Skip to content

[0.7] A2A delegation token with provenance chain #135

Open
Open
[0.7] A2A delegation token with provenance chain#135
Labels
P1Urgent: - major component broken - High importance vulnerability - Same daytrack-authorityTrack label for Agentic Era
Milestone
Agentic Era
@Raulgooo

Description

@Raulgooo
Raulgooo
opened on May 7, 2026

Release

0.7 — A2A Auth Layer

Objective

Short-lived delegation tokens for A2A calls.

Problem

  • No standard A2A delegation token
  • Long-lived tokens used for A2A

Fix

  1. A2A delegation token with act claim
  2. Short TTL (5 min default)
  3. Provenance chain
  4. Single-use option

Files

  • internal/oauth/a2a_exchange.go (new)
  • internal/api/a2a_handlers.go

Acceptance Criteria

  • A2A delegation token issuance
  • Short TTL
  • act claim with provenance
  • Single-use enforcement
  • SDK: agent.delegateForA2A()

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Urgent: - major component broken - High importance vulnerability - Same daytrack-authorityTrack label for Agentic Era

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions