Skip to content

feat(peer): transport-agnostic inbound peer request handler#26

Merged
imran-siddique merged 1 commit into
mainfrom
feat/peer-request-handler
Jul 1, 2026
Merged

feat(peer): transport-agnostic inbound peer request handler#26
imran-siddique merged 1 commit into
mainfrom
feat/peer-request-handler

Conversation

@imran-siddique

Copy link
Copy Markdown
Contributor

What

ca2a_runtime.peer.handle_peer_request (with PeerRequest / PeerResult) composes the full inbound pipeline off a parsed request: verify chain, intersect scope and enforce, open any sealed payload with the enclave key, emit a linked provenance record. Fails closed throughout; never returns a payload it could not open.

This is the binding point a transport calls. cA2A does not define the transport (profile, not protocol), so parsing raw A2A wire messages into a PeerRequest is left to implementers.

Suite: 104 passed, 99% coverage.

Closes #8

🤖 Generated with Claude Code

Add ca2a_runtime.peer.handle_peer_request with PeerRequest / PeerResult. It
composes the full inbound pipeline off a parsed request: verify the delegation
chain, intersect the delegated scope with the local policy and enforce the
requested capability, open any sealed payload with the enclave-bound key, and
emit a linked provenance record. Fails closed on any verification or
authorization failure, and never returns a payload it could not open.

A transport (an A2A server) parses its wire format into a PeerRequest and calls
this. cA2A does not define the transport itself, only what the peer does with a
parsed request (profile, not protocol), so raw A2A wire parsing is left to
implementers. Suite: 104 passed, 99% coverage.

Closes #8

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@imran-siddique imran-siddique merged commit def469b into main Jul 1, 2026
11 checks passed
@imran-siddique imran-siddique deleted the feat/peer-request-handler branch July 1, 2026 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(runtime): inbound peer-delegation enforcement path

1 participant