Skip to content

Add inbound A2A peer support with trust model and idle notifications#232

Open
rockfordlhotka wants to merge 1 commit intomainfrom
feature/99-a2a-inbound-peer
Open

Add inbound A2A peer support with trust model and idle notifications#232
rockfordlhotka wants to merge 1 commit intomainfrom
feature/99-a2a-inbound-peer

Conversation

@rockfordlhotka
Copy link
Copy Markdown
Member

@rockfordlhotka rockfordlhotka commented Apr 2, 2026

Summary

Closes #99 — makes RockBot a full A2A peer so external agents can discover it and send it tasks.

  • Pluggable identity verificationIAgentIdentityVerifier interface receives the full MessageEnvelope and returns VerifiedAgentIdentity. Ships with NameBasedAgentIdentityVerifier (trusts Source string); future implementations can plug in JWT, OAuth, OBO tokens, or registry-backed verification via DI replacement.
  • Four-level per-caller trust modelAgentTrustLevel (Observe → Learn → Propose → Act) with FileAgentTrustStore for JSON persistence. Each caller progresses independently. New callers start at Observe.
  • RockBotTaskHandler — implements IAgentTaskHandler with trust-level-aware dispatch:
    • Level 1 (Observe): read-only LLM pass with restricted tool set, writes summary + suggested action to working memory A2A inbox, queues notification for user
    • Level 4 (Act): executes approved skills (notify-user, query-availability) autonomously
  • Built-in skillsnotify-user (pass-through notification) and query-availability (deterministic busy/available/away) bypass the LLM loop
  • Idle-aware notification queueInboundNotificationService monitors user activity and batches A2A notifications for delivery after ~2 minutes of idle time
  • Blazor UI treatment — A2A inbound messages route to MessageCategory.A2AActivity with distinct "Inbound A2A" label, blue accent, and 🔗 header indicator

Architecture

External Agent → agent.task.RockBot → IdentityVerificationMiddleware
  → AgentTaskRequestHandler → RockBotTaskHandler
    → Trust check → Skill dispatch or Observe LLM pass
      → Working memory (a2a-inbox/{taskId}/)
      → InboundNotificationQueue
        → InboundNotificationService (idle flush)
          → user.response → Blazor UI (A2AActivity category)

Test plan

  • dotnet build RockBot.slnx — 0 errors
  • dotnet test RockBot.slnx — 849 tests passing, 0 failures
  • New tests: IdentityVerificationTests (3), IdentityVerificationMiddlewareTests (3), TrustStoreTests (6), InboundNotificationQueueTests (4)
  • Deploy to cluster and verify SampleAgent can invoke RockBot
  • Verify AgentCard published on discovery.announce
  • Verify agent-trust.json created after first inbound task
  • Verify notification appears in Blazor UI with A2A styling

🤖 Generated with Claude Code

@rockfordlhotka @claude
Add inbound A2A peer support with trust model and idle notifications (#…
92140c9 
…99)

Make RockBot a full A2A peer so external agents can discover it and send
it tasks. Implements pluggable identity verification (IAgentIdentityVerifier),
a four-level per-caller trust model (Observe/Learn/Propose/Act), and an
idle-aware notification queue that batches inbound A2A results for the user.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RockBot as A2A peer: agent card advertisement and inbound task handling

1 participant

@rockfordlhotka