Docs: spec + new A2A AgentCards guide for v0.3.0 surface#7
Merged
Conversation
Spec changes (AGENTPIN_TECHNICAL_SPECIFICATION.md): - Header bumped from 0.2.0 → 0.3.0. Adds a top-of-document summary of the v0.3 additions. The wire protocol version (agentpin_version field on documents) stays at "0.1" — all v0.3 additions are additive and v0.2 callers ignore them. - §4.2 / §4.3 / Appendix A: a2a_endpoint field on DiscoveryDocument. - §4.8.3 DNS TXT: rewritten from "Reserved for future specification" stub to the full normative wire format (v=agentpin1; kid=...; fp=sha256:<hex>), multi-key match rules, fail-closed semantics, parsing tolerance, MUST/SHOULD conformance language. - §4.8.4 LocalAgentCardStore: new entry in the Alternative Discovery Mechanisms section. - §4.8.5 A2aAgentCardResolver: new entry, including the agentpin_endpoint host cross-check that closes the cross-domain-card attack. - §4.8.7 Resolver Chain: renumbered from §4.8.5; chain order recommendation extended to include the two new resolvers. - §4.9 Cross-Protocol Endpoint Fields: documents both schemapin_endpoint and a2a_endpoint as advisory cross-protocol pointers; specifies host/entity cross-check for a2a_endpoint. - §4.10 A2A AgentCard Extension: new section covering the minimal A2A AgentCard subset (Card / Capabilities / Skill / Extension payload), the canonical signing input (sorted-key JSON with the extension cleared, compact separators, null-fields dropped, UTF-8 emission), the verification chain (extension-signature check + key-thumbprint match against the discovery document), capability→skill mapping, and a worked example. - §4.11 AllowedDomains Typed Wrapper: new section formalising the empty-list-equals-unrestricted convention, the six required operations, the SchemaPin v1.4 A2aVerificationContext composition pattern, and the documented "intersection of two non-empty disjoint allow-lists is treated as unrestricted" edge case. - §17 Conformance: adds MAY clauses for DNS TXT cross-verification and AgentCard acceptance; adds SHOULDs for the a2a_endpoint / entity host cross-check and for using the AllowedDomains intersection helper at cross-protocol boundaries. - §18 Future Work: removed item 9 (DNS TXT — now shipped); renumbered Internal CA and Symbiont-native-identity items; added item 11 (mutual-auth as A2A handshake) as a v0.4 target. New docs page (docs/a2a-agentcards.md): - 208-line user-facing guide. Walks readers through when to use A2A AgentCards, what the signed extension looks like, BuildAndSign + verifyAgentpinExtension snippets in all four SDKs, the LocalAgentCardStore vs A2aAgentCardResolver decision tree, recommended ChainResolver ordering, capability→skill mapping, the allowed_domains cross-protocol scoping story, and the byte-identical cross-language interop guarantee. This is a docs-only update — no code paths change, no SDK version bumps. v0.3.0 packages on crates.io / npm / PyPI are unaffected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documentation catch-up for the v0.3.0 release — the protocol spec and the published docs were still describing only the v0.2.0 surface. This PR brings both in line with what's actually shipping on crates.io / npm / PyPI / Go.
No code paths change. No SDK version bumps. v0.3.0 packages on the registries are unaffected.
Spec changes (AGENTPIN_TECHNICAL_SPECIFICATION.md)
agentpin_versionfield on documents stays at"0.1"— all v0.3 additions are additive and v0.2 callers ignore them.v=agentpin1; kid=...; fp=sha256:<hex>, multi-key match rules, fail-closed semantics, parsing tolerance, MUST/SHOULD conformance language).agentpin_endpointhost / fetched-domain cross-check.schemapin_endpoint+ the newa2a_endpointfield; specifies the host/entity cross-check fora2a_endpoint.A2aVerificationContextcomposition pattern, and the documented intersection-becomes-empty edge case.a2a_endpointhost cross-check and for using theAllowedDomainsintersection helper at cross-protocol boundaries.a2a_endpointfield added to the Discovery Document JSON Schema.New docs page
docs/a2a-agentcards.md(208 lines): user-facing guide. When to use AgentCards, what the signed extension looks like,BuildAndSign+verifyAgentpinExtensionsnippets in all four SDKs (Rust / JS / Python / Go), theLocalAgentCardStorevsA2aAgentCardResolverdecision tree, recommendedChainResolverordering, capability→skill mapping, theallowed_domainscross-protocol scoping story, and the byte-identical cross-language interop guarantee.Test plan
This is a docs-only PR; no test execution required. The pre-PR sanity check was:
§4.8.Xcross-references in the new text point at the correct (post-renumber) sections