Investigate compliance issues with the current a2a-tck #162
Description
Description
The https://github.com/a2aproject/a2a-tck has been updated to support v0.3.0 of the specification and many new checks were added. a2a-dotnet is not passing even mandatory set of checks now.
Within this tasks, identify particular a2a-dotnet deficiencies and report individual issues to the backlog that are preventing being compliant with a2a-tck.
Relates to #141.
Results (WIP)
- [AGENT] Test suite initialization fails because getting agent card expects
preferredTransportfield set. Fix is WIP. - [FALSE_POSITIVE]
transport_get_agent_cardfails on missingagent/authenticatedExtendedCard. This is rather false positive as the test might use unauthenticated agent card. Otherwise, this test is skipped if agent declares push notification support. Fix submitted as fix: Remove usage of non-existent agent/card method a2a-tck#64. - [FALSE_POSITIVE] Multiple tests from various categories fail on inner
Messageobject missingkindproperty. Fix submitted as fix: Message inside MessageSendParams should contain kind attribute a2a-tck#63. mandatoryauthenticationtest_auth_compliance_v030.py[AGENT](fixed by fix: Add security field to AgentSkill class #168)test_security_scheme_structure_complianceis skipped due to missingsecuritySchemesin agent card.
test_auth_enforcement.py- [FEATURE v0.3.0]
test_authentication_required_when_declaredfails on authentication enforcement. - [AGENT/FEATURE]
test_invalid_credentials_rejectedfails because invalid authentication request is not rejected. [AGENT](fixed by Addtest_authentication_scheme_consistencyfails on missingsecurityfield on agent card.securityto the AgentSkill #165)
- [FEATURE v0.3.0]
jsonrpctest_a2a_error_codes_enhanced.py- [BUG/FEATURE]
test_push_notification_not_supported_error_32003_enhancedfails because the tests checks for push notification support and expects apropriate error message when they are declared as not supported. It fails on missingtasks/pushNotificationConfig/deleteendpoint when they are declared supported. - [IMPROVEMENT]
test_unsupported_operation_error_32004_enhancedis skipped because agent do not trigger error when sending unsupported format inacceptedOutputModesfield ofconfigurationparam tomessage/sendendpoint. - [IMPROVEMENT]
test_content_type_not_supported_error_32005_enhancedis skipped because agent do not trigger error when sending file part with unsupported MIME type tomessage/sendendpoint. - [FALSE_NEGATIVE]
test_invalid_agent_response_error_32006_enhancedis skipped because the test fails to produce invalid request.
- [BUG/FEATURE]
test_a2a_error_codes.py- [IMPROVEMENT]
test_push_notification_not_supported_error_32003is skipped when agent card does not declare push notifications support whiletasks/pushNotificationConfig/setendpoint is implemented. - [IMPROVEMENT]
test_unsupported_operation_error_32004is skipped because agent do not trigger error when sending unsupported format inacceptedOutputModesfield ofconfigurationparam tomessage/sendendpoint. - [IMPROVEMENT]
test_content_type_not_supported_error_32005is skipped because agent do not trigger error when sending file part with unsupported MIME type tomessage/sendendpoint.
- [IMPROVEMENT]
test_json_rpc_compliance.py- [BUG]
test_rejects_invalid_json_rpc_requestsfails becase agent return error -32600 instead -32602 whenmessage/sendRPC request params contains "" as object key. - [BUG]
test_rejects_invalid_paramsfails becase agent return error -32600 instead -32602 whenmessage/sendRPC request params is string instead of expected object.
- [BUG]
protocoltest_a2a_v030_new_methods.py- [FALSE_NEGATIVE/FEATURE]
test_authenticated_extended_card_method_existsfails because of wrong implementation of Advanced Agent Card retrieval ona2a-tckside, issue submitted as [Bug]: Isagent/cardmethod defined by the specification? a2a-tck#61, fix submitted as fix: Remove usage of non-existent agent/card method a2a-tck#64. Then implementation of Advanced Agent Card ona2a-dotnetside will be needed. - [FALSE_NEGATIVE/FEATURE]
test_authenticated_extended_card_without_authsame as above. - [FALSE_NEGATIVE/FEATURE]
test_authenticated_extended_card_with_authsame as above. - [AGENT]
test_tasks_list_method_availabilityis skipped because of check for JSON-RPC transport. - [AGENT]
test_tasks_list_with_existing_tasksis skipped because of check for JSON-RPC transport. - [AGENT/FEATURE]
test_grpc_specific_featuresis skipped becase transport is not gRPC. - [AGENT]
test_rest_specific_featuresis skipped becase transport is not REST.
- [FALSE_NEGATIVE/FEATURE]
test_a2a_v030_transport_compliance.py- [FEATURE]
test_multi_transport_method_mappingis skipped because not all transports are supported.
- [FEATURE]
test_agent_card_mandatory.py- [FALSE_POSITIVE]
test_agent_card_skills_mandatoryfails because the test mandates skills array not being empty in the agent card. Reported as [Bug]: Skills array in agent card cannot be empty? a2a-tck#65.
- [FALSE_POSITIVE]
test_extended_agent_card.py- [FEATURE v0.3.0]
test_extended_agent_card_endpoint_existsfails becauseagent/getAuthenticatedExtendedCardmethod is not implemented. - [FEATURE v0.3.0]
test_extended_agent_card_authentication_requiredfails becauseagent/getAuthenticatedExtendedCardmethod is not implemented. - [FEATURE v0.3.0]
test_extended_agent_card_response_formatis skipped becauseagent/getAuthenticatedExtendedCardmethod is not implemented.
- [FEATURE v0.3.0]
test_message_send_method.py- [BUG]
test_message_send_invalid_paramsfails becase agent returns error -32600 instead of -32602 whenmessage/sendRPC request is missing required properties of message object.
- [BUG]
qualitytest_error_validation_enhanced.py- [BUG]
test_invalid_method_error_validationfailse because agent returns -32603 instead of -32601 when non-existent method is requested.
- [BUG]
securtitytest_agent_card_security.py- [A2A_BUG/FALSE_POSITIVE/BUG]
test_public_agent_card_access_controlfails on miss alignment what should be theurlproperty inAgentCard. The test tries to access theurldirectly to get the card wich is wrong because it should be at least<url>/.well-known/agent-card.json. On the other hand, theSpecComplianceAgentreturnshttp://localhost:5048/speccompliancein theurlwhich is also wrong becausehttp://localhost:5048/speccompliance/.well-known/agent-card.jsonis not a valid location for the card. This is basically another consequence in the design of how agent cards should be served in the specification. - [A2A_BUG/FALSE_POSITIVE/FEATURE]
test_extended_card_access_controlsfails because the tests construct the extended authenticated agent card URL wrong but there is no clarity on where is should be in the specification either. - [A2A_BUG/FALSE_NEGATIVE/FEATURE]
test_authentication_scheme_validationtests passes but there are validation errors with the same cause astest_extended_card_access_controls. - [FALSE_POSITIVE/AGENT]
test_sensitive_information_protectionfailse because the test checks for certain patterns in the public agent card on deserialized structure converted to string which contains fields for secrects even if they were not present in the agent response. Nevertheless, theSpecComplianceAgentdoes not have any special handling that no credentials are exposed on public card and extended authenticated card is not supported.
- [A2A_BUG/FALSE_POSITIVE/BUG]
test_certificate_validation.py- [UNDECICIVE] All tests in this file are skipped because they require agent running on HTTPS with a domain name.
test_in_task_authentication.py- [UNDECICIVE/AGENT/FEATURE]
test_in_task_authentication_workflowis skipped becuase the test is trying to authenticate using LLM prompt submitted as task while theSpecComplianceAgenthas no LLM. - [FALSE_NEGATIVE/AGENT/FEATURE]
test_authentication_challenge_headerspasses even if it tries to request non-existing task and check if auhentication was enforced. This is not implemented both in theSpecComplianceAgentand the library. - [FEATURE]
test_invalid_authentication_handlingfails because agent do not respond with correct errors on requests with ivalid authentication. - [AGENT/FEATURE]
test_auth_state_transitionsis skipped becauseSpecComplianceAgentdo not implement tasks state management and authentication.
- [UNDECICIVE/AGENT/FEATURE]
test_tls_configuration_enhanced.py- [UNDECICIVE/FEATURE] All tests in this file are skipped because they require agent running on HTTPS with a domain name and TLS support.
test_transport_security.py- [UNDECICIVE/FEATURE] All tests in this file are skipped because they require agent running on HTTPS with a domain name and TLS support.
transporttest_multi_transport_equivalence.py- [FALSE_POSITIVE/FALSE_NEGATIVE] Tests in this file fails because they are unfinished / regressed. Some of them pass but should fail for the same reason.
unit- [FALSE_POSITIVE] Some unit test fails on usage of removed
send_json_rpcmethod ofSUTClient. Fix submitted as fix: Fix tests failing on missingsend_json_rpcmethod a2a-tck#66. - [FALSE_POSITIVE]
test_transport_error_with_originalfails because of signature ofTransportErrorhas changed. Fix submitted as fix: Fix test failing onTransportErrorconstructor signature change a2a-tck#67. - [FALSE_POSITIVE]
test_get_task_interfaceandtest_cancel_task_interfacefail on invalid assert of task ID. Fix submitted as fix: Fix tests failing due toget_taskandcancel_taskparams change a2a-tck#68.
- [FALSE_POSITIVE] Some unit test fails on usage of removed
Explanation
- [A2A_BUG]: Issue in A2A specification.
- [AGENT]: Issue in
SpecComplianceAgentthat can be resolved without change toa2a-dotnet - [BUG]: Issue in
a2a-dotnetin already implemented feature. - [FALSE_POSITIVE]: Issue in
a2a-tckwhere test is failing but shouln't. - [FALSE_NEGATIVE]: Issue in
a2a-tckwhere test is passing but shouln't. - [FEATURE ]: Unimplemented feature in
a2a-dotnetfor the specified protocol version. - [FEATURE]: Unimplemented feature in
a2a-dotnet, the protocol version is unknown. - [IMPROVEMENT]: Not a bug but improvement in
a2a-dotnetcan resolve. - [UNDECICIVE]: The test cannot be run for a reason.
Metadata
Metadata
Assignees
Labels
No labels