Skip to content

[0.7] A2A scope + resource attenuation per hop #137

Open
Open
[0.7] A2A scope + resource attenuation per hop#137
Labels
P1Urgent: - major component broken - High importance vulnerability - Same daytrack-authorityTrack label for Agentic Era
Milestone
Agentic Era
@Raulgooo

Description

@Raulgooo
Raulgooo
opened on May 7, 2026

Release

0.7 — A2A Auth Layer

Objective

A2A delegation narrows scopes and resources at each hop.

Problem

  • Delegation preserves full scopes
  • No attenuation

Fix

  1. Scope narrowing at each delegation
  2. Resource restriction
  3. Enforce in token issuance
  4. Validate in middleware

Files

  • internal/oauth/a2a_exchange.go
  • internal/api/a2a_handlers.go

Acceptance Criteria

  • Scopes narrowed per hop
  • Resource restriction enforced
  • Validation in middleware
  • SDK support

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Urgent: - major component broken - High importance vulnerability - Same daytrack-authorityTrack label for Agentic Era

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions