PyPI - solace-agent-mesh - Versions diffs - 1.6.0__py3-none-any.whl → 1.6.1__py3-none-any.whl - Mend

solace-agent-mesh 1.6.0py3-none-any.whl → 1.6.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solace-agent-mesh might be problematic. Click here for more details.

Files changed (79) hide show

solace_agent_mesh/agent/protocol/event_handlers.py CHANGED Viewed

@@ -49,6 +49,7 @@ from google.adk.agents.run_config import StreamingMode
 log = logging.getLogger(__name__)
 def _register_peer_artifacts_in_parent_context(
     parent_task_context: "TaskExecutionContext",
     peer_task_object: Task,
@@ -123,6 +124,30 @@ async def process_event(component, event: Event):
                 agent_status_sub_prefix
             ):
                 await handle_a2a_response(component, message)
+            elif hasattr(component, "trust_manager") and component.trust_manager:
+                # Check if this is a trust card message (enterprise feature)
+                try:
+                    if component.trust_manager.is_trust_card_topic(topic):
+                        await component.trust_manager.handle_trust_card_message(
+                            message, topic
+                        )
+                        message.call_acknowledgements()
+                        return
+                except Exception as e:
+                    log.error(
+                        "%s Error handling trust card message: %s",
+                        component.log_identifier,
+                        e,
+                    )
+                    message.call_acknowledgements()
+                    return
+                log.warning(
+                    "%s Received message on unhandled topic: %s",
+                    component.log_identifier,
+                    topic,
+                )
+                message.call_acknowledgements()
             else:
                 log.warning(
                     "%s Received message on unhandled topic: %s",
@@ -229,12 +254,11 @@ async def handle_a2a_request(component, message: SolaceMessage):
         payload_dict = message.get_payload()
         if not isinstance(payload_dict, dict):
             raise ValueError("Payload is not a dictionary.")
         a2a_request: A2ARequest = A2ARequest.model_validate(payload_dict)
         jsonrpc_request_id = a2a.get_request_id(a2a_request)
-        # Extract properties from message user properties
+        # Extract properties from message user properties
         client_id = message.get_user_properties().get("clientId", "default_client")
         status_topic_from_peer = message.get_user_properties().get("a2aStatusTopic")
         reply_topic_from_peer = message.get_user_properties().get("replyTo")
@@ -248,6 +272,90 @@ async def handle_a2a_request(component, message: SolaceMessage):
         # For Send, we will generate it.
         logical_task_id = None
         method = a2a.get_request_method(a2a_request)
+        # Enterprise feature: Verify user authentication if trust manager enabled
+        verified_user_identity = None
+        if hasattr(component, "trust_manager") and component.trust_manager:
+            # Determine task_id for verification
+            if method == "tasks/cancel":
+                verification_task_id = a2a.get_task_id_from_cancel_request(a2a_request)
+            elif method in ["message/send", "message/stream"]:
+                verification_task_id = str(a2a.get_request_id(a2a_request))
+            else:
+                verification_task_id = None
+            if verification_task_id:
+                try:
+                    # Enterprise handles all verification logic
+                    verified_user_identity = (
+                        component.trust_manager.verify_request_authentication(
+                            message=message,
+                            task_id=verification_task_id,
+                            namespace=namespace,
+                            jsonrpc_request_id=jsonrpc_request_id,
+                        )
+                    )
+                    if verified_user_identity:
+                        log.info(
+                            "%s Successfully authenticated user '%s' for task %s",
+                            component.log_identifier,
+                            verified_user_identity.get("user_id"),
+                            verification_task_id,
+                        )
+                except Exception as e:
+                    # Authentication failed - enterprise provides error details
+                    log.error(
+                        "%s Authentication failed for task %s: %s",
+                        component.log_identifier,
+                        verification_task_id,
+                        e,
+                    )
+                    # Build error response using enterprise exception data if available
+                    error_data = {
+                        "reason": "authentication_failed",
+                        "task_id": verification_task_id,
+                    }
+                    if hasattr(e, "create_error_response_data"):
+                        error_data = e.create_error_response_data()
+                    error_response = a2a.create_invalid_request_error_response(
+                        message="Authentication failed",
+                        request_id=jsonrpc_request_id,
+                        data=error_data,
+                    )
+                    # Determine reply topic
+                    reply_topic = message.get_user_properties().get("replyTo")
+                    if not reply_topic:
+                        client_id = message.get_user_properties().get(
+                            "clientId", "default_client"
+                        )
+                        reply_topic = a2a.get_client_response_topic(
+                            namespace, client_id
+                        )
+                    component.publish_a2a_message(
+                        payload=error_response.model_dump(exclude_none=True),
+                        topic=reply_topic,
+                    )
+                    try:
+                        message.call_acknowledgements()
+                        log.debug(
+                            "%s ACKed message with failed authentication",
+                            component.log_identifier,
+                        )
+                    except Exception as ack_e:
+                        log.error(
+                            "%s Failed to ACK message after authentication failure: %s",
+                            component.log_identifier,
+                            ack_e,
+                        )
+                    return None
         if method == "tasks/cancel":
             logical_task_id = a2a.get_task_id_from_cancel_request(a2a_request)
             log.info(
@@ -537,6 +645,15 @@ async def handle_a2a_request(component, message: SolaceMessage):
                 "response_format": response_format,
                 "host_agent_name": agent_name,
             }
+            # Store verified user identity claims in a2a_context (not the raw token)
+            if verified_user_identity:
+                a2a_context["verified_user_identity"] = verified_user_identity
+                log.debug(
+                    "%s Stored verified user identity in a2a_context for task %s",
+                    component.log_identifier,
+                    logical_task_id,
+                )
             log.debug(
                 "%s A2A Context (shared service model): %s",
                 component.log_identifier,
@@ -547,6 +664,18 @@ async def handle_a2a_request(component, message: SolaceMessage):
             task_context = TaskExecutionContext(
                 task_id=logical_task_id, a2a_context=a2a_context
             )
+            # Store auth token for peer delegation using generic security storage
+            if hasattr(component, "trust_manager") and component.trust_manager:
+                auth_token = message.get_user_properties().get("authToken")
+                if auth_token:
+                    task_context.set_security_data("auth_token", auth_token)
+                    log.debug(
+                        "%s Stored authentication token in TaskExecutionContext security storage for task %s",
+                        component.log_identifier,
+                        logical_task_id,
+                    )
             with component.active_tasks_lock:
                 component.active_tasks[logical_task_id] = task_context
             log.info(
@@ -1581,81 +1710,95 @@ def handle_sam_event(component, message, topic):
     """Handle incoming SAM system events."""
     try:
         payload = message.get_payload()
         if not isinstance(payload, dict):
             log.warning("Invalid SAM event payload - not a dict")
             message.call_acknowledgements()
             return
         event_type = payload.get("event_type")
         if not event_type:
             log.warning("SAM event missing event_type field")
             message.call_acknowledgements()
             return
         log.info("%s Received SAM event: %s", component.log_identifier, event_type)
         if event_type == "session.deleted":
             data = payload.get("data", {})
             session_id = data.get("session_id")
             user_id = data.get("user_id")
             agent_id = data.get("agent_id")
             if not all([session_id, user_id, agent_id]):
                 log.warning("Missing required fields in session.deleted event")
                 message.call_acknowledgements()
                 return
             current_agent = component.get_config("agent_name")
             if agent_id == current_agent:
-                log.info("%s Processing session.deleted event for session %s",
-                        component.log_identifier, session_id)
-                asyncio.create_task(cleanup_agent_session(component, session_id, user_id))
+                log.info(
+                    "%s Processing session.deleted event for session %s",
+                    component.log_identifier,
+                    session_id,
+                )
+                asyncio.create_task(
+                    cleanup_agent_session(component, session_id, user_id)
+                )
             else:
-                log.debug("Session deletion event for different agent: %s != %s", agent_id, current_agent)
+                log.debug(
+                    "Session deletion event for different agent: %s != %s",
+                    agent_id,
+                    current_agent,
+                )
         else:
             log.debug("Unhandled SAM event type: %s", event_type)
         message.call_acknowledgements()
     except Exception as e:
         log.error("Error handling SAM event %s: %s", topic, e)
         message.call_acknowledgements()
 async def cleanup_agent_session(component, session_id: str, user_id: str):
     """Clean up agent-side session data."""
     try:
         log.info("Starting cleanup for session %s, user %s", session_id, user_id)
-        if hasattr(component, 'session_service') and component.session_service:
+        if hasattr(component, "session_service") and component.session_service:
             agent_name = component.get_config("agent_name")
-            log.info("Deleting session %s from agent %s session service", session_id, agent_name)
+            log.info(
+                "Deleting session %s from agent %s session service",
+                session_id,
+                agent_name,
+            )
             await component.session_service.delete_session(
-                app_name=agent_name,
-                user_id=user_id,
-                session_id=session_id
+                app_name=agent_name, user_id=user_id, session_id=session_id
             )
             log.info("Successfully deleted session %s from session service", session_id)
         else:
             log.info("No session service available for cleanup")
         with component.active_tasks_lock:
             tasks_to_cancel = []
             for task_id, context in component.active_tasks.items():
-                if (hasattr(context, 'a2a_context') and
-                    context.a2a_context.get('session_id') == session_id):
+                if (
+                    hasattr(context, "a2a_context")
+                    and context.a2a_context.get("session_id") == session_id
+                ):
                     tasks_to_cancel.append(task_id)
             for task_id in tasks_to_cancel:
                 context = component.active_tasks.get(task_id)
                 if context:
                     context.cancel()
-                    log.info("Cancelled task %s for deleted session %s", task_id, session_id)
+                    log.info(
+                        "Cancelled task %s for deleted session %s", task_id, session_id
+                    )
         log.info("Session cleanup completed for session %s", session_id)
     except Exception as e:
         log.error("Error cleaning up session %s: %s", session_id, e)

solace_agent_mesh/agent/proxies/base/component.py CHANGED Viewed

@@ -140,12 +140,23 @@ class BaseProxyComponent(ComponentBase, ABC):
         future = asyncio.run_coroutine_threadsafe(
             self._process_event_async(event), self._async_loop
         )
-        future.add_done_callback(self._handle_scheduled_task_completion)
+        # Pass the event to the completion handler so it can NACK on failure
+        future.add_done_callback(
+            lambda f: self._handle_scheduled_task_completion(f, event)
+        )
     async def _process_event_async(self, event: Event):
         """Asynchronous event processing logic."""
         if event.event_type == EventType.MESSAGE:
-            await self._handle_a2a_request(event.data)
+            message_handled = False
+            try:
+                await self._handle_a2a_request(event.data)
+                message_handled = True
+            finally:
+                # Mark that we attempted to handle the message
+                # (success/failure ack/nack is done inside _handle_a2a_request)
+                if not hasattr(event, "_proxy_message_handled"):
+                    event._proxy_message_handled = message_handled
         elif event.event_type == EventType.TIMER:
             if event.data.get("timer_id") == self._discovery_timer_id:
                 await self._discover_and_publish_agents()
@@ -510,8 +521,10 @@ class BaseProxyComponent(ComponentBase, ABC):
                     self._async_init_future.set_exception, e
                 )
-    def _handle_scheduled_task_completion(self, future: concurrent.futures.Future):
-        """Callback to log exceptions from tasks scheduled on the async loop."""
+    def _handle_scheduled_task_completion(
+        self, future: concurrent.futures.Future, event: Event
+    ):
+        """Callback to log exceptions from tasks scheduled on the async loop and NACK messages on failure."""
         if future.done() and future.exception():
             log.error(
                 "%s Coroutine scheduled on async loop failed: %s",
@@ -519,6 +532,24 @@ class BaseProxyComponent(ComponentBase, ABC):
                 future.exception(),
                 exc_info=future.exception(),
             )
+            # NACK the message if this was a MESSAGE event that failed before being handled
+            # The _proxy_message_handled flag is set in _process_event_async to track
+            # whether _handle_a2a_request was entered (where ack/nack is normally done)
+            if event.event_type == EventType.MESSAGE:
+                message_handled = getattr(event, "_proxy_message_handled", False)
+                if not message_handled:
+                    try:
+                        event.data.call_negative_acknowledgements()
+                        log.warning(
+                            "%s NACKed message due to async processing failure before entering request handler.",
+                            self.log_identifier,
+                        )
+                    except Exception as nack_e:
+                        log.error(
+                            "%s Failed to NACK message after async processing failure: %s",
+                            self.log_identifier,
+                            nack_e,
+                        )
     def _publish_discovered_cards(self):
         """Publishes all agent cards currently in the registry."""

solace_agent_mesh/agent/sac/app.py CHANGED Viewed

@@ -23,7 +23,13 @@ from ...common.a2a import (
     get_agent_status_subscription_topic,
     get_sam_events_subscription_topic,
 )
-from ...common.constants import DEFAULT_COMMUNICATION_TIMEOUT, TEXT_ARTIFACT_CONTEXT_MAX_LENGTH_CAPACITY, TEXT_ARTIFACT_CONTEXT_DEFAULT_LENGTH, HEALTH_CHECK_TTL_SECONDS, HEALTH_CHECK_INTERVAL_SECONDS
+from ...common.constants import (
+    DEFAULT_COMMUNICATION_TIMEOUT,
+    TEXT_ARTIFACT_CONTEXT_MAX_LENGTH_CAPACITY,
+    TEXT_ARTIFACT_CONTEXT_DEFAULT_LENGTH,
+    HEALTH_CHECK_TTL_SECONDS,
+    HEALTH_CHECK_INTERVAL_SECONDS,
+)
 from ...agent.sac.component import SamAgentComponent
 from ...agent.utils.artifact_helpers import DEFAULT_SCHEMA_MAX_KEYS
 from ...common.utils.pydantic_utils import SamConfigBase
@@ -31,6 +37,14 @@ from ..tools.tool_config_types import AnyToolConfig
 log = logging.getLogger(__name__)
+# Try to import TrustManagerConfig from enterprise repo
+try:
+    from solace_agent_mesh_enterprise.common.trust.config import TrustManagerConfig
+except ImportError:
+    # Enterprise features not available - create a placeholder type
+    TrustManagerConfig = Dict[str, Any]  # type: ignore
 info = {
     "class_name": "SamAgentApp",
     "description": "Custom App class for SAM Agent Host with namespace prefixing and automatic subscription generation.",
@@ -80,10 +94,12 @@ class AgentDiscoveryConfig(SamConfigBase):
         default=True, description="Enable discovery and instruction injection."
     )
     health_check_ttl_seconds: int = Field(
-        default=HEALTH_CHECK_TTL_SECONDS, description="Time-to-live in seconds after which an unresponsive agent is de-registered."
+        default=HEALTH_CHECK_TTL_SECONDS,
+        description="Time-to-live in seconds after which an unresponsive agent is de-registered.",
     )
     health_check_interval_seconds: int = Field(
-        default=HEALTH_CHECK_INTERVAL_SECONDS, description="Interval in seconds between health checks."
+        default=HEALTH_CHECK_INTERVAL_SECONDS,
+        description="Interval in seconds between health checks.",
     )
@@ -218,7 +234,9 @@ class ArtifactServiceConfig(SamConfigBase):
 class SessionServiceConfig(SamConfigBase):
     """Configuration for the ADK Session Service."""
-    type: str = Field(..., description="Service type (e.g., 'memory', 'sql', 'vertex_rag').")
+    type: str = Field(
+        ..., description="Service type (e.g., 'memory', 'sql', 'vertex_rag')."
+    )
     default_behavior: Literal["PERSISTENT", "RUN_BASED"] = Field(
         default="PERSISTENT", description="Default behavior for session service."
     )
@@ -235,10 +253,21 @@ class SamAgentAppConfig(SamConfigBase):
         description="Absolute topic prefix for A2A communication (e.g., 'myorg/dev').",
     )
     agent_name: str = Field(..., description="Unique name for this ADK agent instance.")
-    display_name: str = Field(default=None, description="Human-friendly display name for this ADK agent instance.")
+    display_name: str = Field(
+        default=None,
+        description="Human-friendly display name for this ADK agent instance.",
+    )
+    deployment: Optional[Dict[str, Any]] = Field(
+        default=None,
+        description="Deployment tracking information for rolling updates and version control.",
+    )
     model: Union[str, Dict[str, Any]] = Field(
         ..., description="ADK model name (string) or BaseLlm config dict."
     )
+    trust_manager: Optional[Union[TrustManagerConfig, Dict[str, Any]]] = Field(
+        default=None,
+        description="Configuration for the Trust Manager (enterprise feature)",
+    )
     instruction: Any = Field(
         default="",
         description="User-provided instructions for the ADK agent (string or invoke block).",
@@ -429,6 +458,20 @@ class SamAgentApp(App):
             get_agent_status_subscription_topic(namespace, agent_name),
             get_sam_events_subscription_topic(namespace, "session"),
         ]
+        # Add trust card subscription if trust manager is enabled
+        trust_config = app_config.get("trust_manager")
+        if trust_config and trust_config.get("enabled", False):
+            from ...common.a2a.protocol import get_trust_card_subscription_topic
+            trust_card_topic = get_trust_card_subscription_topic(namespace)
+            required_topics.append(trust_card_topic)
+            log.info(
+                "Trust Manager enabled for agent '%s', added trust card subscription: %s",
+                agent_name,
+                trust_card_topic,
+            )
         generated_subs = [{"topic": topic} for topic in required_topics]
         log.info(
             "Automatically generated subscriptions for Agent '%s': %s",
@@ -458,8 +501,12 @@ class SamAgentApp(App):
         broker_config["queue_name"] = generated_queue_name
         log.debug("Injected generated broker.queue_name: %s", generated_queue_name)
-        broker_config["temporary_queue"] = app_info.get("broker", {}).get("temporary_queue", True)
-        log.debug("Set broker_config.temporary_queue = %s", broker_config["temporary_queue"])
+        broker_config["temporary_queue"] = app_info.get("broker", {}).get(
+            "temporary_queue", True
+        )
+        log.debug(
+            "Set broker_config.temporary_queue = %s", broker_config["temporary_queue"]
+        )
         super().__init__(app_info, **kwargs)
         log.debug("%s Agent initialization complete.", agent_name)

solace-agent-mesh 1.6.0__py3-none-any.whl → 1.6.1__py3-none-any.whl

Potentially problematic release.

solace-agent-mesh 1.6.0py3-none-any.whl → 1.6.1py3-none-any.whl