtifactInclusion::test_artifacts_excluded_by_default`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
61
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestArtifactInclusion::test_artifacts_included_when_requested`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
62
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_invalid_page_token_error`: `TCK issue; also a repo v1.0 gap`. The assertion expects JSON-RPC param validation on `ListTasks`, but the direct failure is still that `ListTasks` is not a supported JSON-RPC method in the current SDK baseline.
63
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_invalid_status_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
64
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_negative_page_size_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
65
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_zero_page_size_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
66
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_out_of_range_page_size_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
67
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_default_page_size_is_50`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
68
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_negative_history_length_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
69
+ - `tests/mandatory/protocol/test_tasks_list_method.py::TestEdgeCasesAndErrors::test_invalid_timestamp_error`: `TCK issue; also a repo v1.0 gap`. Same JSON-RPC `ListTasks` mismatch.
70
+ - `tests/mandatory/security/test_agent_card_security.py::test_public_agent_card_access_control`: `TCK issue`. The TCK requires `supportedInterfaces`, but `a2a-sdk==0.3.25` and the v0.3.0 specification use `additionalInterfaces`.
71
+ - `tests/mandatory/security/test_agent_card_security.py::test_sensitive_information_protection`: `TCK issue / local experiment artifact`. The failure is driven by heuristic keyword scanning (`token`, `private`, `127.0.0.1`, non-standard port) against a local dummy-backed run. That is not a reliable indicator of protocol non-compliance.
72
+ - `tests/mandatory/security/test_agent_card_security.py::test_security_scheme_consistency`: `TCK issue`. Same schema mismatch as the earlier authentication tests: the TCK expects wrapped security scheme objects instead of the installed SDK shape.
73
+ - `tests/mandatory/transport/test_multi_transport_equivalence.py::test_message_sending_equivalence`: `TCK issue; also a repo v1.0 gap`. The transport client uses JSON-RPC `SendMessage`; under the v0.3.0 baseline the method is `message/send`, but stronger `1.0` compatibility would still require additional alias handling.
74
+ - `tests/mandatory/transport/test_multi_transport_equivalence.py::test_concurrent_operation_equivalence`: `TCK issue; also a repo v1.0 gap`. Same direct cause as the previous test: the JSON-RPC client sends `SendMessage`.
75
+
76
+ ## Adjacent Repository Gaps Found During Triage
77
+
78
+ These did not directly cause the exact failed node IDs above, but they are real repository-side gaps revealed during follow-up probes:
79
+
80
+ - `A2A-Version: 1.0` still returns `-32601` for JSON-RPC `SendMessage` and `GetExtendedAgentCard`. That means current `1.0` support is still limited to negotiation and error-shaping rather than full method-surface compatibility.
81
+ - `GET /v1/tasks` currently returns `500 NotImplementedError` in a local probe, even though the route exists and repository docs describe the SDK-owned REST surface as including task listing. That behavior should be treated as a repository issue independent from the TCK's incorrect JSON-RPC `ListTasks` expectation.
82
+
83
+ ## Summary
84
+
85
+ For the exact 47 failed/error cases in the first mandatory run:
86
+
87
+ - No failure is a clean `a2a-sdk==0.3.25` / v0.3.0 conformance bug in the current runtime.
88
+ - Most failures come from TCK method/schema assumptions that do not match the shipped SDK baseline.
89
+ - Several failures also highlight future repository work if stronger `1.0` compatibility becomes a goal.
@@ -0,0 +1,67 @@
1
+ # External Conformance Experiments
2
+
3
+ This repository keeps internal regression and external interoperability experiments separate on purpose.
4
+
5
+ ## Scope
6
+
7
+ - `./scripts/doctor.sh` remains the primary internal regression entrypoint.
8
+ - `./scripts/conformance.sh` is a local/manual experiment entrypoint for official external tooling.
9
+ - External conformance output should be treated as investigation input, not as an automatic merge gate.
10
+
11
+ ## Current Experiment Shape
12
+
13
+ The default `./scripts/conformance.sh` workflow does the following:
14
+
15
+ 1. Sync the repository environment unless explicitly skipped.
16
+ 2. Cache or refresh the official `a2aproject/a2a-tck` checkout.
17
+ 3. Start a local dummy-backed `opencode-a2a` runtime unless `CONFORMANCE_SUT_URL` points to an existing SUT.
18
+ 4. Run the requested TCK category, defaulting to `mandatory`.
19
+ 5. Preserve raw logs and machine-readable reports under `run/conformance/<timestamp>/`.
20
+
21
+ The default local SUT uses the repository test double `DummyChatOpencodeUpstreamClient`. That keeps the experiment reproducible without requiring a live OpenCode upstream.
22
+
23
+ ## Usage
24
+
25
+ Run the default mandatory experiment:
26
+
27
+ ```bash
28
+ bash ./scripts/conformance.sh
29
+ ```
30
+
31
+ Run a different TCK category:
32
+
33
+ ```bash
34
+ bash ./scripts/conformance.sh capabilities
35
+ ```
36
+
37
+ Target an already running runtime instead of the local dummy-backed SUT:
38
+
39
+ ```bash
40
+ CONFORMANCE_SUT_URL=http://127.0.0.1:8000 \
41
+ A2A_AUTH_TYPE=bearer \
42
+ A2A_AUTH_TOKEN=dev-token \
43
+ bash ./scripts/conformance.sh mandatory
44
+ ```
45
+
46
+ ## Artifacts
47
+
48
+ Each run keeps the following artifacts in the selected output directory:
49
+
50
+ - `agent-card.json`: fetched public Agent Card
51
+ - `health.json`: fetched authenticated health payload when the local SUT is used
52
+ - `tck.log`: raw TCK console output
53
+ - `pytest-report.json`: pytest-json-report output emitted by the TCK runner
54
+ - `failed-tests.json`: compact list of failed/error node IDs for triage
55
+ - `metadata.json`: experiment metadata including local repo commit and cached TCK commit
56
+
57
+ ## Interpretation Guidance
58
+
59
+ When a TCK run fails, inspect the raw report before changing the runtime:
60
+
61
+ - Some failures may point to real runtime gaps.
62
+ - Some failures may come from TCK assumptions that do not match `a2a-sdk==0.3.25`.
63
+ - Some failures may come from A2A v0.3 versus v1.0 naming or schema drift.
64
+
65
+ The experiment is useful only if those categories stay separate during triage.
66
+
67
+ The current first-pass triage is recorded in [`./conformance-triage.md`](./conformance-triage.md).
@@ -37,14 +37,16 @@ URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extens
37
37
  - Authenticated extended card: full shared stream contract including detailed block payload mappings and extended usage metadata
38
38
  - Runtime fields: `metadata.shared.stream`, `metadata.shared.usage`, `metadata.shared.interrupt`, `metadata.shared.session`
39
39
 
40
- ## OpenCode Session Query v1
40
+ ## OpenCode Session Management v1
41
41
 
42
- URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-session-query-v1`
42
+ URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-session-management-v1`
43
43
 
44
- - Scope: provider-private OpenCode session lifecycle, history, and low-risk control methods
44
+ - Scope: provider-private OpenCode session read, mutation, and control methods
45
45
  - Public Agent Card: capability declaration only
46
- - Authenticated extended card: full method matrix, pagination rules, errors, and context semantics
46
+ - Authenticated extended card: full method matrix, read/mutation/control grouping, pagination rules, errors, context semantics, and existing `opencode.sessions.prompt_async` input-part contracts
47
47
  - Transport: A2A JSON-RPC extension methods
48
+ - `opencode.sessions.prompt_async` includes a provider-private `request.parts[]` compatibility surface for upstream OpenCode part types `text`, `file`, `agent`, and `subtask`
49
+ - `subtask` support is declared as passthrough-compatible only: subagent selection and task-tool execution remain upstream OpenCode runtime behavior, not a separate `opencode-a2a` orchestration API
48
50
 
49
51
  ## OpenCode Provider Discovery v1
50
52
 
@@ -70,16 +72,16 @@ URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extens
70
72
 
71
73
  - Scope: provider-private recovery methods for pending local interrupt bindings
72
74
  - Public Agent Card: capability declaration only
73
- - Authenticated extended card: full method contracts, error surface, and local-registry notes
75
+ - Authenticated extended card: full method contracts, error surface, local-registry notes, and identity-scope semantics
74
76
  - Transport: A2A JSON-RPC extension methods
75
77
 
76
78
  ## OpenCode Workspace Control v1
77
79
 
78
80
  URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#opencode-workspace-control-v1`
79
81
 
80
- - Scope: provider-private project, workspace, and worktree control-plane methods
82
+ - Scope: provider-private project discovery plus workspace/worktree surfaces over upstream experimental endpoints, with deployment-conditional operator mutation methods
81
83
  - Public Agent Card: capability declaration only
82
- - Authenticated extended card: full method contracts, error surface, and routing notes
84
+ - Authenticated extended card: full method contracts, error surface, routing notes, and upstream-stability hints
83
85
  - Transport: A2A JSON-RPC extension methods
84
86
 
85
87
  ## A2A Compatibility Profile v1
@@ -87,6 +89,7 @@ URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extens
87
89
  URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#a2a-compatibility-profile-v1`
88
90
 
89
91
  - Scope: compatibility profile describing core baselines, extension retention, and service behaviors
92
+ - Includes machine-readable protocol compatibility summary for the currently declared `0.3` / `1.0` support boundary
90
93
  - Public Agent Card: capability declaration only
91
94
  - Authenticated extended card: full compatibility profile payload
92
95
  - Transport: Agent Card extension params
@@ -96,6 +99,7 @@ URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extens
96
99
  URI: `https://github.com/Intelligent-Internet/opencode-a2a/blob/main/docs/extension-specifications.md#a2a-wire-contract-v1`
97
100
 
98
101
  - Scope: wire-level contract for supported methods, endpoints, and error semantics
102
+ - Includes the same machine-readable protocol compatibility summary published by the compatibility profile
99
103
  - Public Agent Card: capability declaration only
100
104
  - Authenticated extended card: full wire contract payload
101
105
  - Transport: Agent Card extension params