feat: feature auth hooks #2
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d agent.json resolution
🤖 I have created a release *beep* *boop* --- ## [0.2.5](a2aproject/a2a-js@v0.2.4...v0.2.5) (2025-07-30) ### Features * add support for custom agent card url. resolves [a2aproject#68](a2aproject#68) ([a2aproject#79](a2aproject#79)) ([dc92d32](a2aproject@dc92d32)) * Export ExecutionEventQueue in server ([a2aproject#61](a2aproject#61)) ([530c0b9](a2aproject@530c0b9)) * Export type AgentExecutionEvent ([a2aproject#66](a2aproject#66)) ([f4c81f4](a2aproject@f4c81f4)) ### Bug Fixes * correct the example code ([a2aproject#64](a2aproject#64)) ([126eee4](a2aproject@126eee4)) * setting context id in _createRequestContext ([a2aproject#49](a2aproject#49)) ([1abc8a1](a2aproject@1abc8a1)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
…ility (a2aproject#71) # fix: make Express dependency optional for edge environment compatibility ## Summary - Move A2AExpressApp to separate module at server/express/ - Remove A2AExpressApp from main server exports to avoid forcing Express import - Move express to peerDependencies and devDependencies - Remove unused cors and body-parser dependencies entirely - Add new package.json export for ./server/express - Update import statements in samples and documentation - Enables usage in Cloudflare Workers, Vercel Edge, and other non-Node environments - A2AExpressApp uses express.json() which is built into Express, making body-parser unnecessary - cors is not used by the library and is an application-level concern developers should add themselves - Only express remains as a peerDependency, accurately reflecting actual requirements Fixes a2aproject#69 - Express dependency breaks edge environments ## Description Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly: - [x] Follow the [`CONTRIBUTING` Guide](https://github.com/google-a2a/a2a-js/blob/main/CONTRIBUTING.md). - [x] Make your Pull Request title in the <https://www.conventionalcommits.org/> specification. - Important Prefixes for [release-please](https://github.com/googleapis/release-please): - `fix:` which represents bug fixes, and correlates to a [SemVer](https://semver.org/) patch. - `feat:` represents a new feature, and correlates to a SemVer minor. - `feat!:`, or `fix!:`, `refactor!:`, etc., which represent a breaking change (indicated by the `!`) and will result in a SemVer major. - [x] Ensure the tests and linter pass - [x] Appropriate docs were updated (if necessary) Fixes a2aproject#69 🦕 ## Problem The A2A SDK had a hard dependency on Express.js that prevented usage in edge environments like Cloudflare Workers, Vercel Edge Runtime, and other platforms that don't support Node.js core APIs. **Issues identified:** - 🚨 **Hard Express dependency** - `A2AExpressApp` was exported from main server module, forcing Express import even when not used - 📦 **Bloated installs** - Express and unused dependencies (cors, body-parser) were required for all users - 🚫 **Edge incompatibility** - Broke deployment to Cloudflare Workers, Vercel Edge, and similar platforms - ⚡ **Performance impact** - Unnecessary bundle size for non-Express users - 🗑️ **Unused dependencies** - cors and body-parser were listed but not actually used by the library ## Solution ### 1. Modularized Express Integration - ✅ Moved `A2AExpressApp` to separate `src/server/express/` module - ✅ Removed Express exports from main `src/server/index.ts` - ✅ Created dedicated export path: `"./server/express"` ### 2. Cleaned Up Dependencies ```json { "dependencies": { "uuid": "^11.1.0" }, "peerDependencies": { "express": "^4.21.2" }, "devDependencies": { "@types/express": "^4.17.23", "express": "^4.21.2" } } ``` **Key dependency decisions:** - ✅ **express**: Required as peerDependency - actually used by `A2AExpressApp` - ❌ **body-parser**: Removed entirely - `A2AExpressApp` uses `express.json()` instead - ❌ **cors**: Removed entirely - not used by library, application-level concern ### 3. Updated Package Exports ```json { "./server/express": { "types": "./dist/server/express/index.d.ts", "import": "./dist/server/express/index.js", "require": "./dist/server/express/index.cjs" } } ``` ## Breaking Changes & Migration ### Before (❌ Problematic) ```typescript import { A2AExpressApp } from "@a2a-js/sdk/server"; // Forces Express dependency ``` ### After (✅ Clean) ```typescript // Core server functionality (no Express dependency) import { DefaultRequestHandler, AgentExecutor } from "@a2a-js/sdk/server"; // Express integration (optional, only when needed) import { A2AExpressApp } from "@a2a-js/sdk/server/express"; ``` **For Express users, install peer dependency:** ```bash npm install express ``` **For users who need CORS support, add it to your Express app:** ```bash npm install cors ``` ```typescript import express from 'express'; import cors from 'cors'; import { A2AExpressApp } from "@a2a-js/sdk/server/express"; const app = express(); app.use(cors()); // Add CORS at application level // ... rest of your Express setup ``` ## Benefits | Benefit | Before | After | |---------|--------|-------| | **Edge compatibility** | ❌ Broken | ✅ Works | | **Bundle size** | ~2MB+ Express deps | Minimal core | | **Install size** | All deps required | Express optional | | **Developer experience** | Forced dependency | Explicit choice | | **Dependency accuracy** | Unused deps included | Only required deps | ## Dependency Analysis ### Why body-parser was removed: - `A2AExpressApp` uses `express.json()` which is built into Express 4.16+ - No import statements found for `body-parser` in the codebase - Listing it as a peerDependency forced unnecessary installations ### Why cors was removed: - No import statements found for `cors` in the codebase - CORS is an application-level concern that developers should configure themselves - Different applications have different CORS requirements - Keeping it as a dependency misrepresented the library's actual requirements ## Testing - ✅ **All existing tests pass** (15/15) - ✅ **Build succeeds** with new modular structure - ✅ **Backward compatibility** maintained for core functionality - ✅ **Express functionality** preserved when imported from new path ## Files Changed - **`package.json`** - Updated exports and cleaned up dependency structure - **`src/server/index.ts`** - Removed `A2AExpressApp` export - **`src/server/express/`** - New modular Express integration - **`README.md`** - Updated import examples - **`src/samples/agents/movie-agent/index.ts`** - Updated to use new import paths ## Impact This change enables the A2A SDK to be used in: - ✅ Cloudflare Workers - ✅ Vercel Edge Runtime - ✅ Deno Deploy - ✅ Any edge/serverless environment - ✅ Traditional Node.js servers (unchanged experience) The dependency cleanup also: - 🎯 **Accurately represents requirements** - only lists dependencies actually used - 💰 **Reduces install overhead** - consumers don't install unused packages - 🔧 **Improves flexibility** - developers choose their own CORS configuration --- **Type:** Bug fix **Breaking Change:** Minimal (import path only) **SemVer:** Patch --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: swapydapy <agarwal.swapy@gmail.com>
…eature-auth-hooks
Release-As: 0.3.0
…x.ts. Also reverted change to server test
🤖 I have created a release *beep* *boop* --- ## [0.3.0](a2aproject/a2a-js@v0.2.5...v0.3.0) (2025-08-05) ### ⚠ BREAKING CHANGES * upgrade to a2a 0.3.0 spec version ([a2aproject#87](a2aproject#87)) * make Express dependency optional ### Features * make Express dependency optional ([60899c5](a2aproject@60899c5)) * upgrade to a2a 0.3.0 spec version ([a2aproject#87](a2aproject#87)) ([ae53da1](a2aproject@ae53da1)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
…cessfulRetry decription
…dableStream when simple string for response body works
…imply tests for an auth header now
…y token generated from first call is used in second call.
…er align with conventions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.