Conformance linter for A2A agents — agent card validation, live message/send probes, CI-friendly exit codes.
Project description
a2a-lint
Lint your A2A agents — validate agent cards against the spec, run live conformance probes in CI, and earn a conformance badge. Playground UI included.
Built for the A2A (Agent2Agent) protocol: the open standard (Google → Linux Foundation) that lets AI agents discover and delegate work to each other. Your agent speaks A2A the moment its card and endpoints conform — a2a-lint makes sure they do, and keep doing so on every push.
Why a2a-lint
Inspecting an agent once is easy (the official
a2a-inspector does it well).
Staying conformant is the hard part: a renamed skill, a card whose advertised
url only resolves inside your compose network, a message/send that stopped
returning Tasks — all invisible until another agent fails against yours.
a2a-lint is built around continuous conformance:
- CLI with CI-friendly exit codes — wire it into any pipeline
- GitHub Action — every push checks the card and does a live round trip
- Live badge — your README shows your current conformance grade
- Playground — when something fails, debug it interactively with full wire-level detail
Quick start
docker compose up --build -d # playground on http://localhost:8090
Paste any agent's base URL: you get its Agent Card rendered and graded
(field-by-field findings with fix hints), an interactive JSON-RPC
message/send console, tasks/get inspection, an SSE message/stream
viewer, and shareable permalinks of inspection snapshots.
Inspecting agents that run on your host from inside the container? Use
http://host.docker.internal:<port>(mapped viaextra_hosts).
CLI
pip install git+https://github.com/vivek24290/a2a-lint@develop # PyPI release coming
a2a-lint https://my-agent.example.com --live
✔ Weather Agent — card at https://my-agent.example.com/.well-known/agent-card.json (12 ms)
✔ live message/send round trip in 48 ms
GRADE B — 0 error(s), 1 warning(s)
WARN url: Endpoint URL is plain http.
↳ Use https in production; A2A messages can carry sensitive content.
| Flag | Effect |
|---|---|
--live |
also send a real message/send and verify the result is a Task/Message; if the card declares streaming: true, message/stream SSE conformance is checked too |
--strict |
warnings fail the lint too |
--json |
machine-readable output |
Exit codes: 0 conformant · 1 findings · 2 unreachable/not A2A.
--live catches the classic deployment bug: a card that advertises a URL its
consumers can't reach (e.g. a container-internal hostname on a public card).
GitHub Action
jobs:
a2a-conformance:
runs-on: ubuntu-latest
steps:
- uses: vivek24290/a2a-lint@v1
with:
url: https://my-agent.example.com
live: "true"
strict: "false"
Conformance badge
Live-graded SVG (5-minute cache) served by your playground instance:

What gets checked
Required card fields (name, description, url, version, capabilities,
defaultInputModes/OutputModes, skills and per-skill fields), transport
declarations, deprecated card paths, http-vs-https, missing tags/examples,
undeclared auth — each finding carries a level (error/warn/info) and a
concrete fix hint. Grades: A (clean) → F. See server/card_validator.py; the
same core powers the CLI, the Action, the badge, and the playground.
a2a-watch monitor (MVP)
Open /status.html on your playground instance: register any agent and it
gets probed on a schedule (card fetch + validation + live message/send —
the same check the CLI runs). You get UP/DOWN state, 24h uptime, conformance
grade, latency, and a webhook alert (JSON down/recovered events —
point it at Slack/Discord/anything) the moment an agent breaks or recovers.
curl -X POST localhost:8090/api/monitor/agents -H 'Content-Type: application/json' \
-d '{"url": "https://my-agent.example.com", "intervalSeconds": 300,
"webhook": "https://hooks.slack.com/services/..."}'
History lives in data/monitor.db. If an agent's card advertises an
unreachable url, the monitor falls back to the registered URL and reports
the bad card instead of a false DOWN.
Architecture
a2a_lint/ the pip-installable package (shared core)
├── client.py A2A client: card discovery, message/send, tasks/get, streaming
├── validator.py spec checks -> structured findings
└── cli.py the a2a-lint command (exit codes 0/1/2)
server/
├── main.py FastAPI: playground API, SSE proxy, permalinks, badge, monitor API
├── monitor.py a2a-watch core: scheduler, uptime history, webhook alerts
└── static/ playground UI (index.html) + monitor UI (status.html)
action.yml GitHub Action wrapping the CLI
No LLM calls, no telemetry, no external services. Permalink snapshots and
monitor history are SQLite files under ./data/.
Roadmap
-
pip install a2a-lintpackaging (PyPI publish via.github/workflows/publish.yml) -
message/streamconformance checks in the CLI - Security-scheme validation
- a2a-watch monitor MVP: scheduled probes, uptime history, webhook alerts
- Hosted a2a-watch: accounts, public status pages, e-mail alerts, paid tiers
- Public playground instance (VPS + domain)
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file a2a_lint-0.1.1.tar.gz.
File metadata
- Download URL: a2a_lint-0.1.1.tar.gz
- Upload date:
- Size: 23.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1b2faffca975a26d35a236ea889355b7816c56e4051d5659c11bb45d9d27080d
|
|
| MD5 |
a6e865e2a4a02d192d3dba91299c2c7c
|
|
| BLAKE2b-256 |
d17410b90fcbaf086d41c35c3e1a2699bfb9874f5a0c9166df3c11c5d350bb6c
|
Provenance
The following attestation bundles were made for a2a_lint-0.1.1.tar.gz:
Publisher:
publish.yml on vivek24290/a2a-lint
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
a2a_lint-0.1.1.tar.gz -
Subject digest:
1b2faffca975a26d35a236ea889355b7816c56e4051d5659c11bb45d9d27080d - Sigstore transparency entry: 2145105128
- Sigstore integration time:
-
Permalink:
vivek24290/a2a-lint@b4de48314096d40237c61d36e80b5b65cb45138f -
Branch / Tag:
refs/tags/v1.1.2 - Owner: https://github.com/vivek24290
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b4de48314096d40237c61d36e80b5b65cb45138f -
Trigger Event:
release
-
Statement type:
File details
Details for the file a2a_lint-0.1.1-py3-none-any.whl.
File metadata
- Download URL: a2a_lint-0.1.1-py3-none-any.whl
- Upload date:
- Size: 13.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5fd045cc30de72ceece3c54853b49400b9d185e2efce3b464c2ec1bdc9cae95e
|
|
| MD5 |
9eef51824e33d897b9a20471ef44f6d3
|
|
| BLAKE2b-256 |
8b043b189c8c532867dcb55a50e1189856a24edb3e63e184fe0a02fccc6804a2
|
Provenance
The following attestation bundles were made for a2a_lint-0.1.1-py3-none-any.whl:
Publisher:
publish.yml on vivek24290/a2a-lint
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
a2a_lint-0.1.1-py3-none-any.whl -
Subject digest:
5fd045cc30de72ceece3c54853b49400b9d185e2efce3b464c2ec1bdc9cae95e - Sigstore transparency entry: 2145105717
- Sigstore integration time:
-
Permalink:
vivek24290/a2a-lint@b4de48314096d40237c61d36e80b5b65cb45138f -
Branch / Tag:
refs/tags/v1.1.2 - Owner: https://github.com/vivek24290
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b4de48314096d40237c61d36e80b5b65cb45138f -
Trigger Event:
release
-
Statement type: