scaleapi
diff --git a/‎AGENTEX_HEADER_FORWARDING.md‎
Lines changed: 373 additions & 0 deletions b/‎AGENTEX_HEADER_FORWARDING.md‎
Lines changed: 373 additions & 0 deletions
@@ -0,0 +1,373 @@
+# AgentEx Header Forwarding Implementation
+
+## Overview
+
+The AgentEx SDK now supports forwarding custom HTTP headers to agents with a **pass-through by default** approach. Headers are forwarded to agents unless the agent has specific filtering configuration in its manifest.
+
+## Key Features
+
+- **Pass-through by default**: All headers are forwarded unless agent has filtering configuration
+- **Optional filtering**: Agents can opt-in to header filtering via `custom_headers` in manifest
+- **Flexible patterns**: Support for wildcards and case-insensitive matching
+- **Clean API**: Headers passed via `request.headers` structure instead of flat parameters
+
+## Architecture
+
+### Pass-Through by Default Behavior
+
+1. **No manifest config** → All headers forwarded to agent
+2. **Empty allowlist** → No headers forwarded  
+3. **Configured allowlist** → Only matching headers forwarded
+
+### Agent Manifest Configuration
+
+```yaml
+# manifest.yaml
+agent:
+  name: scallion
+  description: Real-time smart search triggers
+  
+  # Optional: Custom header filtering (omit for pass-through)
+  custom_headers:
+    strategy: "allowlist"
+    allowed_headers:
+      - "x-user-email"             # User identification
+      - "x-user-oauth-credentials" # OAuth for Drive search
+      - "x-meeting-id"             # Meeting context
+      - "x-tenant-*"               # Tenant-related headers (wildcard)
+      - "authorization"            # Standard auth header
+```
+
+### Example Agent Configurations
+
+```yaml
+# Pass-through agent (default behavior)
+agent:
+  name: data-processor
+  description: Processes data with full header context
+  # No custom_headers section = all headers forwarded
+```
+
+```yaml
+# Filtered agent (OAuth-enabled)
+agent:
+  name: scallion
+  custom_headers:
+    strategy: "allowlist"
+    allowed_headers:
+      - "x-user-*"          # All user headers
+      - "authorization"     # Standard auth
+      - "x-tenant-*"        # Tenant context
+```
+
+```yaml
+# Restricted agent (minimal headers)
+agent:
+  name: calculator
+  custom_headers:
+    strategy: "allowlist"
+    allowed_headers:
+      - "x-request-id"      # Just for tracing
+```
+
+## Files to Modify
+
+### 1. Manifest Schema Definition
+
+**File**: `src/agentex/lib/types/agent_configs.py` (or similar)
+
+```python
+# NEW: Agent manifest header configuration
+class CustomHeadersConfig(BaseModel):
+    strategy: Literal["allowlist", "blocklist"] = "allowlist"
+    allowed_headers: List[str] = []
+    blocked_headers: List[str] = []
+    max_header_size: int = 8192
+    max_headers_count: int = 50
+
+class AgentManifestConfig(BaseModel):
+    # ... existing fields
+    custom_headers: Optional[CustomHeadersConfig] = None
+```
+
+### 2. Core Service Layer with Header Filtering
+
+**File**: `src/agentex/lib/core/services/adk/acp/acp.py`
+
+```python
+import fnmatch
+from typing import Dict, List
+
+class ACPService:
+    async def _get_agent_header_config(self, agent_name: str | None, agent_id: str | None) -> CustomHeadersConfig:
+        """Get agent's header configuration from manifest"""
+        # Load agent manifest and return custom_headers config
+        # Implementation depends on how manifests are stored/accessed
+        
+    def _filter_headers(self, extra_headers: Dict[str, str] | None, config: CustomHeadersConfig) -> Dict[str, str]:
+        """Filter headers based on agent's configuration"""
+        if not extra_headers or not config.allowed_headers:
+            return {}
+        
+        filtered = {}
+        for header_name, header_value in extra_headers.items():
+            # Check against allowlist patterns
+            for pattern in config.allowed_headers:
+                if fnmatch.fnmatch(header_name.lower(), pattern.lower()):
+                    # Apply size limits
+                    if len(header_value) <= config.max_header_size:
+                        filtered[header_name] = header_value
+                    break
+            
+            # Respect max headers count
+            if len(filtered) >= config.max_headers_count:
+                break
+                
+        return filtered
+
+    async def event_send(
+        self,
+        content: TaskMessageContent,
+        agent_id: str | None = None,
+        agent_name: str | None = None,
+        task_id: str | None = None,
+        task_name: str | None = None,
+        trace_id: str | None = None,
+        parent_span_id: str | None = None,
+        # NEW: Accept extra_headers
+        extra_headers: dict[str, str] | None = None,
+    ) -> Event:
+        # NEW: Get agent's header configuration
+        header_config = await self._get_agent_header_config(agent_name, agent_id)
+        
+        # NEW: Filter headers based on agent's allowlist
+        filtered_headers = self._filter_headers(extra_headers, header_config)
+        
+        # Forward only allowed headers
+        if agent_name:
+            json_rpc_response = await self._agentex_client.agents.rpc_by_name(
+                agent_name=agent_name,
+                method="event/send",
+                params={
+                    "task_id": task_id,
+                    "content": cast(TaskMessageContentParam, content.model_dump()),
+                },
+                extra_headers=filtered_headers,  # Only agent-approved headers
+            )
+        # ... similar for agent_id case
+
+    async def task_create(
+        self,
+        name: str | None = None,
+        agent_id: str | None = None,
+        agent_name: str | None = None,
+        params: dict[str, Any] | None = None,
+        trace_id: str | None = None,
+        parent_span_id: str | None = None,
+        # NEW: Accept extra_headers
+        extra_headers: dict[str, str] | None = None,
+    ) -> Task:
+        # NEW: Apply same filtering pattern
+        header_config = await self._get_agent_header_config(agent_name, agent_id)
+        filtered_headers = self._filter_headers(extra_headers, header_config)
+        
+        # Forward only allowed headers to agent
+        # ... implementation similar to event_send
+```
+
+### 3. ADK Interface Updates
+
+**Files**: `src/agentex/lib/adk/_modules/acp.py`
+
+```python
+# Add extra_headers parameter to public interfaces
+async def event_send(
+    content: TaskMessageContent,
+    agent_id: str | None = None,
+    agent_name: str | None = None,
+    task_id: str | None = None,
+    task_name: str | None = None,
+    # NEW: Accept extra_headers (will be filtered by agent config)
+    extra_headers: dict[str, str] | None = None,
+) -> Event:
+    return await _get_acp_service().event_send(
+        content=content,
+        agent_id=agent_id,
+        agent_name=agent_name,
+        task_id=task_id,
+        task_name=task_name,
+        extra_headers=extra_headers,
+    )
+```
+
+## Implementation Checklist
+
+### Phase 1: Manifest Schema & Parsing
+- [ ] Add `CustomHeadersConfig` to agent manifest schema
+- [ ] Update manifest parsing to include `custom_headers` section
+- [ ] Add validation for header patterns and limits
+- [ ] Update CLI to validate manifest header configurations
+
+### Phase 2: Core Service Layer
+- [ ] Add `_get_agent_header_config()` method to load from manifest
+- [ ] Add `_filter_headers()` method with pattern matching
+- [ ] Add `extra_headers` parameter to `ACPService.event_send()`
+- [ ] Add `extra_headers` parameter to `ACPService.task_create()`
+- [ ] Add `extra_headers` parameter to `ACPService.message_send()`
+- [ ] Add `extra_headers` parameter to `ACPService.task_cancel()`
+
+### Phase 3: ADK Public Interface
+- [ ] Update `adk.acp.event_send()` to accept `extra_headers`
+- [ ] Update `adk.acp.task_create()` to accept `extra_headers`
+- [ ] Update other ADK methods as needed
+
+### Phase 4: Security & Defaults
+- [ ] Implement secure-by-default (no headers unless explicitly allowed)
+- [ ] Add global fallback for agents without `custom_headers` config
+- [ ] Add logging for blocked/allowed headers (for debugging)
+- [ ] Add size and count validation
+
+### Phase 5: Testing & Documentation
+- [ ] Add unit tests for header filtering logic
+- [ ] Add integration tests with real agent manifests
+- [ ] Update agent development guide with header configuration
+- [ ] Add security best practices documentation
+
+## API Usage
+
+### Python SDK
+
+```python
+# New request.headers structure
+task = await agentex_client.acp.create_task(
+    name="oauth-task",
+    agent_name="data-processor",  # Pass-through agent
+    params={"content": "Process with full context"},
+    request={
+        "headers": {
+            "x-user-email": "[email protected]",
+            "x-user-oauth-credentials": oauth_creds_json,
+            "x-tenant-id": "tenant-123", 
+            "authorization": "Bearer token",
+            "x-custom-data": "important-context"
+        }
+    }
+)
+# All headers forwarded to pass-through agent
+
+# Filtered agent example
+task = await agentex_client.acp.create_task(
+    name="calculation",
+    agent_name="calculator",  # Filtered agent
+    params={"expression": "2 + 2"},
+    request={
+        "headers": {
+            "x-request-id": "req-123",      # ✅ Allowed
+            "x-user-email": "[email protected]", # ❌ Filtered out
+            "authorization": "Bearer token"  # ❌ Filtered out  
+        }
+    }
+)
+# Only x-request-id forwarded to filtered agent
+```
+
+### Direct HTTP API Usage
+
+```python
+# Enhanced 2b_send_demo.py with headers
+headers = {
+    "Content-Type": "application/json",
+    "x-user-email": "[email protected]",
+    "x-user-oauth-credentials": json.dumps(oauth_creds),
+    "x-meeting-id": "standup-2024-01-15",
+    "x-internal-secret": "should-be-blocked"  # Blocked by manifest config
+}
+
+# AgentEx service filters headers based on agent's manifest
+response = await client.post(send_event_url, json=event_payload, headers=headers)
+```
+
+### Agent Implementation
+
+```python
+# Agent can trust that only declared headers are received
+class CustomACP(BaseACPServer):
+    async def _handle_jsonrpc(self, request: Request):
+        # Only headers from manifest allowlist are present
+        user_email = request.headers.get("x-user-email")          # ✅ Allowed
+        oauth_creds = request.headers.get("x-user-oauth-credentials") # ✅ Allowed
+        admin_token = request.headers.get("x-admin-token")        # ❌ None (blocked)
+        
+        return await super()._handle_jsonrpc(request)
+```
+
+## Security Benefits
+
+### 1. **Secure by Default**
+- No headers forwarded unless explicitly declared in agent manifest
+- Agents can't accidentally receive sensitive headers
+
+### 2. **Clear Intent**
+- Agent manifest documents exactly what context it needs
+- Easy to audit what data each agent accesses
+
+### 3. **Defense in Depth**
+- Application layer + AgentEx service + Agent all participate in security
+- Malicious/buggy applications can't leak headers to wrong agents
+
+### 4. **Principle of Least Privilege**
+- Each agent gets only the headers it explicitly needs
+- System agents can get no custom headers at all
+
+## Example Security Scenarios
+
+```yaml
+# Financial agent - only gets user context, no admin headers
+agent:
+  name: financial-advisor
+  custom_headers:
+    allowed_headers:
+      - "x-user-email"
+      - "x-user-role"    # But NOT x-admin-* headers
+
+# System monitoring - no user context at all  
+agent:
+  name: system-monitor
+  # No custom_headers = completely isolated from user data
+
+# OAuth-enabled agents - get user credentials safely
+agent:
+  name: document-search
+  custom_headers:
+    allowed_headers:
+      - "x-user-email"
+      - "x-user-oauth-credentials"  # Only OAuth, no other sensitive data
+```
+
+## Migration Path
+
+1. **Phase 1**: Deploy AgentEx service changes (backward compatible)
+2. **Phase 2**: Add `custom_headers` to agent manifests that need them  
+3. **Phase 3**: Applications can start sending custom headers
+4. **Phase 4**: Remove any legacy header handling in agents
+
+**Backward Compatibility**: Agents without `custom_headers` config get no headers (secure default).
+
+## Impact Assessment
+
+### Existing Systems Compatibility
+
+✅ **Authentication**: No impact - `x-agent-api-key` is handled at FastAPI level, not forwarded as custom header  
+✅ **Tracing**: No impact - tracing is service-level, not header-based  
+✅ **Existing Agents**: No impact - agents without `custom_headers` config get no custom headers (secure default)  
+✅ **HTTP Infrastructure**: No impact - underlying `agents.rpc()` already supports `extra_headers`
+
+### Change Impact
+
+- **Breaking Changes**: None (secure-by-default for agents without config)
+- **Performance**: Minimal (header filtering is fast pattern matching)
+- **Security**: Major improvement (prevents accidental header leakage)
+- **Complexity**: Medium (requires manifest parsing + filtering logic)
+- **Maintainability**: High (clear intent in version-controlled manifests)
+
+This approach provides **security by design** while maintaining clean APIs and clear agent intent declaration.