feat: simplify excludelist

Author: prassanna-ravishankar

src/agentex/lib/core/services/adk/acp/acp.py

@@ -1,5 +1,4 @@
 from typing import Any, List, cast
-import fnmatch
 
 from agentex import AsyncAgentex
 from agentex.lib.core.tracing.tracer import AsyncTracer
@@ -11,6 +10,10 @@
 from agentex.types.task_message import TaskMessage
 from agentex.types.task_message_content import TaskMessageContent
 from agentex.types.task_message_content_param import TaskMessageContentParam
+from agentex.types.agent_rpc_params import (
+    ParamsCancelTaskRequest as RpcParamsCancelTaskRequest,
+    ParamsSendEventRequest as RpcParamsSendEventRequest,
+)
 
 logger = make_logger(__name__)
 
@@ -24,77 +27,6 @@ def __init__(
         self._agentex_client = agentex_client
         self._tracer = tracer
 
-    async def _get_agent_header_allowlist(
-        self, agent_name: str | None = None, agent_id: str | None = None
-    ) -> list[str] | None:
-        """
-        Get agent's header allowlist from manifest.
-        
-        Returns None for pass-through behavior (all headers forwarded).
-        Returns list[str] of allowed header patterns if agent has filtering requirements.
-        
-        Note: In a production system, this would load the agent's manifest from a registry/database
-        based on agent_name/agent_id and return the header_allowlist. For now, we implement
-        pass-through by default as requested.
-        
-        TODO: Integrate with agent registry to load manifest-based header allowlists
-        """
-        # Pass-through by default - forward all headers unless agent has specific filtering config
-        # In production, this would query an agent registry/database:
-        # 1. Look up agent by name/id
-        # 2. Get agent's manifest configuration 
-        # 3. Return manifest.agent.header_allowlist
-        return None
-
-    def _filter_headers(
-        self,
-        headers: dict[str, str] | None,
-        allowlist: list[str] | None
-    ) -> dict[str, str]:
-        """
-        Filter headers based on agent's allowlist.
-        
-        Pass-through by default: if no allowlist provided, all headers are forwarded.
-        If allowlist exists, only matching headers are forwarded.
-        
-        Args:
-            headers: Headers to filter
-            allowlist: Agent's header allowlist (None = pass-through all)
-            
-        Returns:
-            Filtered headers dictionary
-        """
-        if not headers:
-            return {}
-        
-        # Pass-through behavior: if no allowlist, forward all headers
-        if allowlist is None:
-            logger.info("No header allowlist found, passing through all %d headers", len(headers))
-            return headers
-
-        # Apply filtering based on allowlist
-        if not allowlist:
-            logger.info("Empty allowlist, blocking all headers")
-            return {}
-
-        filtered = {}
-        for header_name, header_value in headers.items():
-            # Check against allowlist patterns (case-insensitive)
-            header_allowed = False
-            for pattern in allowlist:
-                if fnmatch.fnmatch(header_name.lower(), pattern.lower()):
-                    header_allowed = True
-                    break
-
-            if header_allowed:
-                filtered[header_name] = header_value
-                logger.info("Allowed header: %s", header_name)
-            else:
-                logger.info("Header '%s' not in allowlist, ignoring", header_name)
-
-        logger.info("Filtered %d headers from %d based on allowlist", len(filtered), len(headers))
-        return filtered
-
     async def task_create(
         self,
         name: str | None = None,
@@ -118,10 +50,9 @@ async def task_create(
         ) as span:
             heartbeat_if_in_workflow("task create")
 
-            # Extract headers from request and filter them
+            # Extract headers from request; pass-through to agent
             headers = request.get("headers") if request else None
-            header_allowlist = await self._get_agent_header_allowlist(agent_name, agent_id)
-            filtered_headers = self._filter_headers(headers, header_allowlist)
+            filtered_headers: dict[str, str] = headers or {}
 
             if agent_name:
                 json_rpc_response = await self._agentex_client.agents.rpc_by_name(
@@ -176,10 +107,9 @@ async def message_send(
         ) as span:
             heartbeat_if_in_workflow("message send")
 
-            # Extract headers from request and filter them
+            # Extract headers from request; pass-through to agent
             headers = request.get("headers") if request else None
-            header_allowlist = await self._get_agent_header_allowlist(agent_name, agent_id)
-            filtered_headers = self._filter_headers(headers, header_allowlist)
+            filtered_headers: dict[str, str] = headers or {}
 
             if agent_name:
                 json_rpc_response = await self._agentex_client.agents.rpc_by_name(
@@ -238,34 +168,33 @@ async def event_send(
                 "agent_id": agent_id,
                 "agent_name": agent_name,
                 "task_id": task_id,
+                "task_name": task_name,
                 "content": content,
             },
         ) as span:
             heartbeat_if_in_workflow("event send")
 
-            # Extract headers from request and filter them
+            # Extract headers from request; pass-through to agent
             headers = request.get("headers") if request else None
-            header_allowlist = await self._get_agent_header_allowlist(agent_name, agent_id)
-            filtered_headers = self._filter_headers(headers, header_allowlist)
+            filtered_headers: dict[str, str] = headers or {}
 
+            rpc_event_params: RpcParamsSendEventRequest = {
+                "task_id": task_id,
+                "task_name": task_name,
+                "content": cast(TaskMessageContentParam, content.model_dump()),
+            }
             if agent_name:
                 json_rpc_response = await self._agentex_client.agents.rpc_by_name(
                     agent_name=agent_name,
                     method="event/send",
-                    params={
-                        "task_id": task_id,
-                        "content": cast(TaskMessageContentParam, content.model_dump()),
-                    },
+                    params=rpc_event_params,
                     extra_headers=filtered_headers,
                 )
             elif agent_id:
                 json_rpc_response = await self._agentex_client.agents.rpc(
                     agent_id=agent_id,
                     method="event/send",
-                    params={
-                        "task_id": task_id,
-                        "content": cast(TaskMessageContentParam, content.model_dump()),
-                    },
+                    params=rpc_event_params,
                     extra_headers=filtered_headers,
                 )
             else:
@@ -296,7 +225,7 @@ async def task_cancel(
             agent_name: Name of the agent that owns the task
             trace_id: Trace ID for tracing
             parent_span_id: Parent span ID for tracing
-            extra_headers: Headers to forward to the agent
+            request: Additional request context including headers to forward to the agent
             
         Returns:
             Task entry representing the cancelled task
@@ -325,13 +254,12 @@ async def task_cancel(
         ) as span:
             heartbeat_if_in_workflow("task cancel")
 
-            # Extract headers from request and filter them
+            # Extract headers from request; pass-through to agent
             headers = request.get("headers") if request else None
-            header_allowlist = await self._get_agent_header_allowlist(agent_name, agent_id)
-            filtered_headers = self._filter_headers(headers, header_allowlist)
+            filtered_headers: dict[str, str] = headers or {}
 
             # Build params for the agent (task identification)
-            params = {}
+            params: RpcParamsCancelTaskRequest = {}
             if task_id:
                 params["task_id"] = task_id
             if task_name:
@@ -346,6 +274,7 @@ async def task_cancel(
                     extra_headers=filtered_headers,
                 )
             else:  # agent_id is provided (validated above)
+                assert agent_id is not None
                 json_rpc_response = await self._agentex_client.agents.rpc(
                     agent_id=agent_id,
                     method="task/cancel",

src/agentex/lib/sdk/config/agent_config.py

@@ -28,9 +28,6 @@ class AgentConfig(BaseModel):
     temporal: TemporalConfig | None = Field(
         default=None, description="Temporal workflow configuration for this agent"
     )
-    header_allowlist: list[str] | None = Field(
-        default=None, description="List of header patterns this agent is allowed to receive. If not provided, all headers are forwarded."
-    )
 
     def is_temporal_agent(self) -> bool:
         """Check if this agent uses Temporal workflows"""

src/agentex/lib/sdk/fastacp/base/base_acp_server.py

@@ -26,6 +26,10 @@
 from agentex.lib.utils.logging import make_logger
 from agentex.lib.utils.model_utils import BaseModel
 from agentex.lib.utils.registration import register_agent
+from agentex.lib.sdk.fastacp.base.constants import (
+    FASTACP_HEADER_SKIP_EXACT,
+    FASTACP_HEADER_SKIP_PREFIXES,
+)
 
 logger = make_logger(__name__)
 
@@ -128,11 +132,13 @@ async def _handle_jsonrpc(self, request: Request):
                     ),
                 )
 
-            # Extract all custom headers (already filtered by AgentEx service layer if needed)
-            # Pass through all headers since filtering happens at the service layer
+            # Extract application headers, excluding sensitive/transport headers per FASTACP_* rules
+            # Forward filtered headers via params.request.headers to agent handlers
             custom_headers = {
-                key: value for key, value in request.headers.items()
-                if not key.lower().startswith(('content-', 'host', 'user-agent', 'accept'))  # Skip standard HTTP headers
+                key: value
+                for key, value in request.headers.items()
+                if key.lower() not in FASTACP_HEADER_SKIP_EXACT
+                and not any(key.lower().startswith(p) for p in FASTACP_HEADER_SKIP_PREFIXES)
             }
 
             # Parse params into appropriate model based on method and include headers

src/agentex/lib/sdk/fastacp/base/constants.py

@@ -0,0 +1,24 @@
+from __future__ import annotations
+
+# Header filtering rules for FastACP server
+
+# Prefixes to skip (case-insensitive beginswith checks)
+FASTACP_HEADER_SKIP_PREFIXES: tuple[str, ...] = (
+    "content-",
+    "host",
+    "user-agent",
+    "x-forwarded-",
+    "sec-",
+)
+
+# Exact header names to skip (case-insensitive matching done by lowercasing keys)
+FASTACP_HEADER_SKIP_EXACT: set[str] = {
+    "x-agent-api-key",
+    "connection",
+    "accept-encoding",
+    "cookie",
+    "content-length",
+    "transfer-encoding",
+}
+
+