turul-a2a 0.1.17

A2A Protocol v1.0 server framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465

//! Ergonomic builders for AgentCard and AgentSkill.
//!
//! Builds `turul_a2a_proto::AgentCard` directly โ€” no parallel wrapper type.
//! Validates REQUIRED fields per proto field_behavior at `build()` time.

use crate::error::A2aError;

/// Builder for `turul_a2a_proto::AgentSkill`.
pub struct AgentSkillBuilder {
    id: String,
    name: String,
    description: String,
    tags: Vec<String>,
    examples: Vec<String>,
    input_modes: Vec<String>,
    output_modes: Vec<String>,
    security_requirements: Vec<turul_a2a_proto::SecurityRequirement>,
}

impl AgentSkillBuilder {
    pub fn new(
        id: impl Into<String>,
        name: impl Into<String>,
        description: impl Into<String>,
    ) -> Self {
        Self {
            id: id.into(),
            name: name.into(),
            description: description.into(),
            tags: vec![],
            examples: vec![],
            input_modes: vec![],
            output_modes: vec![],
            security_requirements: vec![],
        }
    }

    pub fn tags(mut self, tags: Vec<impl Into<String>>) -> Self {
        self.tags = tags.into_iter().map(Into::into).collect();
        self
    }

    pub fn examples(mut self, examples: Vec<impl Into<String>>) -> Self {
        self.examples = examples.into_iter().map(Into::into).collect();
        self
    }

    pub fn input_modes(mut self, modes: Vec<impl Into<String>>) -> Self {
        self.input_modes = modes.into_iter().map(Into::into).collect();
        self
    }

    pub fn output_modes(mut self, modes: Vec<impl Into<String>>) -> Self {
        self.output_modes = modes.into_iter().map(Into::into).collect();
        self
    }

    /// Advertise skill-level security requirements on the built skill.
    ///
    /// turul-a2a does NOT enforce these at request time in 0.1.x โ€” they
    /// are published as-is for discovery and out-of-band tooling. Any
    /// runtime gatekeeping for a specific skill is the adopter's
    /// responsibility inside `AgentExecutor`. See ADR-015 for the
    /// rationale and the post-merge truthfulness invariant validated at
    /// server build.
    pub fn security_requirements(
        mut self,
        requirements: Vec<turul_a2a_proto::SecurityRequirement>,
    ) -> Self {
        self.security_requirements = requirements;
        self
    }

    pub fn build(self) -> turul_a2a_proto::AgentSkill {
        turul_a2a_proto::AgentSkill {
            id: self.id,
            name: self.name,
            description: self.description,
            tags: self.tags,
            examples: self.examples,
            input_modes: self.input_modes,
            output_modes: self.output_modes,
            security_requirements: self.security_requirements,
        }
    }
}

/// Builder for `turul_a2a_proto::AgentCard`.
///
/// Validates REQUIRED fields per proto field_behavior at `build()` time.
/// `skills` is allowed to be empty โ€” the builder does not invent a non-empty
/// invariant beyond what the proto requires.
pub struct AgentCardBuilder {
    name: String,
    description: Option<String>,
    version: String,
    interfaces: Vec<turul_a2a_proto::AgentInterface>,
    provider: Option<turul_a2a_proto::AgentProvider>,
    documentation_url: Option<String>,
    streaming: Option<bool>,
    push_notifications: Option<bool>,
    extended_agent_card: Option<bool>,
    default_input_modes: Vec<String>,
    default_output_modes: Vec<String>,
    skills: Vec<turul_a2a_proto::AgentSkill>,
    icon_url: Option<String>,
    security_schemes: std::collections::HashMap<String, turul_a2a_proto::SecurityScheme>,
    security_requirements: Vec<turul_a2a_proto::SecurityRequirement>,
}

impl AgentCardBuilder {
    pub fn new(name: impl Into<String>, version: impl Into<String>) -> Self {
        Self {
            name: name.into(),
            description: None,
            version: version.into(),
            interfaces: vec![],
            provider: None,
            documentation_url: None,
            streaming: None,
            push_notifications: None,
            extended_agent_card: None,
            default_input_modes: vec![],
            default_output_modes: vec![],
            skills: vec![],
            icon_url: None,
            security_schemes: std::collections::HashMap::new(),
            security_requirements: vec![],
        }
    }

    pub fn description(mut self, description: impl Into<String>) -> Self {
        self.description = Some(description.into());
        self
    }

    /// Add a supported interface (url, protocol_binding, protocol_version).
    pub fn url(
        mut self,
        url: impl Into<String>,
        protocol_binding: impl Into<String>,
        protocol_version: impl Into<String>,
    ) -> Self {
        self.interfaces.push(turul_a2a_proto::AgentInterface {
            url: url.into(),
            protocol_binding: protocol_binding.into(),
            tenant: String::new(),
            protocol_version: protocol_version.into(),
        });
        self
    }

    pub fn provider(mut self, organization: impl Into<String>, url: impl Into<String>) -> Self {
        self.provider = Some(turul_a2a_proto::AgentProvider {
            organization: organization.into(),
            url: url.into(),
        });
        self
    }

    pub fn documentation_url(mut self, url: impl Into<String>) -> Self {
        self.documentation_url = Some(url.into());
        self
    }

    pub fn streaming(mut self, enabled: bool) -> Self {
        self.streaming = Some(enabled);
        self
    }

    pub fn push_notifications(mut self, enabled: bool) -> Self {
        self.push_notifications = Some(enabled);
        self
    }

    pub fn extended_agent_card(mut self, enabled: bool) -> Self {
        self.extended_agent_card = Some(enabled);
        self
    }

    pub fn default_input_modes(mut self, modes: Vec<impl Into<String>>) -> Self {
        self.default_input_modes = modes.into_iter().map(Into::into).collect();
        self
    }

    pub fn default_output_modes(mut self, modes: Vec<impl Into<String>>) -> Self {
        self.default_output_modes = modes.into_iter().map(Into::into).collect();
        self
    }

    pub fn skill(mut self, skill: turul_a2a_proto::AgentSkill) -> Self {
        self.skills.push(skill);
        self
    }

    pub fn icon_url(mut self, url: impl Into<String>) -> Self {
        self.icon_url = Some(url.into());
        self
    }

    /// Declare a named security scheme on the agent card.
    ///
    /// Adopter-supplied schemes are merged with any schemes contributed
    /// by installed middleware at server build; collisions between an
    /// adopter scheme and a middleware scheme with the same name are
    /// rejected at build time. See ADR-015.
    pub fn security_scheme(
        mut self,
        name: impl Into<String>,
        scheme: turul_a2a_proto::SecurityScheme,
    ) -> Self {
        self.security_schemes.insert(name.into(), scheme);
        self
    }

    /// Advertise an agent-level security requirement not derived from
    /// middleware (e.g., mTLS enforced at a reverse proxy).
    ///
    /// turul-a2a does not install a runtime gatekeeper for
    /// adopter-supplied agent-level requirements; they are declarative
    /// only. Authorization at the framework layer is governed solely by
    /// installed middleware. See ADR-015.
    pub fn security_requirement(
        mut self,
        requirement: turul_a2a_proto::SecurityRequirement,
    ) -> Self {
        self.security_requirements.push(requirement);
        self
    }

    /// Build and validate the AgentCard.
    ///
    /// Validates REQUIRED fields per proto field_behavior:
    /// name, description, version, supported_interfaces, capabilities,
    /// default_input_modes, default_output_modes.
    ///
    /// `skills` may be empty โ€” no non-empty invariant is imposed.
    pub fn build(self) -> Result<turul_a2a_proto::AgentCard, A2aError> {
        let description = self.description.ok_or(A2aError::InvalidRequest {
            message: "AgentCard requires description".into(),
        })?;

        if self.interfaces.is_empty() {
            return Err(A2aError::InvalidRequest {
                message: "AgentCard requires at least one supported_interface".into(),
            });
        }

        if self.default_input_modes.is_empty() {
            return Err(A2aError::InvalidRequest {
                message: "AgentCard requires default_input_modes".into(),
            });
        }

        if self.default_output_modes.is_empty() {
            return Err(A2aError::InvalidRequest {
                message: "AgentCard requires default_output_modes".into(),
            });
        }

        Ok(turul_a2a_proto::AgentCard {
            name: self.name,
            description,
            supported_interfaces: self.interfaces,
            provider: self.provider,
            version: self.version,
            documentation_url: self.documentation_url,
            capabilities: Some(turul_a2a_proto::AgentCapabilities {
                streaming: self.streaming,
                push_notifications: self.push_notifications,
                extensions: vec![],
                extended_agent_card: self.extended_agent_card,
            }),
            security_schemes: self.security_schemes,
            security_requirements: self.security_requirements,
            default_input_modes: self.default_input_modes,
            default_output_modes: self.default_output_modes,
            skills: self.skills,
            signatures: vec![],
            icon_url: self.icon_url,
        })
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn minimal_valid_card() {
        let card = AgentCardBuilder::new("test", "1.0.0")
            .description("A test agent")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .build()
            .unwrap();

        assert_eq!(card.name, "test");
        assert_eq!(card.description, "A test agent");
        assert_eq!(card.version, "1.0.0");
        assert_eq!(card.supported_interfaces.len(), 1);
        assert!(card.skills.is_empty(), "Empty skills should be allowed");
    }

    #[test]
    fn missing_description_fails() {
        let result = AgentCardBuilder::new("test", "1.0.0")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .build();
        assert!(result.is_err());
    }

    #[test]
    fn missing_interfaces_fails() {
        let result = AgentCardBuilder::new("test", "1.0.0")
            .description("test")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .build();
        assert!(result.is_err());
    }

    #[test]
    fn missing_input_modes_fails() {
        let result = AgentCardBuilder::new("test", "1.0.0")
            .description("test")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_output_modes(vec!["text/plain"])
            .build();
        assert!(result.is_err());
    }

    #[test]
    fn missing_output_modes_fails() {
        let result = AgentCardBuilder::new("test", "1.0.0")
            .description("test")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .build();
        assert!(result.is_err());
    }

    #[test]
    fn empty_skills_allowed() {
        let card = AgentCardBuilder::new("test", "1.0.0")
            .description("test")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .build()
            .unwrap();
        assert!(card.skills.is_empty());
    }

    #[test]
    fn with_skills() {
        let skill = AgentSkillBuilder::new("echo", "Echo", "Echoes input")
            .tags(vec!["echo", "test"])
            .examples(vec!["Say hello"])
            .build();

        let card = AgentCardBuilder::new("test", "1.0.0")
            .description("test")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .skill(skill)
            .build()
            .unwrap();

        assert_eq!(card.skills.len(), 1);
        assert_eq!(card.skills[0].id, "echo");
        assert_eq!(card.skills[0].tags, vec!["echo", "test"]);
    }

    #[test]
    fn full_card_with_all_options() {
        let card = AgentCardBuilder::new("full-agent", "2.0.0")
            .description("A fully configured agent")
            .url("https://agent.example.com", "JSONRPC", "1.0")
            .url("https://agent.example.com/grpc", "GRPC", "1.0")
            .provider("Example Org", "https://example.com")
            .documentation_url("https://docs.example.com")
            .streaming(true)
            .push_notifications(false)
            .extended_agent_card(true)
            .default_input_modes(vec!["text/plain", "application/json"])
            .default_output_modes(vec!["text/plain"])
            .icon_url("https://example.com/icon.png")
            .skill(
                AgentSkillBuilder::new("search", "Search", "Searches things")
                    .tags(vec!["search"])
                    .input_modes(vec!["text/plain"])
                    .build(),
            )
            .build()
            .unwrap();

        assert_eq!(card.supported_interfaces.len(), 2);
        assert!(card.provider.is_some());
        assert_eq!(card.capabilities.as_ref().unwrap().streaming, Some(true));
        assert_eq!(
            card.icon_url.as_deref(),
            Some("https://example.com/icon.png")
        );
    }

    #[test]
    fn card_serializes_correctly() {
        let card = AgentCardBuilder::new("json-test", "1.0.0")
            .description("test")
            .url("http://localhost", "JSONRPC", "1.0")
            .default_input_modes(vec!["text/plain"])
            .default_output_modes(vec!["text/plain"])
            .build()
            .unwrap();

        let json = serde_json::to_value(&card).unwrap();
        assert_eq!(json["name"], "json-test");
        assert!(json.get("defaultInputModes").is_some());
        assert!(json.get("defaultOutputModes").is_some());
    }

    // builder does NOT reject a skill-level
    // `SecurityRequirement` whose scheme name is absent from the
    // adopter-supplied `security_schemes` map on the agent card.
    //
    // Rationale: the missing scheme may be contributed by installed
    // middleware at server-build time, so validating at builder time
    // would false-reject legitimate configurations. Cross-field
    // consistency is enforced post-merge in `A2aServerBuilder::build()`
    //, not here.
    #[test]
    fn builder_permits_requirement_with_scheme_to_be_merged_later() {
        let mut bearer_ref = std::collections::HashMap::new();
        bearer_ref.insert(
            "bearer".to_string(),
            turul_a2a_proto::StringList { list: vec![] },
        );
        let req = turul_a2a_proto::SecurityRequirement {
            schemes: bearer_ref,
        };

        // AgentSkillBuilder::security_requirements does not exist on
        // current main โ€” this call is the load-bearing red-phase
        // compile-error assertion for ADR-015. After the ADR ยง5.5
        // implementation lands, the builder exposes this setter and
        // the body below becomes the regression assertion that the
        // requirement survives `build()` without a cross-field check.
        let skill = AgentSkillBuilder::new("echo", "Echo", "Echoes input")
            .tags(vec!["echo"])
            .security_requirements(vec![req])
            .build();

        assert_eq!(skill.security_requirements.len(), 1);
        let only = &skill.security_requirements[0];
        assert!(
            only.schemes.contains_key("bearer"),
            "requirement must preserve the scheme name the adopter set"
        );
    }
}