Skip to main content

Bind A2A (Agent2Agent) Agent Cards to a Vouch identity for verifiable agent-to-agent trust.

Project description

vouch-a2a

Bind A2A (Agent2Agent) Agent Cards to a Vouch identity, so two agents can establish trust before they collaborate.

A2A standardized how agents discover and talk to each other through Agent Cards. It does not, by itself, prove who stands behind an agent. vouch-a2a attaches a W3C Verifiable Credential (eddsa-jcs-2022 Data Integrity proof) to the card, optionally with a delegation chain back to the human or org that operates the agent. A verifier can then refuse an unsigned or impostor peer.

Install

pip install vouch-a2a

Sign an Agent Card

from vouch import Signer
from vouch_a2a import sign_agent_card

signer = Signer(private_key=PRIV_JWK, did="did:web:agents.acme.com")

card = {
    "name": "BillingAgent",
    "url": "https://agents.acme.com/billing",
    "version": "1.0.0",
    "capabilities": {"streaming": True},
    "skills": [{"id": "invoice", "name": "Create invoice"}],
}

signed_card = sign_agent_card(signer, card)          # adds a 'vouchCredential' field
# Optionally bind to an org principal:
# signed_card = sign_agent_card(signer, card, parent_credential=org_principal_cred)

Verify a peer's card

from vouch_a2a import verify_agent_card

ok, passport = verify_agent_card(peer_card, public_key=peer_pubkey)
if not ok:
    raise PermissionError("Refusing to collaborate with an unverified agent")

The credential binds to the card's url (the stable agent identity). The input card is never mutated; sign_agent_card returns a copy.

License

Apache-2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vouch_a2a-0.1.0.tar.gz (3.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vouch_a2a-0.1.0-py3-none-any.whl (2.5 kB view details)

Uploaded Python 3

File details

Details for the file vouch_a2a-0.1.0.tar.gz.

File metadata

  • Download URL: vouch_a2a-0.1.0.tar.gz
  • Upload date:
  • Size: 3.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for vouch_a2a-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f0e1806d392187156b9bb9908f32fbcc6c1bb7909c74a166ed6045752287eb0e
MD5 3a36b2a96df94aba7dcdafe111d60fec
BLAKE2b-256 0d2238dd1eb20431cde9d86f55689bb0eafaec38e23cd6b941ade6b07f46c669

See more details on using hashes here.

Provenance

The following attestation bundles were made for vouch_a2a-0.1.0.tar.gz:

Publisher: publish-pypi.yml on vouch-protocol/vouch

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file vouch_a2a-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: vouch_a2a-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 2.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for vouch_a2a-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4399eb5bf765264aa90d6b37a046a3c1c59c4b563c2cfd62e7cda4d7a5e7850c
MD5 1842ee79dc1481a4724afb5b5a4d08da
BLAKE2b-256 11d3aa9ea6f416adb81e51dbed8b54eca081512210cc67cfa282f9d6832e9c06

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page