Crate turul_a2a_aws_lambda

Expand description

AWS Lambda adapter for turul-a2a.

Thin wrapper: converts Lambda events to axum requests, delegates to the same Router, converts responses back. Per ADR-008/ADR-009:

Authorizer context mapped via synthetic headers with anti-spoofing
Streaming supported via durable event store (D3)
SSE responses are buffered: task executes, events are collected, returned as one response
POST /message:stream executes the task within the Lambda invocation and returns all events
GET /tasks/{id}:subscribe is for tasks that are not in a terminal state. Within one invocation it emits the initial Task snapshot, replays stored events via Last-Event-ID, and closes when the task reaches a terminal state. Subscribing to an already-terminal task returns UnsupportedOperationError per A2A v1.0 §3.1.6 / ADR-010 §4.3. For retrieving a terminal task’s final state use GetTask.

§Push-notification delivery — external triggers are mandatory

Push delivery on Lambda (ADR-013) is architecturally different from the binary server. The request Lambda installed via LambdaA2aServerBuilder still constructs a PushDispatcher when push_delivery_store is wired, but any tokio::spawn continuation it emits post-return is opportunistic only — the Lambda execution environment may be frozen indefinitely between invocations, so nothing can depend on that continuation completing (ADR-013 §4.4).

Correctness for push delivery on Lambda is carried by:

The atomic pending-dispatch marker written inside the request Lambda’s commit transaction (ADR-013 §4.3 — opt in via StorageImpl::with_push_dispatch_enabled(true)).
LambdaStreamRecoveryHandler — DynamoDB Streams trigger on a2a_push_pending_dispatches. DynamoDB backends only.
LambdaScheduledRecoveryHandler — EventBridge Scheduler backstop. Required for all backends; it is the sole recovery path for SQLite / PostgreSQL / in-memory deployments.

Without at least the scheduled worker, push delivery on Lambda is not durable — a marker written on a cold invocation may never be consumed. The example wiring lives in examples/lambda-stream-worker and examples/lambda-scheduled-worker.

Lambda streaming is request-scoped (not persistent SSE connections). The durable event store ensures events survive across invocations. Clients reconnect with Last-Event-ID for continuation.

§Cross-instance cancellation

Lambda invocations are stateless and short-lived, so the Lambda adapter does not run the persistent cross-instance cancel poller that A2aServer::run() spawns. Cancellation behaviour on the Lambda adapter:

Marker writes — CancelTask on a Lambda invocation writes the cancel marker to the shared backend (DynamoDB / PostgreSQL). This works.
Propagation to a live executor on the SAME Lambda invocation — works via the same-instance token-trip path in core_cancel_task.
Propagation to a live executor on a DIFFERENT Lambda invocation (warm container) — not currently supported. There is no persistent poller to observe markers written by other invocations. A subsequent invocation whose handler reads the marker directly may act on it, but that is not a substitute for the server runtime’s live propagation.

The builder still requires an A2aCancellationSupervisor implementation on the same backend so that marker writes reach the correct backend and a future polling-adapter variant can consume them. If a deployment passes a non-matching supervisor, build() rejects the configuration.

Structs§

AuthorizerMapping: Mapping configuration for Lambda authorizer context.
LambdaA2aHandler: Lambda handler wrapping the axum Router.
LambdaA2aServerBuilder: Builder for Lambda A2A handler.
LambdaAuthorizerMiddleware: Middleware that reads trusted authorizer context from x-authorizer-* headers.
LambdaScheduledRecoveryConfig: Configuration for a scheduled-recovery sweep.
LambdaScheduledRecoveryHandler: Handler for scheduled push-recovery ticks.
LambdaScheduledRecoveryResponse: Summary returned from a single scheduled-recovery tick.
LambdaStreamRecoveryHandler: Handler for DynamoDB Stream events on a2a_push_pending_dispatches.
NoStreamingLayer: Tower Layer that rejects streaming paths on Lambda.

Functions§

axum_to_lambda_response: Convert an axum response to a Lambda HTTP response.
lambda_to_axum_request: Convert a Lambda HTTP request to an axum request.