Skip to main content

Conformance linter for A2A agents — agent card validation, live message/send probes, CI-friendly exit codes.

Project description

a2a-lint

Lint your A2A agents — validate agent cards against the spec, run live conformance probes in CI, and earn a conformance badge. Playground UI included.

Built for the A2A (Agent2Agent) protocol: the open standard (Google → Linux Foundation) that lets AI agents discover and delegate work to each other. Your agent speaks A2A the moment its card and endpoints conform — a2a-lint makes sure they do, and keep doing so on every push.

Why a2a-lint

Inspecting an agent once is easy (the official a2a-inspector does it well). Staying conformant is the hard part: a renamed skill, a card whose advertised url only resolves inside your compose network, a message/send that stopped returning Tasks — all invisible until another agent fails against yours. a2a-lint is built around continuous conformance:

  • CLI with CI-friendly exit codes — wire it into any pipeline
  • GitHub Action — every push checks the card and does a live round trip
  • Live badge — your README shows your current conformance grade
  • Playground — when something fails, debug it interactively with full wire-level detail

Quick start

docker compose up --build -d      # playground on http://localhost:8090

Paste any agent's base URL: you get its Agent Card rendered and graded (field-by-field findings with fix hints), an interactive JSON-RPC message/send console, tasks/get inspection, an SSE message/stream viewer, and shareable permalinks of inspection snapshots.

Inspecting agents that run on your host from inside the container? Use http://host.docker.internal:<port> (mapped via extra_hosts).

CLI

pip install git+https://github.com/vivek24290/a2a-lint@develop   # PyPI release coming
a2a-lint https://my-agent.example.com --live
✔ Weather Agent — card at https://my-agent.example.com/.well-known/agent-card.json (12 ms)
✔ live message/send round trip in 48 ms
GRADE B — 0 error(s), 1 warning(s)
  WARN  url: Endpoint URL is plain http.
        ↳ Use https in production; A2A messages can carry sensitive content.
Flag Effect
--live also send a real message/send and verify the result is a Task/Message; if the card declares streaming: true, message/stream SSE conformance is checked too
--strict warnings fail the lint too
--json machine-readable output

Exit codes: 0 conformant · 1 findings · 2 unreachable/not A2A.

--live catches the classic deployment bug: a card that advertises a URL its consumers can't reach (e.g. a container-internal hostname on a public card).

GitHub Action

jobs:
  a2a-conformance:
    runs-on: ubuntu-latest
    steps:
      - uses: vivek24290/a2a-lint@v1
        with:
          url: https://my-agent.example.com
          live: "true"
          strict: "false"

Conformance badge

Live-graded SVG (5-minute cache) served by your playground instance:

![A2A conformance](https://<your-playground-host>/api/badge?url=https://my-agent.example.com)

What gets checked

Required card fields (name, description, url, version, capabilities, defaultInputModes/OutputModes, skills and per-skill fields), transport declarations, deprecated card paths, http-vs-https, missing tags/examples, undeclared auth — each finding carries a level (error/warn/info) and a concrete fix hint. Grades: A (clean) → F. See server/card_validator.py; the same core powers the CLI, the Action, the badge, and the playground.

a2a-watch monitor (MVP)

Open /status.html on your playground instance: register any agent and it gets probed on a schedule (card fetch + validation + live message/send — the same check the CLI runs). You get UP/DOWN state, 24h uptime, conformance grade, latency, and a webhook alert (JSON down/recovered events — point it at Slack/Discord/anything) the moment an agent breaks or recovers.

curl -X POST localhost:8090/api/monitor/agents -H 'Content-Type: application/json' \
  -d '{"url": "https://my-agent.example.com", "intervalSeconds": 300,
       "webhook": "https://hooks.slack.com/services/..."}'

History lives in data/monitor.db. If an agent's card advertises an unreachable url, the monitor falls back to the registered URL and reports the bad card instead of a false DOWN.

Architecture

a2a_lint/              the pip-installable package (shared core)
├── client.py          A2A client: card discovery, message/send, tasks/get, streaming
├── validator.py       spec checks -> structured findings
└── cli.py             the a2a-lint command (exit codes 0/1/2)
server/
├── main.py            FastAPI: playground API, SSE proxy, permalinks, badge, monitor API
├── monitor.py         a2a-watch core: scheduler, uptime history, webhook alerts
└── static/            playground UI (index.html) + monitor UI (status.html)
action.yml             GitHub Action wrapping the CLI

No LLM calls, no telemetry, no external services. Permalink snapshots and monitor history are SQLite files under ./data/.

Roadmap

  • pip install a2a-lint packaging (PyPI publish via .github/workflows/publish.yml)
  • message/stream conformance checks in the CLI
  • Security-scheme validation
  • a2a-watch monitor MVP: scheduled probes, uptime history, webhook alerts
  • Hosted a2a-watch: accounts, public status pages, e-mail alerts, paid tiers
  • Public playground instance (VPS + domain)

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

a2a_lint-0.1.0.tar.gz (23.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

a2a_lint-0.1.0-py3-none-any.whl (13.0 kB view details)

Uploaded Python 3

File details

Details for the file a2a_lint-0.1.0.tar.gz.

File metadata

  • Download URL: a2a_lint-0.1.0.tar.gz
  • Upload date:
  • Size: 23.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for a2a_lint-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7b5a2ad69d4789068cef2eb2e8ef58a568a161d8afa6e5e66854f886cfdfbb7e
MD5 4d9194f722a25964d64f8d24dc57571c
BLAKE2b-256 74cd6cd2cb8ab3c03b500440566ad20f5c2411491698602209e80eeafc137f66

See more details on using hashes here.

Provenance

The following attestation bundles were made for a2a_lint-0.1.0.tar.gz:

Publisher: publish.yml on vivek24290/a2a-lint

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file a2a_lint-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: a2a_lint-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 13.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for a2a_lint-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5b0d0071b87aebaa81ad5a796e7d5fce4d445dafbf9534a42d7aa0c55ddc06ef
MD5 04e4289fabe8d286b00338e9cb49beb6
BLAKE2b-256 60aca3b7d171faee13431c6f34c7f97b76891ee088dc0c5ff428904586f375ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for a2a_lint-0.1.0-py3-none-any.whl:

Publisher: publish.yml on vivek24290/a2a-lint

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page