Skip to main content

A2UI Agent SDK

Project description

A2UI Agent implementation

The agent_sdks/python/src/a2ui directory contains the Python implementation of the A2UI agent SDK.

Core Components

The following directories contain the base protocol logic, parsing, and schema operations directly under src/a2ui/:

Schema Management (src/a2ui/schema)

  • manager.py: The A2uiSchemaManager handles loading specification schemas, managing catalogs, and generating system prompts for LLMs.
  • validator.py: Implements A2uiValidator for validating A2UI messages against JSON schemas and protocol rules.
  • catalog.py: Defines A2uiCatalog and CatalogConfig for handling component libraries.

Parser (src/a2ui/parser)

  • parser.py: Implementation of parse_response for synchronous parsing.
  • streaming.py: Incremental streaming parsers with automatic JSON healing and validation.
  • payload_fixer.py: Utilities to automatically correct common LLM output issues in A2UI payloads.

Basic Catalog (src/a2ui/basic_catalog)

  • provider.py: Implementation of BasicCatalog for handling the basic A2UI components.

A2A (src/a2ui/a2a)

  • extension.py: Utilities for managing the A2UI extension URI and activation logic.
  • parts.py: Utilities for creating A2A Parts with A2UI data and helpers for response parsing.

ADK Extensions (src/a2ui/adk)

Support for the Agent Development Kit (ADK) and A2A protocol.

  • send_a2ui_to_client_toolset.py: Implementation of SendA2uiToClientToolset to enable agents to send UI to clients via tool calls.

Running tests

  1. Navigate to the directory:

    cd agent_sdks/python
    
  2. Run the tests

    uv run pytest
    

Building the SDK

To build the SDK, run the following command from the agent_sdks/python directory:

uv build .

Formatting code

To format the code, run the following command from the agent_sdks/python directory:

uv run pyink .

Releasing the SDK

See internal guidance at go/a2ui-release-pipy.

Disclaimer

Important: The sample code provided is for demonstration purposes and illustrates the mechanics of A2UI and the Agent-to-Agent (A2A) protocol. When building production applications, it is critical to treat any agent operating outside of your direct control as a potentially untrusted entity.

All operational data received from an external agent—including its AgentCard, messages, artifacts, and task statuses—should be handled as untrusted input. For example, a malicious agent could provide crafted data in its fields (e.g., name, skills.description) that, if used without sanitization to construct prompts for a Large Language Model (LLM), could expose your application to prompt injection attacks.

Similarly, any UI definition or data stream received must be treated as untrusted. Malicious agents could attempt to spoof legitimate interfaces to deceive users (phishing), inject malicious scripts via property values (XSS), or generate excessive layout complexity to degrade client performance (DoS). If your application supports optional embedded content (such as iframes or web views), additional care must be taken to prevent exposure to malicious external sites.

Developer Responsibility: Failure to properly validate data and strictly sandbox rendered content can introduce severe vulnerabilities. Developers are responsible for implementing appropriate security measures—such as input sanitization, Content Security Policies (CSP), strict isolation for optional embedded content, and secure credential handling—to protect their systems and users.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

a2ui_agent_sdk-0.2.4.tar.gz (279.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

a2ui_agent_sdk-0.2.4-py3-none-any.whl (85.7 kB view details)

Uploaded Python 3

File details

Details for the file a2ui_agent_sdk-0.2.4.tar.gz.

File metadata

  • Download URL: a2ui_agent_sdk-0.2.4.tar.gz
  • Upload date:
  • Size: 279.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.11.2

File hashes

Hashes for a2ui_agent_sdk-0.2.4.tar.gz
Algorithm Hash digest
SHA256 6c92363ca028e5c75a541f913e4bb1e6aef0c217e5c7dc693bb12712069b1e23
MD5 7f5bbc1f1ac7215ee50c87f99d502985
BLAKE2b-256 67ed0a67c72a3aa56b95cea95cdc921e208dbf501ccf5bf18aba310953932d62

See more details on using hashes here.

Provenance

The following attestation bundles were made for a2ui_agent_sdk-0.2.4.tar.gz:

Publisher: a2ui-py@oss-exit-gate-prod.iam.gserviceaccount.com

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.
  • Statement: Publication detail:
    • Token Issuer: https://accounts.google.com
    • Service Account: a2ui-py@oss-exit-gate-prod.iam.gserviceaccount.com

File details

Details for the file a2ui_agent_sdk-0.2.4-py3-none-any.whl.

File metadata

  • Download URL: a2ui_agent_sdk-0.2.4-py3-none-any.whl
  • Upload date:
  • Size: 85.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.11.2

File hashes

Hashes for a2ui_agent_sdk-0.2.4-py3-none-any.whl
Algorithm Hash digest
SHA256 3d768c16b98216df4dbb76930b69e809c256a1d2be159d55461c6bb67b2bedab
MD5 babdbd99122ea940f93c546dcc8190aa
BLAKE2b-256 53f1cc3ad505425af8b5495313df3b6842697fcf1edbe879a7ae79dce983cfec

See more details on using hashes here.

Provenance

The following attestation bundles were made for a2ui_agent_sdk-0.2.4-py3-none-any.whl:

Publisher: a2ui-py@oss-exit-gate-prod.iam.gserviceaccount.com

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.
  • Statement: Publication detail:
    • Token Issuer: https://accounts.google.com
    • Service Account: a2ui-py@oss-exit-gate-prod.iam.gserviceaccount.com

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page