From e65acedef0ce8fa6babc869d584a17d31ba8be86 Mon Sep 17 00:00:00 2001 From: lucarlig Date: Wed, 18 Mar 2026 08:30:55 +0000 Subject: [PATCH] chore: add a2a_service under tools_rust (from 1624 branch) Signed-off-by: lucarlig --- .../templates/configmap-nginx-proxy.yaml | 26 + docker-entrypoint.sh | 88 + infra/nginx/nginx.conf | 32 + mcpgateway/main.py | 78 + tools_rust/a2a_service/Cargo.lock | 2315 +++++++++++++++++ tools_rust/a2a_service/Cargo.toml | 46 + tools_rust/a2a_service/Makefile | 33 + tools_rust/a2a_service/benches/invoke.rs | 165 ++ tools_rust/a2a_service/compare_performance.py | 776 ++++++ tools_rust/a2a_service/src/auth.rs | 266 ++ tools_rust/a2a_service/src/circuit.rs | 146 ++ tools_rust/a2a_service/src/config.rs | 92 + tools_rust/a2a_service/src/errors.rs | 127 + tools_rust/a2a_service/src/eviction.rs | 56 + tools_rust/a2a_service/src/http.rs | 334 +++ tools_rust/a2a_service/src/invoker.rs | 993 +++++++ tools_rust/a2a_service/src/lib.rs | 134 + tools_rust/a2a_service/src/main.rs | 48 + tools_rust/a2a_service/src/metrics.rs | 386 +++ tools_rust/a2a_service/src/queue.rs | 399 +++ tools_rust/a2a_service/src/server.rs | 333 +++ tools_rust/a2a_service/tests/integration.rs | 239 ++ 22 files changed, 7112 insertions(+) create mode 100644 tools_rust/a2a_service/Cargo.lock create mode 100644 tools_rust/a2a_service/Cargo.toml create mode 100644 tools_rust/a2a_service/Makefile create mode 100644 tools_rust/a2a_service/benches/invoke.rs create mode 100644 tools_rust/a2a_service/compare_performance.py create mode 100644 tools_rust/a2a_service/src/auth.rs create mode 100644 tools_rust/a2a_service/src/circuit.rs create mode 100644 tools_rust/a2a_service/src/config.rs create mode 100644 tools_rust/a2a_service/src/errors.rs create mode 100644 tools_rust/a2a_service/src/eviction.rs create mode 100644 tools_rust/a2a_service/src/http.rs create mode 100644 tools_rust/a2a_service/src/invoker.rs create mode 100644 tools_rust/a2a_service/src/lib.rs create mode 100644 tools_rust/a2a_service/src/main.rs create mode 100644 tools_rust/a2a_service/src/metrics.rs create mode 100644 tools_rust/a2a_service/src/queue.rs create mode 100644 tools_rust/a2a_service/src/server.rs create mode 100644 tools_rust/a2a_service/tests/integration.rs diff --git a/charts/mcp-stack/templates/configmap-nginx-proxy.yaml b/charts/mcp-stack/templates/configmap-nginx-proxy.yaml index 35cdb248d4..d719e1c053 100644 --- a/charts/mcp-stack/templates/configmap-nginx-proxy.yaml +++ b/charts/mcp-stack/templates/configmap-nginx-proxy.yaml @@ -41,6 +41,13 @@ data: keepalive 32; } + # A2A API: prefer Rust sidecar when enabled, fallback to Python gateway. + upstream a2a_upstream { + server {{ $gatewayServiceName }}:8790; + server {{ $gatewayServiceName }}:{{ $gatewayServicePort }} backup; + keepalive 32; + } + server { listen 80; @@ -78,6 +85,25 @@ data: proxy_pass http://gateway_upstream; } + location ~ ^/a2a(/|$) { + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $forwarded_proto; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header Connection ""; + + proxy_cache off; + + proxy_connect_timeout 30s; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout {{ .Values.nginxProxy.config.sendTimeout }}; + + proxy_pass http://a2a_upstream; + } + location / { proxy_http_version 1.1; proxy_set_header Host $http_host; diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index f7fe94db54..377a149af7 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -30,6 +30,18 @@ MCP_RUST_AFFINITY_CORE_ENABLED="${MCP_RUST_AFFINITY_CORE_ENABLED:-}" MCP_RUST_SESSION_AUTH_REUSE_ENABLED="${MCP_RUST_SESSION_AUTH_REUSE_ENABLED:-}" MCP_RUST_SESSION_AUTH_REUSE_TTL_SECONDS="${MCP_RUST_SESSION_AUTH_REUSE_TTL_SECONDS:-}" +# Rust A2A sidecar mode (mirrors MCP runtime approach). +RUST_A2A_MODE="${RUST_A2A_MODE:-off}" +CONTEXTFORGE_ENABLE_RUST_A2A_BUILD="${CONTEXTFORGE_ENABLE_RUST_A2A_BUILD:-${CONTEXTFORGE_ENABLE_RUST_BUILD:-false}}" +A2A_RUST_LISTEN_HTTP="${A2A_RUST_LISTEN_HTTP:-}" +A2A_RUST_BACKEND_BASE_URL="${A2A_RUST_BACKEND_BASE_URL:-}" +A2A_RUST_AUTH_SECRET="${A2A_RUST_AUTH_SECRET:-}" +A2A_RUST_MAX_CONCURRENT="${A2A_RUST_MAX_CONCURRENT:-}" +A2A_RUST_MAX_QUEUED="${A2A_RUST_MAX_QUEUED:-}" +A2A_RUST_INVOKE_TIMEOUT_SECS="${A2A_RUST_INVOKE_TIMEOUT_SECS:-}" + +RUST_A2A_PID="" + SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" cd "${SCRIPT_DIR}" || { echo "ERROR: Cannot change to script directory: ${SCRIPT_DIR}" @@ -191,12 +203,74 @@ cleanup() { pids+=("${RUST_MCP_PID}") fi + if [[ -n "${RUST_A2A_PID}" ]] && kill -0 "${RUST_A2A_PID}" 2>/dev/null; then + pids+=("${RUST_A2A_PID}") + fi + if [[ ${#pids[@]} -gt 0 ]]; then kill "${pids[@]}" 2>/dev/null || true wait "${pids[@]}" 2>/dev/null || true fi } +start_managed_rust_a2a_service() { + local runtime_bin="/app/bin/a2a-service" + local rust_listen_http="${A2A_RUST_LISTEN_HTTP:-127.0.0.1:8790}" + local backend_base_url="${A2A_RUST_BACKEND_BASE_URL:-http://127.0.0.1:${PORT:-4444}}" + + if [[ "${CONTEXTFORGE_ENABLE_RUST_A2A_BUILD}" != "true" ]]; then + echo "ERROR: RUST_A2A_MODE enabled but this image was built without Rust A2A artifacts." + echo "Rebuild with the Rust A2A binary included, or set RUST_A2A_MODE=off." + exit 1 + fi + + if [[ ! -x "${runtime_bin}" ]]; then + echo "ERROR: Rust A2A service binary not found at ${runtime_bin}" + exit 1 + fi + + export A2A_RUST_LISTEN_HTTP="${rust_listen_http}" + export A2A_RUST_BACKEND_BASE_URL="${backend_base_url}" + if [[ -n "${A2A_RUST_AUTH_SECRET}" ]]; then + export A2A_RUST_AUTH_SECRET="${A2A_RUST_AUTH_SECRET}" + fi + if [[ -n "${A2A_RUST_MAX_CONCURRENT}" ]]; then + export A2A_RUST_MAX_CONCURRENT="${A2A_RUST_MAX_CONCURRENT}" + fi + if [[ -n "${A2A_RUST_MAX_QUEUED}" ]]; then + export A2A_RUST_MAX_QUEUED="${A2A_RUST_MAX_QUEUED}" + fi + if [[ -n "${A2A_RUST_INVOKE_TIMEOUT_SECS}" ]]; then + export A2A_RUST_INVOKE_TIMEOUT_SECS="${A2A_RUST_INVOKE_TIMEOUT_SECS}" + fi + + echo "Starting Rust A2A service on ${A2A_RUST_LISTEN_HTTP} (backend: ${A2A_RUST_BACKEND_BASE_URL})..." + "${runtime_bin}" & + RUST_A2A_PID=$! + + python3 - <<'PY' +import os +import sys +import time +import urllib.error +import urllib.request + +listen = os.environ.get("A2A_RUST_LISTEN_HTTP", "127.0.0.1:8790") +health_url = f"http://{listen}/health" + +for _ in range(60): + try: + with urllib.request.urlopen(health_url, timeout=2) as response: + if response.status == 200: + sys.exit(0) + except (OSError, urllib.error.URLError): + time.sleep(0.5) + +print(f\"ERROR: Rust A2A service failed health check at {health_url}\", file=sys.stderr) +sys.exit(1) +PY +} + print_mcp_runtime_mode() { local runtime_mode="python" local upstream_client_mode="native" @@ -386,6 +460,20 @@ apply_rust_mcp_mode_defaults build_server_command "$@" print_mcp_runtime_mode +case "${RUST_A2A_MODE,,}" in + ""|off) + ;; + shadow|edge) + trap cleanup EXIT INT TERM + start_managed_rust_a2a_service + ;; + *) + echo "ERROR: Unknown RUST_A2A_MODE value: ${RUST_A2A_MODE}" + echo "Valid options: off, shadow, edge" + exit 1 + ;; +esac + if [[ "${EXPERIMENTAL_RUST_MCP_RUNTIME_ENABLED}" = "true" && "${EXPERIMENTAL_RUST_MCP_RUNTIME_MANAGED}" = "true" ]]; then trap cleanup EXIT INT TERM start_managed_rust_mcp_runtime diff --git a/infra/nginx/nginx.conf b/infra/nginx/nginx.conf index b44702e757..0cd22a24c8 100644 --- a/infra/nginx/nginx.conf +++ b/infra/nginx/nginx.conf @@ -180,6 +180,17 @@ http { keepalive_timeout 60s; } + # A2A HTTP API: prefer Rust sidecar when enabled, fallback to Python gateway. + # Mirrors the MCP transport pattern above. + upstream a2a_backend { + least_conn; + server gateway:8790 max_fails=0; + server gateway:4444 max_fails=0 backup; + keepalive 512; + keepalive_requests 100000; + keepalive_timeout 60s; + } + # ============================================================ # SSL Backend Configuration (for HTTPS gateway backend) # ============================================================ @@ -592,6 +603,27 @@ http { proxy_read_timeout 1h; } + # A2A HTTP API: route to Rust sidecar (when enabled), fallback to Python gateway. + location ~ ^/a2a(/|$) { + proxy_pass http://a2a_backend; + + proxy_http_version 1.1; + proxy_set_header Connection ''; + + # Proxy headers + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $forwarded_proto; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_connect_timeout 30s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + + proxy_cache off; + } + # ============================================================ # JSON-RPC Endpoint - No Caching # ============================================================ diff --git a/mcpgateway/main.py b/mcpgateway/main.py index 73f051739f..3fb26945e8 100644 --- a/mcpgateway/main.py +++ b/mcpgateway/main.py @@ -8344,6 +8344,84 @@ async def handle_internal_mcp_prompts_get_authz(request: Request): ) +async def _authorize_internal_a2a_method( + request: Request, + *, + permission: str, + method: str, +) -> Response: + """Authorize a trusted internal A2A method for Rust module execution. + + A2A is not server-scoped like MCP. We still enforce both token-scope caps and RBAC + via the same core authorization machinery used by internal MCP authz endpoints. + + Args: + request: Trusted internal authz request. + permission: Permission required for the operation. + method: Method label used for permission error reporting. + + Returns: + Empty 204 response when authorized; otherwise a JSON error response. + """ + db = SessionLocal() + try: + await _authorize_internal_mcp_request( + request, + db, + permission=permission, + method=method, + ) + if db.is_active and db.in_transaction() is not None: + db.commit() + return Response(status_code=status.HTTP_204_NO_CONTENT) + except JSONRPCError as exc: + return ORJSONResponse(status_code=403, content={"code": exc.code, "message": exc.message, "data": exc.data}) + except Exception: + try: + db.rollback() + except Exception: + try: + db.invalidate() + except Exception: + pass # nosec B110 - Best effort cleanup on connection failure + raise + finally: + db.close() + + +@utility_router.post("/_internal/a2a/list/authz/") +@utility_router.post("/_internal/a2a/list/authz") +async def handle_internal_a2a_list_authz(request: Request): + """Authorize trusted A2A list requests for Rust module execution.""" + return await _authorize_internal_a2a_method( + request, + permission="a2a.read", + method="a2a/list", + ) + + +@utility_router.post("/_internal/a2a/get/authz/") +@utility_router.post("/_internal/a2a/get/authz") +async def handle_internal_a2a_get_authz(request: Request): + """Authorize trusted A2A get requests for Rust module execution.""" + return await _authorize_internal_a2a_method( + request, + permission="a2a.read", + method="a2a/get", + ) + + +@utility_router.post("/_internal/a2a/invoke/authz/") +@utility_router.post("/_internal/a2a/invoke/authz") +async def handle_internal_a2a_invoke_authz(request: Request): + """Authorize trusted A2A invoke requests for Rust module execution.""" + return await _authorize_internal_a2a_method( + request, + permission="a2a.invoke", + method="a2a/invoke", + ) + + async def _maybe_forward_affinitized_rpc_request( request: Request, *, diff --git a/tools_rust/a2a_service/Cargo.lock b/tools_rust/a2a_service/Cargo.lock new file mode 100644 index 0000000000..6bc7e3595c --- /dev/null +++ b/tools_rust/a2a_service/Cargo.lock @@ -0,0 +1,2315 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "a2a_service" +version = "1.0.0-BETA.2" +dependencies = [ + "aes-gcm", + "axum", + "base64", + "bytes", + "clap", + "criterion", + "dashmap", + "futures", + "http-body-util", + "log", + "reqwest", + "serde", + "serde_json", + "sha2", + "thiserror", + "tokio", + "tower", + "tracing", + "tracing-subscriber", + "url", + "wiremock", +] + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "alloca" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5a7d05ea6aea7e9e64d25b9156ba2fee3fdd659e34e41063cd2fc7cd020d7f4" +dependencies = [ + "cc", +] + +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys", +] + +[[package]] +name = "assert-json-diff" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47e4f2b81832e72834d7518d8487a0396a28cc408186a2e8854c0f98011faf12" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "axum" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8" +dependencies = [ + "axum-core", + "bytes", + "form_urlencoded", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "serde_core", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cast" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" + +[[package]] +name = "cc" +version = "1.2.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a0dd1ca384932ff3641c8718a02769f1698e7563dc6974ffd03346116310423" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "clap" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1110bd8a634a1ab8cb04345d8d878267d57c3cf1b38d91b71af6686408bbca6a" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "criterion" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "950046b2aa2492f9a536f5f4f9a3de7b9e2476e575e05bd6c333371add4d98f3" +dependencies = [ + "alloca", + "anes", + "cast", + "ciborium", + "clap", + "criterion-plot", + "itertools", + "num-traits", + "oorandom", + "page_size", + "plotters", + "rayon", + "regex", + "serde", + "serde_json", + "tinytemplate", + "walkdir", +] + +[[package]] +name = "criterion-plot" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8d80a2f4f5b554395e47b5d8305bc3d27813bacb73493eb1001e8f76dae29ea" +dependencies = [ + "cast", + "itertools", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "rand_core", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "dashmap" +version = "6.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" +dependencies = [ + "cfg-if", + "crossbeam-utils", + "hashbrown 0.14.5", + "lock_api", + "once_cell", + "parking_lot_core", +] + +[[package]] +name = "deadpool" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0be2b1d1d6ec8d846f05e137292d0b89133caf95ef33695424c09568bdd39b1b" +dependencies = [ + "deadpool-runtime", + "lazy_static", + "num_cpus", + "tokio", +] + +[[package]] +name = "deadpool-runtime" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "092966b41edc516079bdf31ec78a2e0588d1d0c08f78b91d8307215928642b2b" + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "fastrand" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-executor" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" + +[[package]] +name = "futures-macro" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "slab", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "h2" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +dependencies = [ + "atomic-waker", + "bytes", + "fnv", + "futures-core", + "futures-sink", + "http", + "indexmap", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "half" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b" +dependencies = [ + "cfg-if", + "crunchy", + "zerocopy", +] + +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" + +[[package]] +name = "http" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "h2", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "pin-utils", + "smallvec", + "tokio", + "want", +] + +[[package]] +name = "hyper-tls" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" +dependencies = [ + "bytes", + "http-body-util", + "hyper", + "hyper-util", + "native-tls", + "tokio", + "tokio-native-tls", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "base64", + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "ipnet", + "libc", + "percent-encoding", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", +] + +[[package]] +name = "icu_collections" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43" +dependencies = [ + "displaydoc", + "potential_utf", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" + +[[package]] +name = "icu_properties" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" + +[[package]] +name = "icu_provider" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +dependencies = [ + "equivalent", + "hashbrown 0.16.1", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + +[[package]] +name = "ipnet" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" + +[[package]] +name = "iri-string" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" +dependencies = [ + "memchr", + "serde", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" + +[[package]] +name = "js-sys" +version = "0.3.91" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b49715b7073f385ba4bc528e5747d02e66cb39c6146efb66b781f131f0fb399c" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litemap" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + +[[package]] +name = "matchit" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "mio" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +dependencies = [ + "libc", + "wasi", + "windows-sys", +] + +[[package]] +name = "native-tls" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "465500e14ea162429d264d44189adc38b199b62b1c21eea9f69e4b73cb03bbf2" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "num_cpus" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "oorandom" +version = "11.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "openssl" +version = "0.10.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-probe" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" + +[[package]] +name = "openssl-sys" +version = "0.9.112" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "page_size" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30d5b2194ed13191c1999ae0704b7839fb18384fa22e49b57eeaa97d79ce40da" +dependencies = [ + "libc", + "winapi", +] + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "plotters" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" +dependencies = [ + "num-traits", + "plotters-backend", + "plotters-svg", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "plotters-backend" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" + +[[package]] +name = "plotters-svg" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" +dependencies = [ + "plotters-backend", +] + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "potential_utf" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77" +dependencies = [ + "zerovec", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rayon" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "reqwest" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab3f43e3283ab1488b624b44b0e988d0acea0b3214e694730a055cb6b2efa801" +dependencies = [ + "base64", + "bytes", + "futures-core", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-tls", + "hyper-util", + "js-sys", + "log", + "native-tls", + "percent-encoding", + "pin-project-lite", + "rustls-pki-types", + "serde", + "serde_json", + "sync_wrapper", + "tokio", + "tokio-native-tls", + "tokio-util", + "tower", + "tower-http", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "wasm-streams", + "web-sys", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" +dependencies = [ + "zeroize", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "schannel" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "security-framework" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" +dependencies = [ + "futures-core", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tempfile" +version = "3.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +dependencies = [ + "fastrand", + "getrandom 0.3.4", + "once_cell", + "rustix", + "windows-sys", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "tinystr" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinytemplate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys", +] + +[[package]] +name = "tokio-macros" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-http" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +dependencies = [ + "bitflags", + "bytes", + "futures-util", + "http", + "http-body", + "iri-string", + "pin-project-lite", + "tower", + "tower-layer", + "tower-service", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex-automata", + "sharded-slab", + "smallvec", + "thread_local", + "tracing", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "typenum" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.1+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6532f9a5c1ece3798cb1c2cfdba640b9b3ba884f5db45973a6f442510a87d38e" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9c5522b3a28661442748e09d40924dfb9ca614b21c00d3fd135720e48b67db8" +dependencies = [ + "cfg-if", + "futures-util", + "js-sys", + "once_cell", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18a2d50fcf105fb33bb15f00e7a77b772945a2ee45dcf454961fd843e74c18e6" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03ce4caeaac547cdf713d280eda22a730824dd11e6b8c3ca9e42247b25c631e3" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75a326b8c223ee17883a4251907455a2431acc2791c98c26279376490c378c16" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-streams" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1ec4f6517c9e11ae630e200b2b65d193279042e28edd4a2cda233e46670bbb" +dependencies = [ + "futures-util", + "js-sys", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", +] + +[[package]] +name = "web-sys" +version = "0.3.91" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "854ba17bb104abfb26ba36da9729addc7ce7f06f5c0f90f3c391f8461cca21f9" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "wiremock" +version = "0.6.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08db1edfb05d9b3c1542e521aea074442088292f00b5f28e435c714a98f85031" +dependencies = [ + "assert-json-diff", + "base64", + "deadpool", + "futures", + "http", + "http-body-util", + "hyper", + "hyper-util", + "log", + "once_cell", + "regex", + "serde", + "serde_json", + "tokio", + "url", +] + +[[package]] +name = "wit-bindgen" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" + +[[package]] +name = "writeable" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" + +[[package]] +name = "yoke" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2578b716f8a7a858b7f02d5bd870c14bf4ddbbcf3a4c05414ba6503640505e3" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e6cc098ea4d3bd6246687de65af3f920c430e236bee1e3bf2e441463f08a02f" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" + +[[package]] +name = "zerotrie" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/tools_rust/a2a_service/Cargo.toml b/tools_rust/a2a_service/Cargo.toml new file mode 100644 index 0000000000..f95c4a552c --- /dev/null +++ b/tools_rust/a2a_service/Cargo.toml @@ -0,0 +1,46 @@ +[package] +name = "a2a_service" +version = "1.0.0-BETA.2" +edition = "2024" +rust-version = "1.85" +license = "Apache-2.0" +authors = ["ContextForge Contributors"] +repository = "https://github.com/contextforge/mcp-context-forge" +description = "High-performance A2A agent invocation service (standalone Axum HTTP)" + +[[bin]] +name = "a2a-service" +path = "src/main.rs" + +[lib] +name = "a2a_service" +path = "src/lib.rs" + +[dependencies] +axum = "0.8.8" +bytes = "1.11" +futures = "0.3" +log = "0.4" +reqwest = { version = "0.13.2", default-features = false, features = ["json", "stream", "native-tls"] } +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +thiserror = "2.0" +tokio = { version = "1.50", features = ["full"] } +tracing = "0.1" +tracing-subscriber = { version = "0.3", features = ["env-filter"] } +dashmap = "6.1" +url = "2.5" +aes-gcm = "0.10" +base64 = "0.22" +sha2 = "0.10" +clap = { version = "4.5", features = ["derive", "env"] } + +[dev-dependencies] +criterion = "0.8.2" +http-body-util = "0.1" +tower = { version = "0.5.3", features = ["util"] } +wiremock = "0.6" + +[[bench]] +name = "invoke" +harness = false diff --git a/tools_rust/a2a_service/Makefile b/tools_rust/a2a_service/Makefile new file mode 100644 index 0000000000..e308f8aa9e --- /dev/null +++ b/tools_rust/a2a_service/Makefile @@ -0,0 +1,33 @@ +# A2A Rust service: build, test, coverage. +# Usage: make test, make coverage, make coverage-check + +.PHONY: test test-unit test-integration coverage coverage-check build clean + +CARGO ?= cargo + +test: test-unit test-integration + +test-unit: + $(CARGO) test --lib + +test-integration: + $(CARGO) test --test integration + +build: + $(CARGO) build --release + +clean: + $(CARGO) clean + +# Generate HTML coverage report. Install cargo-llvm-cov if missing. +# Run after implementation is done; use coverage-check to enforce 100%. +coverage: + @command -v cargo-llvm-cov >/dev/null 2>&1 || { echo "Installing cargo-llvm-cov..."; $(CARGO) install cargo-llvm-cov; } + $(CARGO) llvm-cov --html --ignore-filename-regex 'tests/' + @echo "Coverage report: target/llvm-cov/html/index.html" + +# Run tests with coverage and fail if any line is uncovered (100% line coverage). +# Use once implementation is complete: make coverage-check +coverage-check: + @command -v cargo-llvm-cov >/dev/null 2>&1 || { echo "Installing cargo-llvm-cov..."; $(CARGO) install cargo-llvm-cov; } + $(CARGO) llvm-cov --lib --test integration --no-clean --fail-uncovered-lines 0 --ignore-filename-regex 'tests/' diff --git a/tools_rust/a2a_service/benches/invoke.rs b/tools_rust/a2a_service/benches/invoke.rs new file mode 100644 index 0000000000..fb7b93069e --- /dev/null +++ b/tools_rust/a2a_service/benches/invoke.rs @@ -0,0 +1,165 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +// Benchmarks for A2A invoker: single-request latency (overhead), batch throughput, +// and auth decryption (decrypt_auth / decrypt_map_values). + +use std::collections::HashMap; +use std::sync::Arc; +use std::time::Duration; + +use aes_gcm::{ + Aes256Gcm, + aead::{Aead, KeyInit}, +}; +use base64::Engine; +use criterion::{BenchmarkId, Criterion, Throughput, criterion_group, criterion_main}; +use reqwest::Client; +use sha2::{Digest, Sha256}; +use wiremock::matchers::{method, path}; +use wiremock::{Mock, MockServer, ResponseTemplate}; + +use a2a_service::{ + A2AInvokeRequest, A2AInvoker, MetricsCollector, decrypt_auth, decrypt_map_values, +}; + +/// Produce a valid encrypted blob (same format as Python encode_auth) for benchmarking decrypt. +fn make_encrypted_blob(secret: &str, payload: &str) -> String { + let key = Sha256::digest(secret.as_bytes()); + let cipher = Aes256Gcm::new_from_slice(key.as_slice()).unwrap(); + let nonce: [u8; 12] = [0u8; 12]; // fixed for reproducibility + let ciphertext = cipher.encrypt((&nonce).into(), payload.as_bytes()).unwrap(); + let mut combined = nonce.to_vec(); + combined.extend_from_slice(&ciphertext); + base64::engine::general_purpose::URL_SAFE.encode(combined) +} + +async fn run_single(invoker: &A2AInvoker, url: &str, timeout: Duration) -> usize { + let requests = vec![A2AInvokeRequest { + id: 0, + url: url.to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }]; + let results = invoker.invoke(requests, timeout).await; + results.len() +} + +async fn run_batch(invoker: &A2AInvoker, url: &str, n: usize, timeout: Duration) -> usize { + let requests: Vec = (0..n) + .map(|i| A2AInvokeRequest { + id: i, + url: url.to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }) + .collect(); + let results = invoker.invoke(requests, timeout).await; + results.len() +} + +fn bench_invoke_overhead(c: &mut Criterion) { + let rt = tokio::runtime::Runtime::new().unwrap(); + let body = r#"{"jsonrpc":"2.0","result":{}}"#; + rt.block_on(async { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/")) + .respond_with( + ResponseTemplate::new(200).set_body_raw(body.as_bytes(), "application/json"), + ) + .mount(&mock) + .await; + let client = Client::builder().build().unwrap(); + let metrics = Arc::new(MetricsCollector::new()); + let invoker = A2AInvoker::new(client, metrics); + let url = mock.uri(); + let timeout = Duration::from_secs(5); + + let mut group = c.benchmark_group("invoke_overhead"); + group.sample_size(100); + group.measurement_time(Duration::from_secs(5)); + group.bench_function("single_request_latency", |b| { + b.iter(|| rt.block_on(run_single(&invoker, &url, timeout))) + }); + group.finish(); + }); +} + +fn bench_invoke_throughput(c: &mut Criterion) { + let rt = tokio::runtime::Runtime::new().unwrap(); + let body = r#"{"jsonrpc":"2.0","result":{}}"#; + rt.block_on(async { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/")) + .respond_with( + ResponseTemplate::new(200).set_body_raw(body.as_bytes(), "application/json"), + ) + .mount(&mock) + .await; + let client = Client::builder().build().unwrap(); + let metrics = Arc::new(MetricsCollector::new()); + let invoker = A2AInvoker::new(client, metrics); + let url = mock.uri(); + let timeout = Duration::from_secs(30); + + let mut group = c.benchmark_group("invoke_throughput"); + for n in [100, 1_000, 10_000] { + group.throughput(Throughput::Elements(n as u64)); + group.sample_size(10); + group.measurement_time(Duration::from_secs(10)); + group.bench_with_input(BenchmarkId::new("batch_concurrent", n), &n, |b, &n| { + b.iter(|| rt.block_on(run_batch(&invoker, &url, n, timeout))) + }); + } + group.finish(); + }); +} + +fn bench_auth_decrypt(c: &mut Criterion) { + const SECRET: &str = "bench-secret-32-bytes-long!!!!!!!!"; + let payload = r#"{"Authorization":"Bearer test-token"}"#; + let blob = make_encrypted_blob(SECRET, payload); + + let mut group = c.benchmark_group("auth_decrypt"); + group.sample_size(1000); + group.bench_function("decrypt_auth_single", |b| { + b.iter(|| decrypt_auth(&blob, SECRET).unwrap()) + }); + + // decrypt_map_values with one entry (value = encrypted blob) + let enc_map: HashMap = [("auth".to_string(), blob.clone())].into(); + group.bench_function("decrypt_map_values_single", |b| { + b.iter(|| decrypt_map_values(&enc_map, SECRET).unwrap()) + }); + + let enc_map_10: HashMap = + (0..10).map(|i| (format!("k{}", i), blob.clone())).collect(); + group.throughput(Throughput::Elements(10)); + group.bench_function("decrypt_map_values_10", |b| { + b.iter(|| decrypt_map_values(&enc_map_10, SECRET).unwrap()) + }); + group.finish(); +} + +criterion_group!( + name = benches; + config = Criterion::default(); + targets = bench_invoke_overhead, bench_invoke_throughput, bench_auth_decrypt +); +criterion_main!(benches); diff --git a/tools_rust/a2a_service/compare_performance.py b/tools_rust/a2a_service/compare_performance.py new file mode 100644 index 0000000000..cfc4e5e35f --- /dev/null +++ b/tools_rust/a2a_service/compare_performance.py @@ -0,0 +1,776 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +"""Realistic Rust vs Python benchmarks for the A2A invoke service. + +This comparison focuses on the Phase 2 invoke path, where language/runtime +choices matter most: + +- `rust_batch`: the production Rust queue + invoker path +- `python_serial`: the current Python fallback path + +Scenarios use a real threaded HTTP server, realistic JSON payload sizes, +encrypted auth, and duplicate request IDs so the benchmark reflects actual A2A +service behavior instead of an in-memory microbenchmark. + +Latency assumptions used for the benchmark suite: + +| Scenario type | Typical latency | +| --- | --- | +| Fast synchronous tool-like agent | ~50-200 ms | +| Typical production A2A request | ~100-800 ms | +| Agent calling an LLM or complex pipeline | 1-5+ seconds | +| Long-running task (async with streaming/polling) | seconds to minutes | + +The `single` scenario intentionally stays near-zero-latency to measure +fixed invoke overhead. All multi-request scenarios are latency-bearing. +""" + +from __future__ import annotations + +import argparse +import asyncio +import json +import logging +import statistics +import sys +import threading +import time +from contextlib import contextmanager +from dataclasses import asdict, dataclass +from datetime import datetime, timezone +from http.server import BaseHTTPRequestHandler, HTTPServer +from pathlib import Path +from socketserver import ThreadingMixIn +from typing import Any, Callable + +import httpx +from pydantic import SecretStr + +REPO_ROOT = Path(__file__).resolve().parents[4] +if str(REPO_ROOT) not in sys.path: + sys.path.insert(0, str(REPO_ROOT)) + +for noisy_logger in ( + "httpx", + "httpcore", + "mcpgateway", + "mcpgateway.config", + "mcpgateway.services.http_client_service", + "mcpgateway.services.metrics_buffer_service", + "a2a_service.queue", +): + logging.getLogger(noisy_logger).setLevel(logging.CRITICAL) + +import mcpgateway.config as config_mod +import mcpgateway.services.a2a_service as a2a_service_mod +import mcpgateway.services.metrics_buffer_service as metrics_buffer_mod +from mcpgateway.config import settings +from mcpgateway.services.a2a_service import A2AAgentService +from mcpgateway.services.http_client_service import SharedHttpClient +from mcpgateway.utils.services_auth import encode_auth + +AUTH_SECRET = "a2a-benchmark-secret-32-bytes-minimum" +RUST_A2A_URL = "http://127.0.0.1:8790/invoke" + + +def _benchmark_max_concurrency() -> int: + return settings.httpx_max_connections + + +@dataclass(frozen=True) +class Scenario: + name: str + batch_size: int + request_bytes: int + response_bytes: int + submission_mode: str = "batch" + slow: bool = False + delay_ms: int | None = None + delay_range_ms: tuple[int, int] | None = None + duplicate_factor: int = 1 + batch_repetitions: int = 1 + auth_modes: tuple[bool, ...] = (False, True) + metrics_modes: tuple[bool, ...] = (False, True) + iterations: int = 10 + warmup: int = 2 + + +@dataclass +class LaneResult: + scenario: str + lane: str + auth_enabled: bool + metrics_enabled: bool + iterations: int + mean_ms: float + median_ms: float + min_ms: float + max_ms: float + p95_ms: float + upstream_calls_per_iter: float + + +@dataclass +class ScenarioSpeedup: + scenario: str + auth_enabled: bool + metrics_enabled: bool + rust_median_ms: float + python_median_ms: float + rust_p95_ms: float + python_p95_ms: float + speedup_x: float + tier: str + + +SCENARIOS = [ + Scenario( + "single", + batch_size=1, + request_bytes=1024, + response_bytes=512, + delay_ms=0, + iterations=80, + warmup=10, + ), + Scenario( + "batch_16_fast_sync", + batch_size=16, + request_bytes=1024, + response_bytes=512, + delay_range_ms=(50, 200), + auth_modes=(True,), + metrics_modes=(True,), + iterations=6, + warmup=1, + ), + Scenario( + "batch_32_typical", + batch_size=32, + request_bytes=2048, + response_bytes=1024, + delay_range_ms=(100, 800), + iterations=3, + warmup=1, + ), + Scenario( + "batch_32_typical_dup4", + batch_size=32, + request_bytes=2048, + response_bytes=1024, + delay_range_ms=(100, 800), + duplicate_factor=4, + auth_modes=(True,), + metrics_modes=(True,), + iterations=3, + warmup=1, + ), + Scenario( + "batch_128_typical", + batch_size=128, + request_bytes=4096, + response_bytes=2048, + delay_range_ms=(100, 800), + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), + Scenario( + "single_x128_typical_slow", + batch_size=1, + request_bytes=4096, + response_bytes=2048, + delay_range_ms=(100, 800), + batch_repetitions=128, + slow=True, + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), + Scenario( + "singles_128_typical", + batch_size=128, + request_bytes=4096, + response_bytes=2048, + submission_mode="single_fanout", + delay_range_ms=(100, 800), + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), + Scenario( + "single_request_burst_1000", + batch_size=1000, + request_bytes=4096, + response_bytes=2048, + submission_mode="single_fanout", + delay_range_ms=(100, 800), + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), + Scenario( + "batch_10x128_typical_slow", + batch_size=128, + request_bytes=4096, + response_bytes=2048, + delay_range_ms=(100, 800), + batch_repetitions=10, + slow=True, + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), + Scenario( + "batch_128_io_100_1000ms", + batch_size=128, + request_bytes=4096, + response_bytes=2048, + delay_range_ms=(100, 1000), + auth_modes=(True,), + metrics_modes=(True,), + iterations=1, + warmup=0, + ), +] + + +def _p95(latencies_ms: list[float]) -> float: + if len(latencies_ms) == 1: + return latencies_ms[0] + return statistics.quantiles(latencies_ms, n=20, method="inclusive")[18] + + +def _make_text(size: int, prefix: str) -> str: + seed = (prefix + " lorem ipsum A2A invoke benchmark ").encode() + repeated = (seed * ((size // len(seed)) + 2))[:size] + return repeated.decode("ascii", errors="ignore") + + +def _make_parameters(index: int, request_bytes: int) -> dict[str, Any]: + body = _make_text(max(256, request_bytes - 512), f"request-{index}") + return { + "query": f"Summarize the downstream task for request {index}", + "conversation": [ + {"role": "system", "content": "You are an A2A benchmark assistant."}, + {"role": "user", "content": body[: len(body) // 2]}, + {"role": "assistant", "content": body[len(body) // 2 :]}, + ], + "metadata": { + "request_index": index, + "tenant": "benchmark-team", + "trace": f"bench-{index:04d}", + }, + } + + +def _make_response_body(size: int) -> bytes: + payload = { + "status": "success", + "response": _make_text(max(128, size - 128), "response"), + "tokens_used": 256, + } + return json.dumps(payload).encode("utf-8") + + +class _ThreadedHTTPServer(ThreadingMixIn, HTTPServer): + daemon_threads = True + + +class _StubAgentState: + def __init__(self, response_body: bytes, delays_s: list[float]) -> None: + self.response_body = response_body + self.delays_s = delays_s + self.request_count = 0 + self.lock = threading.Lock() + + def next_delay(self) -> float: + with self.lock: + self.request_count += 1 + index = self.request_count - 1 + if index < len(self.delays_s): + return self.delays_s[index] + return self.delays_s[-1] if self.delays_s else 0.0 + + def read_count(self) -> int: + with self.lock: + return self.request_count + + +def _build_delay_series(scenario: Scenario) -> list[float]: + expected_calls = ( + scenario.batch_size // scenario.duplicate_factor + ) * scenario.batch_repetitions + if scenario.delay_range_ms is not None: + low_ms, high_ms = scenario.delay_range_ms + if expected_calls <= 1: + return [low_ms / 1000.0] + step = (high_ms - low_ms) / (expected_calls - 1) + return [((low_ms + (step * index)) / 1000.0) for index in range(expected_calls)] + if scenario.delay_ms is not None: + return [scenario.delay_ms / 1000.0] * expected_calls + return [0.0] * expected_calls + + +def _start_stub_agent_server( + scenario: Scenario, +) -> tuple[str, _StubAgentState, Callable[[], None]]: + state = _StubAgentState( + _make_response_body(scenario.response_bytes), _build_delay_series(scenario) + ) + + class StubHandler(BaseHTTPRequestHandler): + def do_POST(self) -> None: # noqa: N802 + content_length = int(self.headers.get("Content-Length", 0)) + if content_length: + self.rfile.read(content_length) + delay_s = state.next_delay() + if delay_s: + time.sleep(delay_s) + self.send_response(200) + self.send_header("Content-Type", "application/json") + self.send_header("Content-Length", str(len(state.response_body))) + self.end_headers() + self.wfile.write(state.response_body) + + def log_message(self, format: str, *args: Any) -> None: # noqa: A003 + return + + server = _ThreadedHTTPServer(("127.0.0.1", 0), StubHandler) + thread = threading.Thread(target=server.serve_forever, daemon=True) + thread.start() + base_url = f"http://127.0.0.1:{server.server_address[1]}/invoke" + + def stop() -> None: + server.shutdown() + server.server_close() + thread.join(timeout=2) + + return base_url, state, stop + + +def _build_payloads( + scenario: Scenario, base_url: str, auth_enabled: bool +) -> list[dict[str, Any]]: + payloads: list[dict[str, Any]] = [] + unique_requests = scenario.batch_size // scenario.duplicate_factor + + for index in range(scenario.batch_size): + request_id = None + if scenario.duplicate_factor > 1: + request_id = f"dup-{index % unique_requests}" + + payload: dict[str, Any] = { + "base_url": base_url, + "parameters": _make_parameters(index, scenario.request_bytes), + "agent_type": "generic", + "agent_protocol_version": "1.0", + "interaction_type": "query", + "agent_name": f"bench-agent-{scenario.name}", + "agent_id": f"{scenario.name}-{index}", + "auth_headers": {}, + "auth_query_params_plain": None, + "auth_query_params_encrypted": None, + "auth_value_encrypted": None, + "request_id": request_id, + } + + if auth_enabled: + payload["auth_query_params_encrypted"] = { + "access_token": encode_auth( + {"access_token": "bench-query-token"}, secret=AUTH_SECRET + ) + } + payload["auth_value_encrypted"] = encode_auth( + {"Authorization": "Bearer bench-header-token"}, secret=AUTH_SECRET + ) + + payloads.append(payload) + + return payloads + + +def _expected_upstream_calls(payloads: list[dict[str, Any]]) -> int: + request_ids = [ + payload.get("request_id") for payload in payloads if "code" not in payload + ] + unique_ids = {request_id for request_id in request_ids if request_id} + without_request_id = sum(1 for request_id in request_ids if not request_id) + return len(unique_ids) + without_request_id + + +def _disable_a2a_logging() -> None: + a2a_service_mod.logger.disabled = True + setattr(a2a_service_mod.structured_logger, "log", lambda *args, **kwargs: None) + + +def _speedup_tier(speedup_x: float) -> str: + if speedup_x >= 10.0: + return ">=10x" + if speedup_x >= 5.0: + return ">=5x" + if speedup_x >= 2.0: + return ">=2x" + if speedup_x >= 1.0: + return "<2x" + return "rust slower" + + +def _build_speedups(results: list[LaneResult]) -> list[ScenarioSpeedup]: + by_scenario: dict[tuple[str, bool, bool], dict[str, LaneResult]] = {} + for result in results: + key = (result.scenario, result.auth_enabled, result.metrics_enabled) + by_scenario.setdefault(key, {})[result.lane] = result + + speedups: list[ScenarioSpeedup] = [] + for (scenario_name, auth_enabled, metrics_enabled), lanes in by_scenario.items(): + rust = lanes.get("rust_batch") + python = lanes.get("python_serial") + if rust is None or python is None: + continue + speedup_x = python.median_ms / rust.median_ms + speedups.append( + ScenarioSpeedup( + scenario=scenario_name, + auth_enabled=auth_enabled, + metrics_enabled=metrics_enabled, + rust_median_ms=rust.median_ms, + python_median_ms=python.median_ms, + rust_p95_ms=rust.p95_ms, + python_p95_ms=python.p95_ms, + speedup_x=speedup_x, + tier=_speedup_tier(speedup_x), + ) + ) + return speedups + + +async def _noop_record_metrics(*args: Any, **kwargs: Any) -> None: + return + + +class _DummyDbSession: + def commit(self) -> None: + return + + +@contextmanager +def _dummy_fresh_db_session(): + yield _DummyDbSession() + + +class _DummyAgent: + enabled = True + last_interaction = None + + +def _setup_metrics_environment() -> None: + metrics_buffer_mod._metrics_buffer_service = ( + metrics_buffer_mod.MetricsBufferService(enabled=True) + ) + a2a_service_mod.fresh_db_session = _dummy_fresh_db_session # type: ignore[assignment] + a2a_service_mod.get_for_update = lambda db, model, agent_id: _DummyAgent() # type: ignore[assignment] + metrics_buffer_mod.fresh_db_session = _dummy_fresh_db_session # type: ignore[assignment] + metrics_buffer_mod.get_for_update = lambda db, model, agent_id: _DummyAgent() # type: ignore[assignment] + + +async def run_rust_lane( + service: A2AAgentService, payloads: list[dict[str, Any]], metrics_enabled: bool +) -> None: + # Call the standalone Rust A2A HTTP service (low-level /invoke endpoint). + # Convert benchmark payloads to the Rust JSON DTO contract. + now = datetime.now(timezone.utc) + requests: list[dict[str, Any]] = [] + for idx, payload in enumerate(payloads): + # Match Python A2A request_data selection logic (good enough for stub server). + if payload["agent_type"] in ["generic", "jsonrpc"] or str(payload["base_url"]).endswith("/"): + request_data = { + "jsonrpc": "2.0", + "method": payload["parameters"].get("method", "message/send"), + "params": payload["parameters"].get("params", payload["parameters"]), + "id": 1, + } + else: + request_data = { + "interaction_type": payload["interaction_type"], + "parameters": payload["parameters"], + "protocol_version": payload["agent_protocol_version"], + } + + requests.append( + { + "id": idx, + "base_url": payload["base_url"], + "body": json.dumps(request_data), + "correlation_id": "bench", + "agent_name": payload.get("agent_name"), + "agent_id": payload.get("agent_id"), + "interaction_type": payload.get("interaction_type"), + "request_id": payload.get("request_id"), + "auth_headers_encrypted": payload.get("auth_value_encrypted"), + "auth_query_params_encrypted": payload.get("auth_query_params_encrypted"), + } + ) + + async with httpx.AsyncClient(timeout=120.0) as client: + resp = await client.post( + RUST_A2A_URL, + json=requests, + headers={"X-Auth-Secret": AUTH_SECRET}, + ) + resp.raise_for_status() + results = resp.json() + + if len(results) != len(payloads): + raise AssertionError(f"Rust returned {len(results)} results for {len(payloads)} payloads") + if any(result.get("status_code") != 200 for result in results): + raise AssertionError("Rust lane produced non-200 responses") + + +async def run_python_serial_lane( + service: A2AAgentService, payloads: list[dict[str, Any]], metrics_enabled: bool +) -> None: + if not metrics_enabled: + service._record_python_invoke_metrics = _noop_record_metrics # type: ignore[method-assign] + results, _ = await service._invoke_phase2_python(payloads) + if len(results) != len(payloads): + raise AssertionError( + f"Python serial returned {len(results)} results for {len(payloads)} payloads" + ) + if any(result.get("status_code") != 200 for result in results): + raise AssertionError("Python serial lane produced non-200 responses") + + +async def _run_submission( + scenario: Scenario, + service: A2AAgentService, + payloads: list[dict[str, Any]], + metrics_enabled: bool, + runner: Callable[ + [A2AAgentService, list[dict[str, Any]], bool], asyncio.Future | Any + ], +) -> None: + if scenario.submission_mode == "batch": + await runner(service, payloads, metrics_enabled) + return + if scenario.submission_mode == "single_fanout": + async def run_one(payload: dict[str, Any]) -> None: + await runner(service, [payload], metrics_enabled) + + await asyncio.gather(*(run_one(payload) for payload in payloads)) + return + raise AssertionError(f"Unsupported submission mode: {scenario.submission_mode}") + + +async def measure_lane( + scenario: Scenario, + lane_name: str, + auth_enabled: bool, + metrics_enabled: bool, + runner: Callable[ + [A2AAgentService, list[dict[str, Any]], bool], asyncio.Future | Any + ], +) -> LaneResult: + base_url, state, stop_server = _start_stub_agent_server(scenario) + payloads = _build_payloads(scenario, base_url, auth_enabled) + expected_calls = _expected_upstream_calls(payloads) * scenario.batch_repetitions + latencies_ms: list[float] = [] + upstream_calls: list[int] = [] + + try: + total_runs = scenario.warmup + scenario.iterations + for run_index in range(total_runs): + service = A2AAgentService() + before = state.read_count() + started = time.perf_counter() + for _ in range(scenario.batch_repetitions): + await _run_submission( + scenario, service, payloads, metrics_enabled, runner + ) + elapsed_ms = (time.perf_counter() - started) * 1000 + after = state.read_count() + delta = after - before + + if delta != expected_calls: + raise AssertionError( + f"{lane_name} scenario {scenario.name} sent {delta} upstream calls; expected {expected_calls}" + ) + + if run_index >= scenario.warmup: + latencies_ms.append(elapsed_ms) + upstream_calls.append(delta) + finally: + stop_server() + + return LaneResult( + scenario=scenario.name, + lane=lane_name, + auth_enabled=auth_enabled, + metrics_enabled=metrics_enabled, + iterations=scenario.iterations, + mean_ms=statistics.mean(latencies_ms), + median_ms=statistics.median(latencies_ms), + min_ms=min(latencies_ms), + max_ms=max(latencies_ms), + p95_ms=_p95(latencies_ms), + upstream_calls_per_iter=statistics.mean(upstream_calls), + ) + + +async def benchmark_scenario(scenario: Scenario) -> list[LaneResult]: + delay_desc = ( + f"{scenario.delay_range_ms[0]}-{scenario.delay_range_ms[1]}ms" + if scenario.delay_range_ms is not None + else f"{scenario.delay_ms}ms" + ) + request_shape = ( + f"batch=1 fanout={scenario.batch_size}" + if scenario.submission_mode == "single_fanout" + else f"batch={scenario.batch_size}" + ) + print(f"\nScenario: {scenario.name}") + print( + f" {request_shape} request={scenario.request_bytes}B response={scenario.response_bytes}B " + f"delay={delay_desc} dup_factor={scenario.duplicate_factor} repeats={scenario.batch_repetitions} " + f"submission={scenario.submission_mode} slow={'yes' if scenario.slow else 'no'}" + ) + if scenario.submission_mode == "single_fanout": + print( + f" note: {scenario.batch_size} independent single-item invokes are submitted to phase 2 together; " + f"Rust queue concurrency is capped at {_benchmark_max_concurrency()} to match the shared HTTP client pool." + ) + elif scenario.name == "single": + print(" note: microbenchmark at ~1 ms; headline speedup uses median because means are easily skewed by outliers.") + lane_results: list[LaneResult] = [] + runners = [ + ("rust_batch", run_rust_lane), + ("python_serial", run_python_serial_lane), + ] + + for auth_enabled in scenario.auth_modes: + for metrics_enabled in scenario.metrics_modes: + print( + f" variant auth={'yes' if auth_enabled else 'no'} metrics={'yes' if metrics_enabled else 'no'}" + ) + variant_results: list[LaneResult] = [] + for lane_name, runner in runners: + print(f" running {lane_name:<14}", end="", flush=True) + result = await measure_lane( + scenario, lane_name, auth_enabled, metrics_enabled, runner + ) + lane_results.append(result) + variant_results.append(result) + print( + f" median={result.median_ms:8.2f} ms mean={result.mean_ms:8.2f} ms p95={result.p95_ms:8.2f} ms" + ) + + serial = next( + result for result in variant_results if result.lane == "python_serial" + ) + rust = next( + result for result in variant_results if result.lane == "rust_batch" + ) + speedup = serial.median_ms / rust.median_ms + print(f" speedup vs python_serial (median): rust={speedup:6.2f}x") + return lane_results + + +def _print_summary(results: list[LaneResult]) -> None: + speedups = _build_speedups(results) + scenarios_by_name = {scenario.name: scenario for scenario in SCENARIOS} + print("\n" + "=" * 132) + print( + f"{'Scenario':<28} {'Mode':<12} {'Slow':>6} {'Auth':>6} {'Metrics':>8} {'Rust median':>12} " + f"{'Python median':>14} {'Speedup':>10} {'Tier':>10} {'Rust p95':>10} {'Py p95':>10}" + ) + print("-" * 132) + for speedup in speedups: + scenario = scenarios_by_name[speedup.scenario] + print( + f"{speedup.scenario:<28} {scenario.submission_mode:<12} {('yes' if scenario.slow else 'no'):>6} " + f"{str(speedup.auth_enabled):>6} {str(speedup.metrics_enabled):>8} " + f"{speedup.rust_median_ms:>12.2f} {speedup.python_median_ms:>14.2f} " + f"{speedup.speedup_x:>9.2f}x {speedup.tier:>10} {speedup.rust_p95_ms:>10.2f} {speedup.python_p95_ms:>10.2f}" + ) + print("=" * 132) + + print("\n" + "=" * 142) + print( + f"{'Scenario':<26} {'Mode':<12} {'Auth':>6} {'Metrics':>8} {'Lane':<16} {'Mean (ms)':>10} " + f"{'P95 (ms)':>10} {'Median':>10} {'Min':>10} {'Max':>10} {'Upstream':>10}" + ) + print("-" * 142) + for result in results: + scenario = scenarios_by_name[result.scenario] + print( + f"{result.scenario:<26} {scenario.submission_mode:<12} {str(result.auth_enabled):>6} {str(result.metrics_enabled):>8} {result.lane:<16} " + f"{result.mean_ms:>10.2f} {result.p95_ms:>10.2f} " + f"{result.median_ms:>10.2f} {result.min_ms:>10.2f} {result.max_ms:>10.2f} " + f"{result.upstream_calls_per_iter:>10.2f}" + ) + print("=" * 142) + + +async def _async_main(selected_scenarios: set[str], output: Path | None) -> int: + _disable_a2a_logging() + _setup_metrics_environment() + real_settings = config_mod.get_settings() + real_settings.auth_encryption_secret = SecretStr(AUTH_SECRET) + config_mod.get_settings = lambda: real_settings # type: ignore[assignment] + # Caller is responsible for starting the Rust A2A HTTP service separately. + + results: list[LaneResult] = [] + try: + for scenario in SCENARIOS: + if selected_scenarios and scenario.name not in selected_scenarios: + continue + results.extend(await benchmark_scenario(scenario)) + finally: + await SharedHttpClient.shutdown() + + _print_summary(results) + + if output is not None: + output.parent.mkdir(parents=True, exist_ok=True) + output.write_text( + json.dumps([asdict(result) for result in results], indent=2), + encoding="utf-8", + ) + print(f"\nSaved JSON results to {output}") + + return 0 + + +def parse_args() -> argparse.Namespace: + parser = argparse.ArgumentParser( + description="Benchmark Rust vs Python A2A invoke performance" + ) + parser.add_argument( + "--scenario", + action="append", + default=[], + help="Scenario name to run. Repeat to select multiple scenarios. Default: run all.", + ) + parser.add_argument( + "--output", + type=Path, + help="Optional JSON output path for benchmark results.", + ) + return parser.parse_args() + + +def main() -> int: + args = parse_args() + print("A2A invoke performance comparison") + print(f"Rust extension: available, max concurrency={_benchmark_max_concurrency()}") + print("Lanes: rust_batch, python_serial") + return asyncio.run(_async_main(set(args.scenario), args.output)) + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/tools_rust/a2a_service/src/auth.rs b/tools_rust/a2a_service/src/auth.rs new file mode 100644 index 0000000000..a9840f4855 --- /dev/null +++ b/tools_rust/a2a_service/src/auth.rs @@ -0,0 +1,266 @@ +//! Auth application for A2A outbound requests. +//! +//! When an auth secret is configured at queue init, this module decrypts encrypted auth blobs +//! (matching Python services_auth: AES-GCM, SHA256 key, 12-byte nonce, base64url) and applies them. +//! Rust is the only decryption path; Python passes encrypted blobs only when secret is set (no Python fallback). + +use std::collections::HashMap; + +use aes_gcm::{ + Aes256Gcm, + aead::{Aead, KeyInit}, +}; +use base64::Engine; +use log::warn; +use sha2::{Digest, Sha256}; +use url::Url; +use url::form_urlencoded; + +use crate::errors::A2AError; + +/// Decrypt a base64url-encoded AES-GCM ciphertext (nonce || ciphertext) into a string->string map. +/// Matches Python `decode_auth`: key = SHA256(secret), 12-byte nonce, no AAD. +/// Returns empty map on empty or invalid input; errors on decrypt failure. +pub fn decrypt_auth( + encoded_value: &str, + secret: &str, +) -> Result, A2AError> { + if encoded_value.is_empty() { + return Ok(HashMap::new()); + } + let padded = pad_base64url(encoded_value); + let combined = base64::engine::general_purpose::URL_SAFE + .decode(padded.as_bytes()) + .map_err(|e| A2AError::Auth(format!("base64 decode failed: {}", e)))?; + if combined.len() < 12 { + return Err(A2AError::Auth( + "ciphertext too short (missing nonce)".to_string(), + )); + } + let (nonce_slice, ciphertext) = combined.split_at(12); + let key = Sha256::digest(secret.as_bytes()); + let cipher = Aes256Gcm::new_from_slice(key.as_slice()) + .map_err(|e| A2AError::Auth(format!("AES-GCM key init failed: {}", e)))?; + let plaintext = cipher + .decrypt(nonce_slice.into(), ciphertext) + .map_err(|e| A2AError::Auth(format!("decrypt failed: {}", e)))?; + let s = String::from_utf8(plaintext) + .map_err(|e| A2AError::Auth(format!("plaintext not UTF-8: {}", e)))?; + let value: HashMap = serde_json::from_str(&s) + .map_err(|e| A2AError::Auth(format!("JSON parse failed: {}", e)))?; + let out: HashMap = value + .into_iter() + .filter_map(|(k, v)| { + let str_val = match v { + serde_json::Value::String(s) => s, + other => other.to_string(), + }; + Some((k, str_val)) + }) + .collect(); + Ok(out) +} + +fn pad_base64url(s: &str) -> String { + let rem = s.len() % 4; + if rem == 0 { + s.to_string() + } else { + format!("{}{}", s, "=".repeat(4 - rem)) + } +} + +/// Decrypt each value in a map (keys unchanged); used for encrypted query params. +pub fn decrypt_map_values( + enc_map: &HashMap, + secret: &str, +) -> Result, A2AError> { + let mut out = HashMap::new(); + for (_k, v) in enc_map { + let dec = decrypt_auth(v, secret)?; + for (dk, dv) in dec { + out.insert(dk, dv); + } + } + Ok(out) +} + +/// Outbound auth config for agent-to-agent calls (Bearer, ApiKey, OAuth). +/// For config/DB schema and documentation only; at invoke time only [`InvokeAuth`] is used (Rust builds it from decrypted or from encrypted blobs). +pub enum AuthConfig { + Bearer(String), + ApiKey { + header: String, + value: String, + }, + OAuth { + token_url: String, + client_id: String, + client_secret: String, + }, +} + +/// Decrypted auth to apply to a single invoke request: query params and headers. +/// Built in Rust from decrypted auth (Rust decrypts when secret set) or from plain maps when no secret. All auth application in Rust; no Python fallback. +#[derive(Debug, Clone, Default)] +pub struct InvokeAuth { + /// Query parameters to append/merge into the request URL (e.g. api_key, token). + pub query_params: Option>, + /// Headers to add to the request (e.g. Authorization, X-API-Key). + pub headers: HashMap, +} + +/// Applies auth to a base URL and returns the final URL and headers for the HTTP request. +/// Merges auth query params with any existing query string on base_url (auth params override). +/// Fails if the URL is invalid or scheme is not http/https. Used by the invoke path only; no DB or Python fallback. +pub fn apply_invoke_auth( + base_url: &str, + auth: &InvokeAuth, +) -> Result<(String, HashMap), A2AError> { + let mut url = Url::parse(base_url).map_err(|e| { + let msg = format!("Invalid invoke URL: {}", e); + warn!("{}", msg); + A2AError::Other(msg) + })?; + match url.scheme() { + "http" | "https" => {} + _ => { + let msg = format!( + "Invoke URL scheme not allowed: {} (only http/https)", + url.scheme() + ); + warn!("{}", msg); + return Err(A2AError::Other(msg)); + } + } + + if let Some(ref params) = auth.query_params { + if !params.is_empty() { + let mut pairs: Vec<(String, String)> = url + .query_pairs() + .map(|(k, v)| (k.into_owned(), v.into_owned())) + .collect(); + for (k, v) in params { + pairs.retain(|(pk, _)| pk != k); + pairs.push((k.clone(), v.clone())); + } + let mut ser = form_urlencoded::Serializer::new(String::new()); + for (k, v) in &pairs { + ser.append_pair(k, v); + } + let new_query = ser.finish(); + url.set_query(if new_query.is_empty() { + None + } else { + Some(&new_query) + }); + } + } + + Ok((url.to_string(), auth.headers.clone())) +} + +#[cfg(test)] +mod tests { + use std::collections::HashMap; + + use super::*; + + #[test] + fn test_auth_config_bearer() { + let _ = AuthConfig::Bearer("token123".to_string()); + } + + #[test] + fn test_auth_config_api_key() { + let _ = AuthConfig::ApiKey { + header: "X-API-Key".to_string(), + value: "secret".to_string(), + }; + } + + #[test] + fn test_auth_config_oauth() { + let _ = AuthConfig::OAuth { + token_url: "https://auth.example.com/token".to_string(), + client_id: "client".to_string(), + client_secret: "secret".to_string(), + }; + } + + #[test] + fn test_apply_invoke_auth_url_only() { + let auth = InvokeAuth::default(); + let (url, headers) = apply_invoke_auth("https://api.example.com/mcp", &auth).unwrap(); + assert_eq!(url, "https://api.example.com/mcp"); + assert!(headers.is_empty()); + } + + #[test] + fn test_apply_invoke_auth_query_params() { + let mut params = HashMap::new(); + params.insert("api_key".to_string(), "secret123".to_string()); + let auth = InvokeAuth { + query_params: Some(params), + headers: HashMap::new(), + }; + let (url, _) = apply_invoke_auth("https://api.example.com/mcp", &auth).unwrap(); + assert!(url.contains("api_key=")); + assert!(url.contains("secret123")); + } + + #[test] + fn test_apply_invoke_auth_headers() { + let mut headers = HashMap::new(); + headers.insert("Authorization".to_string(), "Bearer tok".to_string()); + let auth = InvokeAuth { + query_params: None, + headers, + }; + let (url, h) = apply_invoke_auth("https://api.example.com/mcp", &auth).unwrap(); + assert_eq!(url, "https://api.example.com/mcp"); + assert_eq!( + h.get("Authorization").map(String::as_str), + Some("Bearer tok") + ); + } + + #[test] + fn test_apply_invoke_auth_merge_existing_query() { + let mut params = HashMap::new(); + params.insert("api_key".to_string(), "key123".to_string()); + let auth = InvokeAuth { + query_params: Some(params), + headers: HashMap::new(), + }; + let (url, _) = apply_invoke_auth("https://api.example.com/mcp?q=test", &auth).unwrap(); + assert!(url.contains("q=test")); + assert!(url.contains("api_key=key123")); + } + + #[test] + fn test_apply_invoke_auth_invalid_url_returns_err() { + let auth = InvokeAuth::default(); + let err = apply_invoke_auth("not-a-valid-url", &auth).unwrap_err(); + assert!(err.to_string().to_lowercase().contains("invalid")); + } + + #[test] + fn test_apply_invoke_auth_file_scheme_rejected() { + let auth = InvokeAuth::default(); + let err = apply_invoke_auth("file:///etc/passwd", &auth).unwrap_err(); + assert!(err.to_string().to_lowercase().contains("not allowed")); + } + + #[test] + fn test_decrypt_auth_empty_returns_empty_map() { + let m = decrypt_auth("", "secret").unwrap(); + assert!(m.is_empty()); + } + + #[test] + fn test_decrypt_auth_invalid_base64_returns_err() { + let err = decrypt_auth("not-valid-base64!!!", "secret").unwrap_err(); + assert!(matches!(err, A2AError::Auth(_))); + } +} diff --git a/tools_rust/a2a_service/src/circuit.rs b/tools_rust/a2a_service/src/circuit.rs new file mode 100644 index 0000000000..f0e972c0e9 --- /dev/null +++ b/tools_rust/a2a_service/src/circuit.rs @@ -0,0 +1,146 @@ +//! Per-endpoint circuit breaker for A2A invocations. +//! +//! Tracks failures per key (agent URL or id). After `failure_threshold` consecutive failures the +//! circuit opens and requests are rejected until `cooldown` elapses, then one request is allowed +//! (half-open). Success closes the circuit; failure in half-open reopens it. +//! +//! ## Scope: key is `url::scope_id` (per-tenant isolation) +//! +//! The circuit key is `{url}::{scope_id}` (e.g. team or tenant id). Consequence: one tenant's +//! failures do not open the circuit for other tenants using the same agent URL. Alternative would +//! be a global key per URL for faster fail-fast across all tenants, at the cost of one tenant's +//! failures affecting others. + +use std::sync::Mutex; +use std::time::{Duration, Instant}; + +use dashmap::DashMap; + +use crate::eviction; + +/// Per-agent circuit state. +#[derive(Debug)] +enum CircuitState { + Closed(u32), + Open(Instant), + HalfOpen, +} + +/// Circuit breaker: tracks failures per key (agent URL/id), opens after threshold, cooldown then half-open. +#[derive(Debug)] +pub struct CircuitBreaker { + states: DashMap>, + failure_threshold: u32, + cooldown: Duration, + max_entries: Option, +} + +impl CircuitBreaker { + /// Create a circuit breaker. If `max_entries` is `Some(n)`, evicts one entry when at capacity to bound memory. + pub fn new(failure_threshold: u32, cooldown: Duration, max_entries: Option) -> Self { + Self { + states: DashMap::new(), + failure_threshold, + cooldown, + max_entries, + } + } + + /// Returns true if a request is allowed (closed or half-open). If open, returns false. + pub fn allow_request(&self, key: &str) -> bool { + eviction::evict_one_if_over_capacity(&self.states, self.max_entries); + let now = Instant::now(); + let mut guard = self + .states + .entry(key.to_string()) + .or_insert_with(|| Mutex::new(CircuitState::Closed(0))); + let state = guard.get_mut().unwrap(); + match state { + CircuitState::Closed(_) => true, + CircuitState::Open(until) => { + if now >= *until { + *state = CircuitState::HalfOpen; + true + } else { + false + } + } + CircuitState::HalfOpen => true, + } + } + + /// Record success; resets closed or moves half-open -> closed. + pub fn record_success(&self, key: &str) { + let mut guard = match self.states.get_mut(key) { + Some(g) => g, + None => return, + }; + let state = guard.get_mut().unwrap(); + *state = CircuitState::Closed(0); + } + + /// Record failure; increments closed or opens / keeps open. + pub fn record_failure(&self, key: &str) { + eviction::evict_one_if_over_capacity(&self.states, self.max_entries); + let mut guard = self + .states + .entry(key.to_string()) + .or_insert_with(|| Mutex::new(CircuitState::Closed(0))); + let state = guard.get_mut().unwrap(); + let now = Instant::now(); + match state { + CircuitState::Closed(n) => { + *n += 1; + if *n >= self.failure_threshold { + *state = CircuitState::Open(now + self.cooldown); + } + } + CircuitState::Open(until) => { + *until = now + self.cooldown; + } + CircuitState::HalfOpen => { + *state = CircuitState::Open(now + self.cooldown); + } + } + } +} + +#[cfg(test)] +mod tests { + use std::time::Duration; + + use super::*; + + #[test] + fn test_circuit_closed_opens_after_threshold() { + let cb = CircuitBreaker::new(2, Duration::from_secs(60), None); + assert!(cb.allow_request("a")); + cb.record_failure("a"); + assert!(cb.allow_request("a")); + cb.record_failure("a"); + assert!(!cb.allow_request("a")); + } + + #[test] + fn test_circuit_success_resets() { + let cb = CircuitBreaker::new(2, Duration::from_secs(60), None); + cb.record_failure("a"); + cb.record_success("a"); + assert!(cb.allow_request("a")); + cb.record_failure("a"); + assert!(cb.allow_request("a")); + } + + #[test] + fn test_circuit_half_open_failure_reopens() { + let cooldown = Duration::from_millis(20); + let cb = CircuitBreaker::new(2, cooldown, None); + cb.record_failure("k"); + cb.record_failure("k"); + assert!(!cb.allow_request("k")); + std::thread::sleep(cooldown + Duration::from_millis(5)); + assert!(cb.allow_request("k")); + cb.record_failure("k"); + assert!(!cb.allow_request("k")); + } +} diff --git a/tools_rust/a2a_service/src/config.rs b/tools_rust/a2a_service/src/config.rs new file mode 100644 index 0000000000..083c5b0743 --- /dev/null +++ b/tools_rust/a2a_service/src/config.rs @@ -0,0 +1,92 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! CLI and environment-backed configuration for the A2A invoke service. + +use clap::Parser; +use std::net::SocketAddr; + +#[derive(Debug, Clone, Parser)] +#[command(name = "a2a-service")] +#[command(about = "Standalone A2A agent invocation service (ContextForge)")] +pub struct Config { + #[arg(long, env = "A2A_RUST_LISTEN_HTTP", default_value = "127.0.0.1:8790")] + pub listen_http: String, + + /// Base URL for the Python gateway backend (used for CRUD proxying and as a fallback). + #[arg( + long, + env = "A2A_RUST_BACKEND_BASE_URL", + default_value = "http://127.0.0.1:4444" + )] + pub backend_base_url: String, + + #[arg(long, env = "A2A_RUST_AUTH_SECRET")] + pub auth_secret: Option, + + #[arg(long, env = "A2A_RUST_MAX_CONCURRENT", default_value_t = 64)] + pub max_concurrent: usize, + + #[arg(long, env = "A2A_RUST_MAX_QUEUED")] + pub max_queued: Option, + + #[arg(long, env = "A2A_RUST_INVOKE_TIMEOUT_SECS", default_value_t = 60.0)] + pub invoke_timeout_secs: f64, +} + +impl Config { + pub fn listen_socket_addr(&self) -> Result { + let s = self.listen_http.as_str(); + if s.contains(':') { + s.parse() + } else { + format!("{}:8790", s).parse() + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_listen_socket_addr_with_port() { + let c = Config { + listen_http: "127.0.0.1:8790".to_string(), + backend_base_url: String::new(), + auth_secret: None, + max_concurrent: 64, + max_queued: None, + invoke_timeout_secs: 60.0, + }; + let addr = c.listen_socket_addr().unwrap(); + assert_eq!(addr.port(), 8790); + } + + #[test] + fn test_listen_socket_addr_without_port_appends_8790() { + let c = Config { + listen_http: "0.0.0.0".to_string(), + backend_base_url: String::new(), + auth_secret: None, + max_concurrent: 64, + max_queued: None, + invoke_timeout_secs: 60.0, + }; + let addr = c.listen_socket_addr().unwrap(); + assert_eq!(addr.port(), 8790); + } + + #[test] + fn test_listen_socket_addr_invalid_returns_err() { + let c = Config { + listen_http: "not-an-address".to_string(), + backend_base_url: String::new(), + auth_secret: None, + max_concurrent: 64, + max_queued: None, + invoke_timeout_secs: 60.0, + }; + assert!(c.listen_socket_addr().is_err()); + } +} diff --git a/tools_rust/a2a_service/src/errors.rs b/tools_rust/a2a_service/src/errors.rs new file mode 100644 index 0000000000..1063a9e8b8 --- /dev/null +++ b/tools_rust/a2a_service/src/errors.rs @@ -0,0 +1,127 @@ +//! Error type for A2A HTTP invocation. +//! +//! Used by the invoker and exposed to Python when a request fails (e.g. timeout, connection error, circuit open). + +use std::time::Duration; + +use thiserror::Error; + +/// Errors that can occur during an A2A HTTP invocation. +#[derive(Debug, Error)] +pub enum A2AError { + /// Underlying HTTP client error. + #[error(transparent)] + Http(#[from] reqwest::Error), + + /// Request timed out. + #[error("A2A request timed out after {0:?}")] + Timeout(Duration), + + /// Per-endpoint circuit breaker is open; request rejected. + #[error("Circuit breaker open for endpoint")] + CircuitOpen, + + /// Response body exceeded maximum allowed size. + #[error("Response body exceeds maximum allowed size")] + OversizedResponse, + + /// Authentication or authorization related error. + #[error("A2A auth error: {0}")] + Auth(String), + + /// Generic invocation error. + #[error("A2A invocation error: {0}")] + Other(String), +} + +/// Returns true if the HTTP status code indicates success (2xx). +#[inline] +pub fn is_success_http_status(code: u16) -> bool { + (200..300).contains(&code) +} + +impl A2AError { + /// Stable error code for Python/API to map to HTTP status and retry behavior. + pub fn error_code(&self) -> &'static str { + match self { + A2AError::Timeout(_) => "timeout", + A2AError::CircuitOpen => "circuit_open", + A2AError::OversizedResponse => "oversized_response", + A2AError::Http(e) if e.is_timeout() => "timeout", + A2AError::Http(_) => "http", + A2AError::Auth(_) => "auth", + A2AError::Other(_) => "other", + } + } + + /// HTTP status code to use when this error is returned to the client. + pub fn http_status(&self) -> u16 { + match self { + A2AError::Timeout(_) => 504, + A2AError::Http(e) if e.is_timeout() => 504, + A2AError::CircuitOpen => 503, + A2AError::OversizedResponse => 413, + A2AError::Http(_) | A2AError::Auth(_) | A2AError::Other(_) => 502, + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_a2a_error_timeout_display() { + let error = A2AError::Timeout(Duration::from_secs(5)); + assert!(error.to_string().contains("timed out")); + assert!(error.to_string().contains("5s")); + } + + #[test] + fn test_a2a_error_auth_display() { + let error = A2AError::Auth("invalid token".to_string()); + assert_eq!(error.to_string(), "A2A auth error: invalid token"); + } + + #[test] + fn test_a2a_error_other_display() { + let error = A2AError::Other("something went wrong".to_string()); + assert_eq!( + error.to_string(), + "A2A invocation error: something went wrong" + ); + } + + #[test] + fn test_a2a_error_codes_and_status() { + assert_eq!( + A2AError::Timeout(Duration::from_secs(5)).error_code(), + "timeout" + ); + assert_eq!(A2AError::Timeout(Duration::from_secs(5)).http_status(), 504); + assert_eq!(A2AError::CircuitOpen.error_code(), "circuit_open"); + assert_eq!(A2AError::CircuitOpen.http_status(), 503); + assert_eq!( + A2AError::OversizedResponse.error_code(), + "oversized_response" + ); + assert_eq!(A2AError::OversizedResponse.http_status(), 413); + } + + #[test] + fn test_a2a_error_send_sync() { + fn assert_send_sync() {} + assert_send_sync::(); + } + + #[test] + fn test_is_success_http_status() { + assert!(is_success_http_status(200)); + assert!(is_success_http_status(201)); + assert!(is_success_http_status(299)); + assert!(!is_success_http_status(199)); + assert!(!is_success_http_status(300)); + assert!(!is_success_http_status(404)); + assert!(!is_success_http_status(500)); + } +} diff --git a/tools_rust/a2a_service/src/eviction.rs b/tools_rust/a2a_service/src/eviction.rs new file mode 100644 index 0000000000..8047872091 --- /dev/null +++ b/tools_rust/a2a_service/src/eviction.rs @@ -0,0 +1,56 @@ +//! Shared eviction helper for capacity-bounded maps. +//! +//! Used by circuit breaker and metrics collector to bound memory by removing one entry when at capacity. + +use std::hash::Hash; + +use dashmap::DashMap; + +/// If `max_entries` is `Some(max)` and `map.len() >= max`, removes one arbitrary entry from `map`. +/// No-op when `max_entries` is `None` or map is under capacity. +pub fn evict_one_if_over_capacity(map: &DashMap, max_entries: Option) +where + K: Clone + Hash + Eq, +{ + if let Some(max) = max_entries { + if map.len() >= max { + // IMPORTANT: avoid calling `remove` while holding an iterator guard. + // Some DashMap internals can deadlock if a shard is re-locked while an + // iterator guard is still alive. + let key = map.iter().next().map(|entry| entry.key().clone()); + if let Some(key) = key { + map.remove(&key); + } + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_evict_none_max_entries_no_op() { + let map: DashMap = DashMap::new(); + map.insert("a".to_string(), 1); + evict_one_if_over_capacity(&map, None); + assert_eq!(map.len(), 1); + } + + #[test] + fn test_evict_under_capacity_no_op() { + let map: DashMap = DashMap::new(); + map.insert("a".to_string(), 1); + evict_one_if_over_capacity(&map, Some(2)); + assert_eq!(map.len(), 1); + } + + #[test] + fn test_evict_at_capacity_removes_one() { + let map: DashMap = DashMap::new(); + map.insert("a".to_string(), 1); + map.insert("b".to_string(), 2); + evict_one_if_over_capacity(&map, Some(2)); + assert_eq!(map.len(), 1); + } +} diff --git a/tools_rust/a2a_service/src/http.rs b/tools_rust/a2a_service/src/http.rs new file mode 100644 index 0000000000..cb35bffb20 --- /dev/null +++ b/tools_rust/a2a_service/src/http.rs @@ -0,0 +1,334 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! HTTP JSON DTOs and conversion for A2A invoke (single and batch). +//! Compatible with the Python A2A invoke contract (unified response shape). + +use std::collections::HashMap; + +use serde::{Deserialize, Serialize}; +use serde_json::Value as JsonValue; + +use crate::auth::{apply_invoke_auth, decrypt_auth, decrypt_map_values, InvokeAuth}; +use crate::errors::A2AError; +use crate::invoker::{A2AInvokeRequest, A2AInvokeResult}; + +/// Single request in the batch invoke JSON body. +/// Matches the Python tuple shape: id, base_url, auth, body, optional metadata. +#[derive(Debug, Clone, Deserialize)] +#[serde(deny_unknown_fields)] +pub struct InvokeRequestDto { + pub id: u32, + pub base_url: String, + #[serde(default)] + pub auth_query_params: Option>, + #[serde(default)] + pub auth_headers: Option>, + /// Request body (UTF-8). Sent as-is to the agent endpoint. + pub body: String, + #[serde(default)] + pub correlation_id: Option, + #[serde(default)] + pub traceparent: Option, + #[serde(default)] + pub agent_name: Option, + #[serde(default)] + pub agent_id: Option, + #[serde(default)] + pub interaction_type: Option, + #[serde(default)] + pub scope_id: Option, + #[serde(default)] + pub request_id: Option, + /// When auth_secret is set, decrypt and use instead of auth_headers. + #[serde(default)] + pub auth_headers_encrypted: Option, + /// When auth_secret is set, decrypt and use instead of auth_query_params. + #[serde(default)] + pub auth_query_params_encrypted: Option>, +} + +/// Single invoke result for JSON response (unified shape with Python). +#[derive(Debug, Clone, Serialize)] +pub struct InvokeResultDto { + pub id: u32, + pub status_code: u16, + #[serde(skip_serializing_if = "Option::is_none")] + pub body: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub parsed: Option, + pub success: bool, + #[serde(skip_serializing_if = "Option::is_none")] + pub error: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub code: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub agent_name: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub details: Option, + pub duration_secs: f64, + #[serde(skip_serializing_if = "Option::is_none")] + pub metric_row: Option, +} + +#[derive(Debug, Clone, Serialize)] +pub struct MetricRowDto { + pub agent_id: String, + pub timestamp_secs: f64, + pub response_time: f64, + pub is_success: bool, + pub interaction_type: String, + #[serde(skip_serializing_if = "Option::is_none")] + pub error_message: Option, +} + +/// Parse JSON request DTOs into `A2AInvokeRequest` list (with optional auth decryption). +pub fn parse_requests_from_json( + requests: &[InvokeRequestDto], + auth_secret: Option<&str>, +) -> Result, A2AError> { + let mut out = Vec::with_capacity(requests.len()); + for (i, dto) in requests.iter().enumerate() { + let auth_query_params = if let Some(ref enc) = dto.auth_query_params_encrypted { + let secret = auth_secret.ok_or_else(|| { + A2AError::Auth("auth_query_params_encrypted set but no auth_secret".to_string()) + })?; + Some(decrypt_map_values(enc, secret)?) + } else { + dto.auth_query_params.clone() + }; + let mut auth_headers: HashMap = dto.auth_headers.clone().unwrap_or_default(); + if let Some(ref enc) = dto.auth_headers_encrypted { + let secret = auth_secret.ok_or_else(|| { + A2AError::Auth("auth_headers_encrypted set but no auth_secret".to_string()) + })?; + let dec = decrypt_auth(enc, secret)?; + auth_headers.extend(dec); + } + auth_headers + .entry("Content-Type".to_string()) + .or_insert_with(|| "application/json".to_string()); + if let Some(ref c) = dto.correlation_id { + auth_headers.insert("X-Correlation-ID".to_string(), c.clone()); + } + if let Some(ref t) = dto.traceparent { + auth_headers.insert("traceparent".to_string(), t.clone()); + } + let auth = InvokeAuth { + query_params: auth_query_params, + headers: auth_headers, + }; + let (url, headers) = apply_invoke_auth(&dto.base_url, &auth)?; + out.push(A2AInvokeRequest { + id: dto.id as usize, + url, + body: dto.body.as_bytes().to_vec(), + headers, + correlation_id: dto.correlation_id.clone(), + traceparent: dto.traceparent.clone(), + agent_name: dto.agent_name.clone(), + agent_id: dto.agent_id.clone(), + interaction_type: dto.interaction_type.clone(), + scope_id: dto.scope_id.clone(), + request_id: dto.request_id.clone(), + }); + let _ = i; + } + Ok(out) +} + +fn success_and_error_message(r: &A2AInvokeResult) -> (bool, Option) { + match r.result.as_ref() { + Ok(resp) => ( + crate::errors::is_success_http_status(resp.status_code), + if crate::errors::is_success_http_status(resp.status_code) { + None + } else if resp.body.is_empty() { + Some("Internal Server Error".to_string()) + } else { + Some(resp.body.clone()) + }, + ), + Err(e) => (false, Some(e.to_string())), + } +} + +/// Convert invoker results to JSON DTOs (unified shape with Python). +pub fn results_to_json( + results: Vec, + end_time_secs: f64, +) -> Vec { + results + .into_iter() + .map(|r| { + let (success, error_message) = success_and_error_message(&r); + let metric_row = match (r.agent_id.as_ref(), r.interaction_type.as_ref()) { + (Some(aid), Some(it)) => Some(MetricRowDto { + agent_id: aid.clone(), + timestamp_secs: end_time_secs, + response_time: r.duration_secs, + is_success: success, + interaction_type: it.clone(), + error_message: error_message.clone(), + }), + _ => None, + }; + let (status_code, body, parsed, error, code, agent_name, details) = match r.result.as_ref() { + Ok(resp) => ( + resp.status_code, + Some(resp.body.clone()), + resp.parsed.clone(), + None, + None, + None, + None, + ), + Err(e) => ( + e.http_status(), + None, + None, + Some(e.to_string()), + Some(e.error_code().to_string()), + r.agent_name.clone(), + None, + ), + }; + InvokeResultDto { + id: r.id as u32, + status_code, + body, + parsed, + success, + error, + code, + agent_name, + details, + duration_secs: r.duration_secs, + metric_row, + } + }) + .collect() +} + +#[cfg(test)] +mod tests { + use std::collections::HashMap; + + use crate::errors::A2AError; + use crate::invoker::A2AResponse; + use std::sync::Arc; + + use super::*; + + #[test] + fn test_parse_requests_from_json_minimal() { + let dto = InvokeRequestDto { + id: 1, + base_url: "https://example.com/mcp".to_string(), + auth_query_params: None, + auth_headers: None, + body: r#"{"jsonrpc":"2.0"}"#.to_string(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + auth_headers_encrypted: None, + auth_query_params_encrypted: None, + }; + let reqs = parse_requests_from_json(&[dto], None).unwrap(); + assert_eq!(reqs.len(), 1); + assert_eq!(reqs[0].id, 1); + assert_eq!(reqs[0].url, "https://example.com/mcp"); + assert!(reqs[0].headers.contains_key("Content-Type")); + } + + #[test] + fn test_parse_requests_encrypted_without_secret_returns_err() { + let mut enc = HashMap::new(); + enc.insert("k".to_string(), "v".to_string()); + let dto = InvokeRequestDto { + id: 1, + base_url: "https://example.com".to_string(), + auth_query_params: None, + auth_headers: None, + body: "{}".to_string(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + auth_headers_encrypted: Some("x".to_string()), + auth_query_params_encrypted: None, + }; + let err = parse_requests_from_json(&[dto], None).unwrap_err(); + assert!(matches!(err, A2AError::Auth(_))); + } + + #[test] + fn test_parse_requests_invalid_url_returns_err() { + let dto = InvokeRequestDto { + id: 1, + base_url: "not-a-url".to_string(), + auth_query_params: None, + auth_headers: None, + body: "{}".to_string(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + auth_headers_encrypted: None, + auth_query_params_encrypted: None, + }; + let err = parse_requests_from_json(&[dto], None).unwrap_err(); + assert!(matches!(err, A2AError::Other(_))); + } + + #[test] + fn test_results_to_json_success() { + let results = vec![crate::invoker::A2AInvokeResult { + id: 0, + result: Arc::new(Ok(A2AResponse { + status_code: 200, + body: r#"{"ok":true}"#.to_string(), + parsed: Some(serde_json::json!({"ok": true})), + })), + duration_secs: 0.5, + agent_key: "agent1".to_string(), + agent_name: Some("agent1".to_string()), + agent_id: Some("id1".to_string()), + interaction_type: Some("query".to_string()), + }]; + let dtos = results_to_json(results, 1000.0); + assert_eq!(dtos.len(), 1); + assert_eq!(dtos[0].id, 0); + assert_eq!(dtos[0].status_code, 200); + assert!(dtos[0].success); + assert!(dtos[0].metric_row.is_some()); + } + + #[test] + fn test_results_to_json_error() { + let results = vec![crate::invoker::A2AInvokeResult { + id: 1, + result: Arc::new(Err(A2AError::Timeout(std::time::Duration::from_secs(5)))), + duration_secs: 0.0, + agent_key: "agent1".to_string(), + agent_name: Some("a".to_string()), + agent_id: None, + interaction_type: None, + }]; + let dtos = results_to_json(results, 1000.0); + assert_eq!(dtos.len(), 1); + assert!(!dtos[0].success); + assert_eq!(dtos[0].code.as_deref(), Some("timeout")); + assert_eq!(dtos[0].status_code, 504); + } +} diff --git a/tools_rust/a2a_service/src/invoker.rs b/tools_rust/a2a_service/src/invoker.rs new file mode 100644 index 0000000000..dbd341f5b7 --- /dev/null +++ b/tools_rust/a2a_service/src/invoker.rs @@ -0,0 +1,993 @@ +//! A2A HTTP invoker: outbound POST requests to agent endpoints. +//! +//! Security invariants enforced here (defense-in-depth with Python): +//! - **URL scheme**: only `http` and `https` are allowed at invoke time (rejects `file:`, etc.). +//! - **Response body size**: responses are capped at a configurable maximum (default 10 MiB) to prevent OOM from malicious or buggy endpoints. +//! +//! Features: retry with exponential backoff, per-endpoint circuit breaker, optional batch concurrency limit. +//! +//! ## Request/response payload handling (copy vs zero-copy) +//! +//! **Request body**: Python builds the JSON payload and serializes it to bytes (`serde_json::to_vec` +//! in the PyO3 layer); Rust receives a `Vec`. This is a copy at the Python–Rust boundary. +//! +//! **Response body**: The response is read via a streaming API (`bytes_stream()`) into a `Vec`, +//! then converted to a `String` for UTF-8. The body is copied into process memory; Size is capped to avoid OOM. + +use std::collections::HashMap; +use std::sync::Arc; +use std::time::{Duration, Instant}; + +use bytes::Bytes; +use futures::future::{FutureExt, join_all}; +use log::{debug, error}; +use reqwest::Client; +use reqwest::header::{HeaderMap, HeaderName, HeaderValue}; +use serde_json::Value as JsonValue; +use tokio::sync::Semaphore; +use url::Url; + +use crate::circuit::CircuitBreaker; +use crate::errors::A2AError; +use crate::metrics::{MetricRecord, MetricsCollector}; + +/// Default maximum response body size (10 MiB). Prevents OOM from malicious or buggy endpoints. +const DEFAULT_MAX_RESPONSE_BODY_BYTES: usize = 10 * 1024 * 1024; + +/// Default retries (including initial attempt). +const DEFAULT_MAX_RETRIES: u32 = 3; +/// Default initial backoff before first retry. +const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_secs(1); +/// Default circuit breaker: open after this many consecutive failures per endpoint. +const DEFAULT_CIRCUIT_FAILURE_THRESHOLD: u32 = 5; +/// Default circuit breaker: cooldown before half-open. +const DEFAULT_CIRCUIT_COOLDOWN: Duration = Duration::from_secs(30); + +/// Adaptive timeout: minimum when using P95-based suggestion (no per-request timeout). +const ADAPTIVE_TIMEOUT_MIN: Duration = Duration::from_secs(1); +/// Adaptive timeout: maximum when using P95-based suggestion. +const ADAPTIVE_TIMEOUT_MAX: Duration = Duration::from_secs(300); + +/// Small limit used only in oversized-response test to avoid allocating 10 MiB. +#[cfg(test)] +const MAX_RESPONSE_BODY_BYTES_FOR_TEST: usize = 10; + +/// A2A invoke response with HTTP status, raw body, and optional parsed JSON. +/// When the body is valid JSON, `parsed` is set so Python can skip `json.loads`. +#[derive(Debug, Clone)] +pub struct A2AResponse { + /// HTTP status code (e.g. 200, 404, 502). + pub status_code: u16, + /// Raw response body as UTF-8 string. + pub body: String, + /// Parsed JSON when body is valid JSON; `None` for invalid or non-JSON body. + pub parsed: Option, +} + +/// Single outbound A2A request: id (for ordering), URL, body bytes, headers, and optional context. +#[derive(Debug, Clone)] +pub struct A2AInvokeRequest { + /// Index for reassembling results in order. + pub id: usize, + /// Full request URL (including query params if auth added any). + pub url: String, + /// Request body (e.g. JSON-serialized A2A payload). + pub body: Vec, + /// HTTP headers to send (e.g. Content-Type, Authorization). + pub headers: HashMap, + /// Optional correlation ID for log/trace correlation with Python layer. + pub correlation_id: Option, + /// Optional W3C traceparent for distributed tracing. + pub traceparent: Option, + /// Optional agent name for unified error reporting (included in error response when invocation fails). + pub agent_name: Option, + /// Optional agent ID (DB id) for metrics persistence. + pub agent_id: Option, + /// Optional interaction type for metrics (e.g. "query", "invoke"). + pub interaction_type: Option, + /// Optional scope id (e.g. team_id or tenant_id) for circuit breaker isolation; when None, "default" is used. + pub scope_id: Option, + /// Optional idempotency key; same ID in batch coalesces to one HTTP call, shared result. + pub request_id: Option, +} + +impl From<(usize, String, Vec, HashMap)> for A2AInvokeRequest { + fn from((id, url, body, headers): (usize, String, Vec, HashMap)) -> Self { + Self { + id, + url, + body, + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + } + } +} + +/// Python indexed request: (id, agent_url, request_payload, headers). Payload is JSON-serialized to body. +impl TryFrom<(usize, String, JsonValue, HashMap)> for A2AInvokeRequest { + type Error = serde_json::Error; + + fn try_from( + (id, url, payload, headers): (usize, String, JsonValue, HashMap), + ) -> Result { + let body = serde_json::to_vec(&payload)?; + Ok(Self { + id, + url, + body, + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }) + } +} + +/// Shared result for a single invocation (used when coalescing: multiple indices share the same outcome). +pub type SharedInvokeResult = Arc>; + +/// Single invoke result with the same index as the request, for reassembly by the caller. +/// Result is in an Arc so coalesced requests can share the same outcome without cloning (A2AError::Http holds non-Clone reqwest::Error). +#[derive(Debug, Clone)] +pub struct A2AInvokeResult { + /// Index matching the request `id`. + pub id: usize, + /// Success response or error (e.g. timeout, circuit open, HTTP error). Shared via Arc when expanding coalesced results. + pub result: SharedInvokeResult, + /// Request duration in seconds (used for metrics and last_interaction). + pub duration_secs: f64, + /// Agent key (URL or id) used for per-agent metrics. + pub agent_key: String, + /// Agent name for unified error reporting (from request). + pub agent_name: Option, + /// Agent ID and interaction type for metrics (from request). + pub agent_id: Option, + pub interaction_type: Option, +} + +/// Validates that the URL has an allowed scheme (http/https only). Prevents SSRF via file:, etc. +/// Python validates endpoint_url at agent create/update (http/https/ws/wss); we enforce http/https +/// here at invoke time for defense-in-depth (e.g. direct DB edits, legacy data). +fn validate_url_scheme(url_str: &str) -> Result<(), A2AError> { + let url = + Url::parse(url_str).map_err(|e| A2AError::Other(format!("Invalid invoke URL: {}", e)))?; + match url.scheme() { + "http" | "https" => Ok(()), + _ => Err(A2AError::Other(format!( + "Invoke URL scheme not allowed: {} (only http/https)", + url.scheme() + ))), + } +} + +/// Returns URL with query and fragment stripped for logging, to avoid leaking auth tokens in query params. +fn redact_url_for_log(url_str: &str) -> String { + Url::parse(url_str) + .ok() + .map(|mut u| { + u.set_query(None); + u.set_fragment(None); + u.to_string() + }) + .unwrap_or_else(|| url_str.to_string()) +} + +/// Extension trait to convert Python headers dict to HeaderMap. +/// Skips invalid header names/values. +trait IntoHeaderMap { + fn into_header_map(&self) -> HeaderMap; +} + +impl IntoHeaderMap for HashMap { + fn into_header_map(&self) -> HeaderMap { + let mut headers = HeaderMap::with_capacity(self.len()); + for (k, v) in self { + if let (Ok(name), Ok(value)) = ( + HeaderName::try_from(k.as_str()), + HeaderValue::try_from(v.as_str()), + ) { + headers.insert(name, value); + } + } + headers + } +} + +/// Invoker configuration: retry, circuit breaker, and batch concurrency limit. +#[derive(Clone)] +pub struct InvokerConfig { + /// Number of attempts (including the first). Retries use exponential backoff. + pub max_retries: u32, + /// Initial backoff duration before the first retry. + pub initial_backoff: Duration, + /// When true, per-endpoint circuit breaker is enabled. + pub circuit_breaker_enabled: bool, + /// Consecutive failures per endpoint before the circuit opens. + pub circuit_failure_threshold: u32, + /// Duration the circuit stays open before allowing one trial (half-open). + pub circuit_cooldown: Duration, + /// Max concurrent requests per batch; `None` = unlimited. + pub max_concurrent: Option, + /// Max circuit breaker entries per key; `None` = unbounded. Default bounds memory growth. + pub circuit_max_entries: Option, +} + +impl Default for InvokerConfig { + fn default() -> Self { + Self { + max_retries: DEFAULT_MAX_RETRIES, + initial_backoff: DEFAULT_INITIAL_BACKOFF, + circuit_breaker_enabled: true, + circuit_failure_threshold: DEFAULT_CIRCUIT_FAILURE_THRESHOLD, + circuit_cooldown: DEFAULT_CIRCUIT_COOLDOWN, + max_concurrent: None, + circuit_max_entries: Some(10_000), + } + } +} + +/// Core HTTP invoker for outbound A2A calls. +/// +/// Entry point for Python: pass pre-built url (with query auth if any), +/// JSON body bytes, and headers dict. Auth is decrypted and applied in Rust +/// when auth secret is set; no Python fallback. +/// +/// Security: URLs are validated to http/https only; response bodies are +/// limited to 10 MiB by default (override via +/// [`with_max_response_body_bytes`](A2AInvoker::with_max_response_body_bytes)). +pub struct A2AInvoker { + client: Client, + metrics: Arc, + max_response_body_bytes: usize, + config: InvokerConfig, + circuit_breaker: Option>, + semaphore: Option>, +} + +/// Build an A2AInvokeResult from components (reduces repeated struct literals). +fn make_invoke_result( + id: usize, + result: Result, + duration_secs: f64, + agent_key: String, + agent_name: Option, + agent_id: Option, + interaction_type: Option, +) -> A2AInvokeResult { + A2AInvokeResult { + id, + result: Arc::new(result), + duration_secs, + agent_key, + agent_name, + agent_id, + interaction_type, + } +} + +/// Returns true if the error is transient and worth retrying (timeout, connection, 5xx). +fn is_retryable(err: &A2AError) -> bool { + match err { + A2AError::Timeout(_) => true, + A2AError::Http(e) => { + e.is_timeout() + || e.is_connect() + || e.status().map(|s| s.is_server_error()).unwrap_or(false) + } + A2AError::CircuitOpen + | A2AError::OversizedResponse + | A2AError::Auth(_) + | A2AError::Other(_) => false, + } +} + +/// Reads response body with a size limit to prevent OOM. Returns UTF-8 string or error. +async fn read_body_with_limit( + response: reqwest::Response, + max_bytes: usize, +) -> Result { + let bytes = response.bytes().await.map_err(A2AError::Http)?; + if bytes.len() > max_bytes { + return Err(A2AError::OversizedResponse); + } + String::from_utf8(bytes.to_vec()) + .map_err(|e| A2AError::Other(format!("Response body not valid UTF-8: {}", e))) +} + +/// Execute a single A2A request: semaphore, circuit breaker, URL validation, retry loop, then build result. +async fn execute_one_request( + client: Client, + req: A2AInvokeRequest, + request_timeout: Duration, + max_body: usize, + max_retries: u32, + initial_backoff: Duration, + circuit_breaker: Option>, + semaphore: Option>, +) -> A2AInvokeResult { + let id = req.id; + let url_for_log = req.url.clone(); + let agent_key = req.url.clone(); + let scope_id = req.scope_id.as_deref().unwrap_or("default"); + // TODO: document scope trade-off (per-scope isolation vs global per-URL fail-fast); see circuit.rs + let circuit_key = format!("{}::{}", req.url, scope_id); + let agent_name = req.agent_name.clone(); + let agent_id = req.agent_id.clone(); + let interaction_type = req.interaction_type.clone(); + let correlation_id = req.correlation_id.clone(); + let traceparent = req.traceparent.clone(); + + let _permit = match &semaphore { + Some(sem) => match sem.clone().acquire_owned().await { + Ok(p) => Some(p), + Err(_) => { + return make_invoke_result( + id, + Err(A2AError::Other("semaphore closed".to_string())), + 0.0, + agent_key, + agent_name, + agent_id, + interaction_type, + ); + } + }, + None => None, + }; + if let Some(ref cb) = circuit_breaker { + if !cb.allow_request(&circuit_key) { + return make_invoke_result( + id, + Err(A2AError::CircuitOpen), + 0.0, + agent_key, + agent_name, + agent_id, + interaction_type, + ); + } + } + let url = req.url.clone(); + if let Err(e) = validate_url_scheme(&url) { + return make_invoke_result( + id, + Err(e), + 0.0, + agent_key, + agent_name, + agent_id, + interaction_type, + ); + } + let body = Bytes::from(req.body); + let header_map = req.headers.clone().into_header_map(); + let start = Instant::now(); + let r = { + let mut result = None; + for attempt in 0..=max_retries { + let res = (async { + let response = client + .post(&url) + .body(body.clone()) + .headers(header_map.clone()) + .timeout(request_timeout) + .send() + .await?; + let status_code = response.status().as_u16(); + let response_body = read_body_with_limit(response, max_body).await?; + let parsed = serde_json::from_str(&response_body).ok(); + Ok::<_, A2AError>(A2AResponse { + status_code, + body: response_body, + parsed, + }) + }) + .await; + match &res { + Ok(_) => { + if let Some(ref cb) = circuit_breaker { + cb.record_success(&circuit_key); + } + result = Some(res); + break; + } + Err(e) => { + if let Some(ref cb) = circuit_breaker { + cb.record_failure(&circuit_key); + } + let do_retry = attempt < max_retries && is_retryable(e); + result = Some(res); + if do_retry { + let backoff = initial_backoff * 2u32.saturating_pow(attempt); + tokio::time::sleep(backoff).await; + } else { + break; + } + } + } + } + result.unwrap_or_else(|| Err(A2AError::Other("request failed".to_string()))) + }; + let duration = start.elapsed(); + let duration_secs = duration.as_secs_f64(); + let url_log = redact_url_for_log(&url_for_log); + let corr = correlation_id.as_deref().unwrap_or(""); + let trace = traceparent.as_deref().unwrap_or(""); + match &r { + Ok(resp) => { + if corr.is_empty() && trace.is_empty() { + debug!( + "A2A invoke request id={} url={} completed status={} duration_secs={:.3}", + id, url_log, resp.status_code, duration_secs + ); + } else { + debug!( + "A2A invoke request id={} url={} completed status={} duration_secs={:.3} correlation_id={} traceparent={}", + id, url_log, resp.status_code, duration_secs, corr, trace + ); + } + } + Err(e) => { + if corr.is_empty() && trace.is_empty() { + error!("A2A invoke request id={} url={} failed: {}", id, url_log, e); + } else { + error!( + "A2A invoke request id={} url={} failed: {} correlation_id={} traceparent={}", + id, url_log, e, corr, trace + ); + } + } + } + make_invoke_result( + id, + r, + duration_secs, + agent_key, + agent_name, + agent_id, + interaction_type, + ) +} + +impl A2AInvoker { + /// Create an invoker with default config (retry, circuit breaker enabled, no batch concurrency limit). + pub fn new(client: Client, metrics: Arc) -> Self { + Self::with_config(client, metrics, InvokerConfig::default()) + } + + /// Create an invoker with the given config (retry, circuit breaker, and optional semaphore). + pub fn with_config( + client: Client, + metrics: Arc, + config: InvokerConfig, + ) -> Self { + let circuit_breaker = config.circuit_breaker_enabled.then(|| { + Arc::new(CircuitBreaker::new( + config.circuit_failure_threshold, + config.circuit_cooldown, + config.circuit_max_entries, + )) + }); + let semaphore = config.max_concurrent.map(|n| Arc::new(Semaphore::new(n))); + Self { + client, + metrics, + max_response_body_bytes: DEFAULT_MAX_RESPONSE_BODY_BYTES, + config, + circuit_breaker, + semaphore, + } + } + + /// Override max response body size (for tests or tuning). Default is 10 MiB. + #[allow(dead_code)] + pub fn with_max_response_body_bytes(mut self, max_bytes: usize) -> Self { + self.max_response_body_bytes = max_bytes; + self + } + + /// Reference to the metrics collector (for PyO3 get_agent_metrics). + pub fn metrics(&self) -> &MetricsCollector { + self.metrics.as_ref() + } + + /// Invoke 1..N requests. Returns results in input order; caller reassembles by id. + /// Concurrency within the batch is limited by config.max_concurrent if set. + /// Records timing and success/failure in metrics (batch). Circuit breaker and retry apply per request. + /// URLs are validated (http/https only). Response bodies are capped at MAX_RESPONSE_BODY_BYTES. + pub async fn invoke( + &self, + requests: Vec, + timeout: Duration, + ) -> Vec { + if requests.is_empty() { + return Vec::new(); + } + let original_len = requests.len(); + // Coalesce by request_id: same id => one HTTP call, result shared for all original indices. + // Coalesce key: request_id when set, otherwise __u_{id} per request so each stays distinct. + let mut key_to_indices: HashMap> = HashMap::new(); + let mut key_to_req: HashMap = HashMap::new(); + for req in requests { + let key = req + .request_id + .clone() + .unwrap_or_else(|| format!("__u_{}", req.id)); + key_to_indices.entry(key.clone()).or_default().push(req.id); + if !key_to_req.contains_key(&key) { + key_to_req.insert(key, req); + } + } + let mut work: Vec<(Vec, A2AInvokeRequest)> = key_to_indices + .into_iter() + .map(|(key, indices)| { + let req = key_to_req.remove(&key).unwrap(); + (indices, req) + }) + .collect(); + work.sort_by_key(|(indices, _)| *indices.first().unwrap_or(&0)); + // Map: original request index -> index into unique_requests (work). + let mut original_index_to_work_index = vec![0; original_len]; + for (wi, (indices, _)) in work.iter().enumerate() { + for &id in indices { + original_index_to_work_index[id] = wi; + } + } + let unique_requests: Vec = work + .into_iter() + .enumerate() + .map(|(wi, (_, mut req))| { + req.id = wi; + req + }) + .collect(); + + let effective_timeouts: Vec = unique_requests + .iter() + .map(|req| { + self.metrics.suggest_timeout_for_agent( + &req.url, + timeout, + ADAPTIVE_TIMEOUT_MIN, + ADAPTIVE_TIMEOUT_MAX, + ) + }) + .collect(); + + let client = self.client.clone(); + let metrics = Arc::clone(&self.metrics); + let max_body = self.max_response_body_bytes; + let max_retries = self.config.max_retries; + let initial_backoff = self.config.initial_backoff; + let circuit_breaker = self.circuit_breaker.clone(); + let semaphore = self.semaphore.clone(); + let futures = unique_requests + .into_iter() + .zip(effective_timeouts) + .map(|(req, request_timeout)| { + execute_one_request( + client.clone(), + req, + request_timeout, + max_body, + max_retries, + initial_backoff, + circuit_breaker.clone(), + semaphore.clone(), + ) + .boxed() + }) + .collect::>(); + let unique_results = join_all(futures).await; + // Batch record to in-memory metrics (per unique request only). + let batch: Vec = unique_results + .iter() + .map(|r| { + let success = match r.result.as_ref() { + Ok(resp) => crate::errors::is_success_http_status(resp.status_code), + Err(_) => false, + }; + MetricRecord { + agent_key: r.agent_key.clone(), + success, + duration: Duration::from_secs_f64(r.duration_secs), + } + }) + .collect(); + metrics.record_batch(&batch); + // Expand: one result per original index, id restored for ordering. + let results: Vec = (0..original_len) + .map(|i| { + let r = &unique_results[original_index_to_work_index[i]]; + A2AInvokeResult { + id: i, + result: Arc::clone(&r.result), + duration_secs: r.duration_secs, + agent_key: r.agent_key.clone(), + agent_name: r.agent_name.clone(), + agent_id: r.agent_id.clone(), + interaction_type: r.interaction_type.clone(), + } + }) + .collect(); + results + } +} + +#[cfg(test)] +mod tests { + use std::collections::HashMap; + use std::sync::Arc; + use std::time::Duration; + + use reqwest::Client; + use serde_json::json; + use wiremock::matchers::{method, path}; + use wiremock::{Mock, MockServer, ResponseTemplate}; + + use super::{A2AInvokeRequest, A2AInvoker, InvokerConfig}; + use crate::errors::A2AError; + use crate::metrics::MetricsCollector; + + #[test] + fn test_invoker_config_default() { + let c = InvokerConfig::default(); + assert!(c.max_retries >= 1); + assert!(c.circuit_breaker_enabled); + assert!(c.circuit_failure_threshold >= 1); + assert!(c.max_concurrent.is_none()); + assert!(c.circuit_max_entries.is_some()); + } + + #[test] + fn test_a2a_invoke_request_from_tuple() { + let mut headers = HashMap::new(); + headers.insert("H".to_string(), "V".to_string()); + let req: A2AInvokeRequest = ( + 0, + "https://example.com".to_string(), + b"body".to_vec(), + headers.clone(), + ) + .into(); + assert_eq!(req.id, 0); + assert_eq!(req.url, "https://example.com"); + assert_eq!(req.body, b"body"); + assert_eq!(req.headers.get("H").map(String::as_str), Some("V")); + } + + #[test] + fn test_a2a_invoke_request_try_from_json() { + let mut headers = HashMap::new(); + headers.insert("Content-Type".to_string(), "application/json".to_string()); + let req = A2AInvokeRequest::try_from(( + 1, + "https://example.com".to_string(), + json!({"key": "value"}), + headers, + )) + .unwrap(); + assert_eq!(req.id, 1); + assert_eq!(req.url, "https://example.com"); + assert!(std::str::from_utf8(&req.body).unwrap().contains("key")); + } + + fn test_invoker() -> A2AInvoker { + let client = Client::builder().build().expect("reqwest client"); + let metrics = Arc::new(MetricsCollector::new()); + A2AInvoker::new(client, metrics) + } + + /// Invoker with tiny body limit for oversized-response test. + fn test_invoker_small_limit() -> A2AInvoker { + test_invoker().with_max_response_body_bytes(super::MAX_RESPONSE_BODY_BYTES_FOR_TEST) + } + + #[tokio::test] + async fn test_invoke_success_returns_raw_body() { + let mock_server = MockServer::start().await; + let body_json = r#"{"jsonrpc":"2.0","result":{"test":true}}"#; + Mock::given(method("POST")) + .and(path("/")) + .respond_with( + ResponseTemplate::new(200).set_body_raw(body_json.as_bytes(), "application/json"), + ) + .mount(&mock_server) + .await; + + let inv = test_invoker(); + let headers = HashMap::new(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: body_json.as_bytes().to_vec(), + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let r = results.into_iter().next().unwrap(); + let resp = r.result.as_ref().as_ref().ok().unwrap(); + assert_eq!(resp.status_code, 200); + assert_eq!(resp.body, body_json); + } + + #[tokio::test] + async fn test_invoke_non_2xx_returns_ok_with_status_and_body() { + let mock_server = MockServer::start().await; + let body_text = r#"{"error":"not found"}"#; + Mock::given(method("POST")) + .and(path("/")) + .respond_with( + ResponseTemplate::new(404).set_body_raw(body_text.as_bytes(), "application/json"), + ) + .mount(&mock_server) + .await; + + let inv = test_invoker(); + let headers = HashMap::new(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let r = results.into_iter().next().unwrap(); + let resp = r.result.as_ref().as_ref().ok().unwrap(); + assert_eq!(resp.status_code, 404); + assert_eq!(resp.body, body_text); + } + + #[tokio::test] + async fn test_invoke_non_json_body_returned_as_raw_string() { + let mock_server = MockServer::start().await; + let body_text = "Error 500"; + Mock::given(method("POST")) + .and(path("/")) + .respond_with(ResponseTemplate::new(500).set_body_string(body_text)) + .mount(&mock_server) + .await; + + let inv = test_invoker(); + let headers = HashMap::new(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let r = results.into_iter().next().unwrap(); + let resp = r.result.as_ref().as_ref().ok().unwrap(); + assert_eq!(resp.status_code, 500); + assert_eq!(resp.body, body_text); + } + + #[tokio::test] + async fn test_invoke_headers_passed_through() { + let mock_server = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/")) + .respond_with(ResponseTemplate::new(200).set_body_string("{}")) + .mount(&mock_server) + .await; + + let inv = test_invoker(); + let mut headers = HashMap::new(); + headers.insert("Content-Type".to_string(), "application/json".to_string()); + headers.insert("X-Custom".to_string(), "custom-value".to_string()); + + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let r = results.into_iter().next().unwrap(); + let resp = r.result.as_ref().as_ref().ok().unwrap(); + assert_eq!(resp.status_code, 200); + } + + #[tokio::test] + async fn test_invoke_invalid_url_returns_err() { + // No retries and short timeout so the test fails fast (no multi-second DNS/timeout/backoff). + let config = InvokerConfig { + max_retries: 0, + ..InvokerConfig::default() + }; + let inv = A2AInvoker::with_config( + Client::builder().build().expect("reqwest client"), + Arc::new(MetricsCollector::new()), + config, + ); + let headers = HashMap::new(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: "http://invalid-domain-that-does-not-exist-12345.local/".to_string(), + body: b"{}".to_vec(), + headers, + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let result = results.into_iter().next().unwrap().result; + assert!(result.is_err()); + assert!(matches!(result.as_ref(), Err(A2AError::Http(_)))); + } + + #[tokio::test] + async fn test_invoke_file_scheme_rejected() { + let inv = test_invoker(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: "file:///etc/passwd".to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(1), + ) + .await; + let r = results.into_iter().next().unwrap(); + let err = r.result.as_ref().as_ref().unwrap_err(); + assert!(matches!(err, A2AError::Other(_))); + assert!(err.to_string().contains("not allowed")); + } + + #[tokio::test] + async fn test_invoke_oversized_response_returns_err() { + let mock_server = MockServer::start().await; + let oversized = "x".repeat(super::MAX_RESPONSE_BODY_BYTES_FOR_TEST + 1); + Mock::given(method("POST")) + .and(path("/")) + .respond_with(ResponseTemplate::new(200).set_body_string(oversized)) + .mount(&mock_server) + .await; + + let inv = test_invoker_small_limit(); + let results = inv + .invoke( + vec![A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }], + Duration::from_secs(5), + ) + .await; + let r = results.into_iter().next().unwrap(); + let err = r.result.as_ref().as_ref().unwrap_err(); + assert!(matches!(err, A2AError::OversizedResponse)); + assert!(err.to_string().contains("exceeds maximum")); + } + + #[tokio::test] + async fn test_invoke_batch_returns_indexed_results() { + let mock_server = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"id":1}"#)) + .mount(&mock_server) + .await; + + let inv = test_invoker(); + let requests = vec![ + A2AInvokeRequest { + id: 0, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }, + A2AInvokeRequest { + id: 1, + url: mock_server.uri().to_string(), + body: b"{}".to_vec(), + headers: HashMap::new(), + correlation_id: None, + traceparent: None, + agent_name: None, + agent_id: None, + interaction_type: None, + scope_id: None, + request_id: None, + }, + ]; + + let results = inv.invoke(requests, Duration::from_secs(5)).await; + + assert_eq!(results.len(), 2); + let ids: Vec = results.iter().map(|r| r.id).collect(); + assert!(ids.contains(&0)); + assert!(ids.contains(&1)); + for r in &results { + let resp = r.result.as_ref().as_ref().ok().unwrap(); + assert_eq!(resp.status_code, 200); + } + } +} diff --git a/tools_rust/a2a_service/src/lib.rs b/tools_rust/a2a_service/src/lib.rs new file mode 100644 index 0000000000..82aafde2da --- /dev/null +++ b/tools_rust/a2a_service/src/lib.rs @@ -0,0 +1,134 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! # A2A Service +//! +//! High-performance Agent-to-Agent (A2A) invocation. Exposes an HTTP API (Axum) for single and +//! batch invoke; performs auth decryption (when secret set), HTTP POST, retry, circuit breaker, +//! and per-agent metrics. + +mod auth; +mod circuit; +mod errors; +mod eviction; +mod http; +mod invoker; +mod metrics; +mod queue; +pub mod server; + +pub use crate::auth::{ + apply_invoke_auth, decrypt_auth, decrypt_map_values, AuthConfig, InvokeAuth, +}; +pub use crate::errors::A2AError; +pub use crate::http::{InvokeRequestDto, InvokeResultDto, parse_requests_from_json, results_to_json}; +pub use crate::invoker::{ + A2AInvokeRequest, A2AInvokeResult, A2AInvoker, A2AResponse, InvokerConfig, +}; +pub use crate::metrics::{AgentMetrics, AggregateMetrics, MetricsCollector}; +pub use crate::queue::{init_queue, shutdown_queue, try_submit_batch, QueueError}; + +use std::sync::OnceLock; +use std::time::{Duration, SystemTime, UNIX_EPOCH}; + + +static INVOKER: OnceLock = OnceLock::new(); +static INVOKER_CONFIG: OnceLock = OnceLock::new(); + +/// Initialize the A2A invoker (concurrency and retry limits). Call once at startup. +/// First call wins; subsequent calls are no-ops. +pub fn init_invoker(max_concurrent: usize, max_retries: u32) { + let _ = INVOKER_CONFIG.get_or_init(|| { + let mut config = InvokerConfig::default(); + config.max_concurrent = Some(max_concurrent); + config.max_retries = max_retries; + config + }); +} + +/// Used by the queue worker to run HTTP. Not part of the public API. +pub(crate) fn get_invoker() -> &'static A2AInvoker { + INVOKER.get_or_init(|| { + let client = reqwest::Client::builder() + .redirect(reqwest::redirect::Policy::none()) + .build() + .expect("reqwest client"); + let metrics = std::sync::Arc::new(MetricsCollector::with_capacity(Some(10_000))); + let config = INVOKER_CONFIG.get().cloned().unwrap_or_default(); + A2AInvoker::with_config(client, metrics, config) + }) +} + +/// Submit a batch of requests (from JSON DTOs) and wait for results. +/// Returns JSON-serializable result DTOs. Call after `init_queue` and optionally `init_invoker`. +pub async fn submit_batch( + requests: &[InvokeRequestDto], + auth_secret: Option<&str>, + timeout_secs: f64, +) -> Result, BatchSubmitError> { + let rust_requests = parse_requests_from_json(requests, auth_secret).map_err(BatchSubmitError::Parse)?; + let timeout = Duration::from_secs_f64(timeout_secs); + let rx = try_submit_batch(rust_requests, timeout).map_err(BatchSubmitError::Queue)?; + let results = rx.await.map_err(|_| BatchSubmitError::Queue(QueueError::Shutdown))?; + let end_time_secs = SystemTime::now() + .duration_since(UNIX_EPOCH) + .map(|d| d.as_secs_f64()) + .unwrap_or(0.0); + Ok(results_to_json(results, end_time_secs)) +} + +/// Error when submitting a batch via HTTP API. +#[derive(Debug)] +pub enum BatchSubmitError { + Parse(A2AError), + Queue(QueueError), +} + +impl std::fmt::Display for BatchSubmitError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + BatchSubmitError::Parse(e) => write!(f, "parse: {}", e), + BatchSubmitError::Queue(e) => write!(f, "queue: {:?}", e), + } + } +} + +impl std::error::Error for BatchSubmitError {} + +#[cfg(test)] +mod tests { + use std::collections::HashMap; + + use crate::auth::apply_invoke_auth; + use crate::auth::InvokeAuth; + use crate::errors::A2AError; + use crate::queue::QueueError; + use crate::BatchSubmitError; + + #[test] + fn test_batch_submit_error_display() { + let e = BatchSubmitError::Parse(A2AError::Auth("bad".to_string())); + assert!(e.to_string().contains("parse")); + let e2 = BatchSubmitError::Queue(QueueError::Full); + assert!(e2.to_string().contains("Full")); + } + + #[test] + fn test_apply_invoke_auth_injects_traceparent() { + let mut headers = HashMap::new(); + headers.insert("X-Test".to_string(), "1".to_string()); + let traceparent = "00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01"; + let auth = InvokeAuth { + query_params: None, + headers: { + let mut h = headers; + h.insert("traceparent".to_string(), traceparent.to_string()); + h + }, + }; + let (url, out_headers) = apply_invoke_auth("https://example.com", &auth).unwrap(); + assert!(url == "https://example.com" || url == "https://example.com/"); + assert_eq!(out_headers.get("traceparent").map(String::as_str), Some(traceparent)); + assert_eq!(out_headers.get("X-Test").map(String::as_str), Some("1")); + } +} diff --git a/tools_rust/a2a_service/src/main.rs b/tools_rust/a2a_service/src/main.rs new file mode 100644 index 0000000000..d37a12563f --- /dev/null +++ b/tools_rust/a2a_service/src/main.rs @@ -0,0 +1,48 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! A2A invoke service: standalone Axum HTTP server for single and batch agent invocation. + +use std::sync::Arc; + +use clap::Parser; +use tracing::info; +use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt, EnvFilter}; + +use a2a_service::{init_invoker, init_queue, server}; + +mod config; + +#[tokio::main] +async fn main() -> Result<(), Box> { + tracing_subscriber::registry() + .with(EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info"))) + .with(tracing_subscriber::fmt::layer()) + .init(); + + let config = config::Config::parse(); + let listen = config + .listen_socket_addr() + .map_err(|e| format!("invalid listen address: {}", e))?; + + init_invoker(config.max_concurrent, 1); + init_queue( + config.max_concurrent, + config.max_queued, + config.auth_secret.clone(), + ); + + let state = server::AppState { + auth_secret: config.auth_secret.clone(), + timeout_secs: config.invoke_timeout_secs, + backend_base_url: config.backend_base_url.trim_end_matches('/').to_string(), + client: reqwest::Client::new(), + }; + + let app = server::router(Arc::new(state)); + + info!("A2A service listening on http://{}", listen); + let listener = tokio::net::TcpListener::bind(listen).await?; + axum::serve(listener, app).await?; + Ok(()) +} diff --git a/tools_rust/a2a_service/src/metrics.rs b/tools_rust/a2a_service/src/metrics.rs new file mode 100644 index 0000000000..f2933839d5 --- /dev/null +++ b/tools_rust/a2a_service/src/metrics.rs @@ -0,0 +1,386 @@ +//! In-memory metrics for A2A invocations. +//! +//! Lock-free per-agent counters (via [`DashMap`] and atomics) plus a global aggregate. The invoker +//! records each request by agent key (URL or id); Python can read aggregates via [`get_aggregate`](MetricsCollector::get_aggregate) +//! or the PyO3 `get_agent_metrics`. +//! +//! Per-agent recent latencies are kept for adaptive timeout (P95-based suggestion when no per-request timeout is set). + +use std::collections::VecDeque; +use std::sync::Mutex; +use std::sync::atomic::{AtomicU64, Ordering}; +use std::time::Duration; + +use dashmap::DashMap; + +use crate::eviction; + +/// Maximum number of recent latencies to keep per agent for P95-based adaptive timeout. +const RECENT_LATENCIES_CAP: usize = 128; + +/// Single metric record for batch recording (agent key, success, duration). +#[derive(Debug, Clone)] +pub struct MetricRecord { + pub agent_key: String, + pub success: bool, + pub duration: Duration, +} + +/// Snapshot of aggregated A2A invocation metrics for one agent or globally. +#[derive(Debug, Clone, Default)] +pub struct AggregateMetrics { + /// Total number of invocations. + pub total_calls: u64, + /// Invocations that returned HTTP 200. + pub successful_calls: u64, + /// Invocations that failed or returned non-2xx. + pub failed_calls: u64, + /// Sum of response latencies in microseconds. + pub total_latency_us: u64, + /// Minimum observed latency in microseconds. + pub min_latency_us: u64, + /// Maximum observed latency in microseconds. + pub max_latency_us: u64, +} + +/// Per-agent metrics (atomic counters + recent latencies for P95). Used both for global aggregate and per-agent entries. +#[derive(Debug)] +pub struct AgentMetrics { + pub total_calls: AtomicU64, + pub successful_calls: AtomicU64, + pub failed_calls: AtomicU64, + pub total_latency_us: AtomicU64, + pub min_latency_us: AtomicU64, + pub max_latency_us: AtomicU64, + /// Recent latencies in microseconds for P95-based adaptive timeout. + recent_latencies_us: Mutex>, +} + +impl Default for AgentMetrics { + fn default() -> Self { + Self { + total_calls: AtomicU64::new(0), + successful_calls: AtomicU64::new(0), + failed_calls: AtomicU64::new(0), + total_latency_us: AtomicU64::new(0), + min_latency_us: AtomicU64::new(u64::MAX), + max_latency_us: AtomicU64::new(0), + recent_latencies_us: Mutex::new(VecDeque::new()), + } + } +} + +impl AgentMetrics { + fn record_success(&self, latency: Duration) { + let us = latency.as_micros().min(u64::MAX as u128) as u64; + self.total_calls.fetch_add(1, Ordering::Relaxed); + self.successful_calls.fetch_add(1, Ordering::Relaxed); + self.total_latency_us.fetch_add(us, Ordering::Relaxed); + self.update_min_max(us); + self.push_recent_latency(us); + } + + fn record_failure(&self, latency: Duration) { + let us = latency.as_micros().min(u64::MAX as u128) as u64; + self.total_calls.fetch_add(1, Ordering::Relaxed); + self.failed_calls.fetch_add(1, Ordering::Relaxed); + self.total_latency_us.fetch_add(us, Ordering::Relaxed); + self.update_min_max(us); + self.push_recent_latency(us); + } + + fn push_recent_latency(&self, us: u64) { + if let Ok(mut q) = self.recent_latencies_us.lock() { + q.push_back(us); + while q.len() > RECENT_LATENCIES_CAP { + q.pop_front(); + } + } + } + + /// P95 of recent latencies in microseconds, or None if fewer than 5 samples. + fn p95_latency_us(&self) -> Option { + let q = self.recent_latencies_us.lock().ok()?; + let len = q.len(); + if len < 5 { + return None; + } + let mut sorted: Vec = q.iter().copied().collect(); + sorted.sort_unstable(); + let idx = (len * 95 / 100).min(len.saturating_sub(1)); + Some(sorted[idx]) + } + + fn update_min_max(&self, us: u64) { + let mut current_min = self.min_latency_us.load(Ordering::Relaxed); + while us < current_min { + match self.min_latency_us.compare_exchange_weak( + current_min, + us, + Ordering::Relaxed, + Ordering::Relaxed, + ) { + Ok(_) => break, + Err(actual) => current_min = actual, + } + } + let mut current_max = self.max_latency_us.load(Ordering::Relaxed); + while us > current_max { + match self.max_latency_us.compare_exchange_weak( + current_max, + us, + Ordering::Relaxed, + Ordering::Relaxed, + ) { + Ok(_) => break, + Err(actual) => current_max = actual, + } + } + } + + /// Take a point-in-time snapshot of this agent's metrics. + pub fn snapshot(&self) -> AggregateMetrics { + let min = self.min_latency_us.load(Ordering::Relaxed); + AggregateMetrics { + total_calls: self.total_calls.load(Ordering::Relaxed), + successful_calls: self.successful_calls.load(Ordering::Relaxed), + failed_calls: self.failed_calls.load(Ordering::Relaxed), + total_latency_us: self.total_latency_us.load(Ordering::Relaxed), + min_latency_us: if min == u64::MAX { 0 } else { min }, + max_latency_us: self.max_latency_us.load(Ordering::Relaxed), + } + } +} + +/// In-memory metrics collector for A2A invocations. +/// Records counts and latency per agent (DashMap) and globally (aggregate). +#[derive(Debug)] +pub struct MetricsCollector { + /// Per-agent metrics keyed by agent id or URL. + invocations: DashMap, + /// Global aggregate (all agents combined). + global: AgentMetrics, + /// When set, evict one entry when at capacity to bound memory. + max_entries: Option, +} + +impl Default for MetricsCollector { + fn default() -> Self { + Self::new() + } +} + +impl MetricsCollector { + /// Create an unbounded metrics collector (for tests). + pub fn new() -> Self { + Self::with_capacity(None) + } + + /// Create a metrics collector with optional max per-agent entries. When `Some(n)`, evicts one entry when at capacity. + pub fn with_capacity(max_entries: Option) -> Self { + Self { + invocations: DashMap::new(), + global: AgentMetrics::default(), + max_entries, + } + } + + /// Record a single invocation for an agent. Also updates global aggregate. + pub fn record_invocation(&self, agent: &str, success: bool, duration: Duration) { + eviction::evict_one_if_over_capacity(&self.invocations, self.max_entries); + let metrics = self + .invocations + .entry(agent.to_string()) + .or_insert_with(AgentMetrics::default); + if success { + metrics.record_success(duration); + } else { + metrics.record_failure(duration); + } + if success { + self.global.record_success(duration); + } else { + self.global.record_failure(duration); + } + } + + /// Record a batch of metric records. Updates both per-agent and global metrics. + pub fn record_batch(&self, results: &[MetricRecord]) { + for r in results { + self.record_invocation(&r.agent_key, r.success, r.duration); + } + } + + /// Get aggregated metrics for a specific agent, if any. + pub fn get_aggregate(&self, agent: &str) -> Option { + self.invocations.get(agent).map(|m| m.snapshot()) + } + + /// Suggested timeout for an agent when no per-request timeout is set: P95 of recent latencies + /// multiplied by 1.5, clamped to [min_duration, max_duration]. Returns default_duration if + /// there are too few samples. + pub fn suggest_timeout_for_agent( + &self, + agent: &str, + default_duration: Duration, + min_duration: Duration, + max_duration: Duration, + ) -> Duration { + let p95_us = self.invocations.get(agent).and_then(|m| m.p95_latency_us()); + match p95_us { + None => default_duration, + Some(us) => { + let p95 = Duration::from_micros(us); + let suggested = p95 + p95 / 2; // 1.5 * P95 + suggested.clamp(min_duration, max_duration) + } + } + } + + /// Take a point-in-time snapshot of the global metrics. + pub fn snapshot(&self) -> AggregateMetrics { + self.global.snapshot() + } + + /// Reset all metrics (per-agent and global). + pub fn reset(&self) { + self.invocations.clear(); + self.global.total_calls.store(0, Ordering::Relaxed); + self.global.successful_calls.store(0, Ordering::Relaxed); + self.global.failed_calls.store(0, Ordering::Relaxed); + self.global.total_latency_us.store(0, Ordering::Relaxed); + self.global + .min_latency_us + .store(u64::MAX, Ordering::Relaxed); + self.global.max_latency_us.store(0, Ordering::Relaxed); + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_agent_metrics_default() { + let m = AgentMetrics::default(); + assert_eq!(m.total_calls.load(Ordering::SeqCst), 0); + } + + #[test] + fn test_aggregate_metrics_default() { + let a = AggregateMetrics::default(); + assert_eq!(a.total_calls, 0); + assert_eq!(a.successful_calls, 0); + assert_eq!(a.failed_calls, 0); + assert_eq!(a.total_latency_us, 0); + assert_eq!(a.min_latency_us, 0); + assert_eq!(a.max_latency_us, 0); + } + + #[test] + fn test_record_invocation_per_agent() { + let c = MetricsCollector::new(); + c.record_invocation("agent1", true, Duration::from_millis(100)); + c.record_invocation("agent1", false, Duration::from_millis(50)); + c.record_invocation("agent2", true, Duration::from_millis(200)); + + let a1 = c.get_aggregate("agent1").unwrap(); + assert_eq!(a1.total_calls, 2); + assert_eq!(a1.successful_calls, 1); + assert_eq!(a1.failed_calls, 1); + assert_eq!(a1.min_latency_us, 50_000); + assert_eq!(a1.max_latency_us, 100_000); + + let a2 = c.get_aggregate("agent2").unwrap(); + assert_eq!(a2.total_calls, 1); + assert_eq!(a2.successful_calls, 1); + + let global = c.snapshot(); + assert_eq!(global.total_calls, 3); + assert_eq!(global.successful_calls, 2); + assert_eq!(global.failed_calls, 1); + } + + #[test] + fn test_get_aggregate_missing() { + let c = MetricsCollector::new(); + assert!(c.get_aggregate("nonexistent").is_none()); + } + + #[test] + fn test_snapshot_empty() { + let c = MetricsCollector::new(); + let s = c.snapshot(); + assert_eq!(s.total_calls, 0); + assert_eq!(s.successful_calls, 0); + assert_eq!(s.failed_calls, 0); + assert_eq!(s.max_latency_us, 0); + } + + #[test] + fn test_record_batch() { + let c = MetricsCollector::new(); + c.record_batch(&[ + MetricRecord { + agent_key: "a1".to_string(), + success: true, + duration: Duration::from_millis(10), + }, + MetricRecord { + agent_key: "a1".to_string(), + success: false, + duration: Duration::from_millis(20), + }, + MetricRecord { + agent_key: "a2".to_string(), + success: true, + duration: Duration::from_millis(30), + }, + ]); + let s1 = c.get_aggregate("a1").unwrap(); + assert_eq!(s1.total_calls, 2); + assert_eq!(s1.successful_calls, 1); + assert_eq!(s1.failed_calls, 1); + assert_eq!(s1.min_latency_us, 10_000); + assert_eq!(s1.max_latency_us, 20_000); + let s2 = c.get_aggregate("a2").unwrap(); + assert_eq!(s2.total_calls, 1); + let global = c.snapshot(); + assert_eq!(global.total_calls, 3); + } + + #[test] + fn test_reset() { + let c = MetricsCollector::new(); + c.record_invocation("a1", true, Duration::from_millis(1)); + c.reset(); + assert!(c.get_aggregate("a1").is_none()); + let s = c.snapshot(); + assert_eq!(s.total_calls, 0); + } + + #[test] + fn test_suggest_timeout_no_samples() { + let c = MetricsCollector::new(); + let default = Duration::from_secs(30); + let min = Duration::from_secs(1); + let max = Duration::from_secs(300); + let out = c.suggest_timeout_for_agent("agent1", default, min, max); + assert_eq!(out, default); + } + + #[test] + fn test_suggest_timeout_from_p95() { + let c = MetricsCollector::new(); + for _ in 0..10 { + c.record_invocation("agent1", true, Duration::from_millis(100)); + } + let default = Duration::from_secs(30); + let min = Duration::from_secs(1); + let max = Duration::from_secs(300); + let out = c.suggest_timeout_for_agent("agent1", default, min, max); + assert!(out >= min); + assert!(out <= max); + assert!(out >= Duration::from_millis(150)); // 1.5 * 100ms + } +} diff --git a/tools_rust/a2a_service/src/queue.rs b/tools_rust/a2a_service/src/queue.rs new file mode 100644 index 0000000000..163b070263 --- /dev/null +++ b/tools_rust/a2a_service/src/queue.rs @@ -0,0 +1,399 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! A2A invoke batch queue: bounded concurrency and optional bounded depth. +//! +//! Jobs are HTTP batch payloads `(Vec, Duration)` submitted via +//! [`try_submit_batch`]. A dedicated thread runs a Tokio runtime; up to `max_concurrent` +//! batches run in parallel. When `max_queued` is set, the channel is bounded and +//! try_submit returns `Err(QueueError::Full)` when full so Python can return 503. +//! When `max_queued` is None, the channel is unbounded. +//! Graceful shutdown: call [`shutdown_queue`] (async) to stop accepting new work and +//! drain pending jobs with a timeout. + +use std::collections::VecDeque; +use std::sync::Arc; +use std::sync::OnceLock; +use std::sync::atomic::{AtomicBool, Ordering}; +use std::thread; +use std::time::Duration; + +use log::info; +use tokio::runtime::Runtime; +use tokio::sync::{Semaphore, mpsc, oneshot}; +use tokio::task::JoinSet; +use tokio::time::Instant; + +use crate::invoker::{A2AInvokeRequest, A2AInvokeResult}; + +/// A single batch job: requests, timeout, and oneshot to send results back. +struct Job { + requests: Vec, + timeout: Duration, + result_tx: oneshot::Sender>, +} + +const MAX_COALESCED_REQUESTS: usize = 128; + +/// Run one job group: acquire permit once, invoke once, then fan results back to the original submitters. +async fn run_job_group(jobs: Vec, semaphore: Arc) { + let _permit = semaphore.acquire_owned().await; + let inv = crate::get_invoker(); + let timeout = jobs.first().map(|job| job.timeout).unwrap_or_default(); + let mut all_requests = Vec::new(); + let mut result_channels = Vec::with_capacity(jobs.len()); + let mut request_counts = Vec::with_capacity(jobs.len()); + let mut original_ids_per_job = Vec::with_capacity(jobs.len()); + let mut next_request_id = 0; + for mut job in jobs { + let original_ids: Vec = job.requests.iter().map(|request| request.id).collect(); + for request in &mut job.requests { + request.id = next_request_id; + next_request_id += 1; + } + request_counts.push(job.requests.len()); + original_ids_per_job.push(original_ids); + result_channels.push(job.result_tx); + all_requests.extend(job.requests); + } + let results = inv.invoke(all_requests, timeout).await; + drop(_permit); + let mut cursor = 0; + for ((request_count, result_tx), original_ids) in request_counts + .into_iter() + .zip(result_channels.into_iter()) + .zip(original_ids_per_job.into_iter()) + { + let end = cursor + request_count; + let mut job_results = results[cursor..end].to_vec(); + for (result, original_id) in job_results.iter_mut().zip(original_ids.into_iter()) { + result.id = original_id; + } + let _ = result_tx.send(job_results); + cursor = end; + } +} + +struct ShutdownRequest { + ack: oneshot::Sender<()>, + drain_timeout: Duration, +} + +fn coalesce_job( + first_job: Job, + pending_jobs: &mut VecDeque, + rx: &mut QueueReceiver, + pending_shutdown: &mut Option, +) -> Vec { + let target_timeout = first_job.timeout; + let mut jobs = vec![first_job]; + let mut total_requests = jobs[0].requests.len(); + + let mut remaining_pending = VecDeque::new(); + while let Some(job) = pending_jobs.pop_front() { + let job_request_count = job.requests.len(); + if job.timeout == target_timeout + && total_requests + job_request_count <= MAX_COALESCED_REQUESTS + { + total_requests += job_request_count; + jobs.push(job); + if total_requests >= MAX_COALESCED_REQUESTS { + break; + } + } else { + remaining_pending.push_back(job); + } + } + while let Some(job) = pending_jobs.pop_front() { + remaining_pending.push_back(job); + } + *pending_jobs = remaining_pending; + + while total_requests < MAX_COALESCED_REQUESTS { + match rx.try_recv() { + Ok(QueueMessage::Job(job)) => { + let job_request_count = job.requests.len(); + if job.timeout == target_timeout + && total_requests + job_request_count <= MAX_COALESCED_REQUESTS + { + total_requests += job_request_count; + jobs.push(job); + } else { + pending_jobs.push_back(job); + } + } + Ok(QueueMessage::Shutdown { ack, drain_timeout }) => { + *pending_shutdown = Some(ShutdownRequest { ack, drain_timeout }); + break; + } + Err(QueueTryRecvError::Empty) | Err(QueueTryRecvError::Disconnected) => break, + } + } + + jobs +} + +/// Message to the queue worker: either a job or a shutdown request with ack and drain timeout. +enum QueueMessage { + Job(Job), + Shutdown { + ack: oneshot::Sender<()>, + drain_timeout: Duration, + }, +} + +/// Error when the queue cannot accept new work. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum QueueError { + /// Queue is at capacity (max_queued exceeded). + Full, + /// Queue was not initialized. + NotInitialized, + /// Queue is shutting down or channel closed. + Shutdown, +} + +enum QueueSender { + Bounded(mpsc::Sender), + Unbounded(mpsc::UnboundedSender), +} + +impl Clone for QueueSender { + fn clone(&self) -> Self { + match self { + QueueSender::Bounded(tx) => QueueSender::Bounded(tx.clone()), + QueueSender::Unbounded(tx) => QueueSender::Unbounded(tx.clone()), + } + } +} + +static QUEUE_STATE: OnceLock = OnceLock::new(); +static SHUTDOWN_REQUESTED: AtomicBool = AtomicBool::new(false); +/// When set, Python passes encrypted auth blobs only; Rust is the only decryption path (AES-GCM match services_auth). No Python fallback. +static AUTH_SECRET: OnceLock> = OnceLock::new(); + +/// Initialize the A2A invoke batch queue. Call once at startup. +/// * `max_concurrent`: max batches in flight (worker semaphore). +/// * `max_queued`: max pending jobs in the channel; when exceeded try_submit_batch returns QueueError::Full. None = unbounded. +/// * `auth_secret`: when Some, request tuples must carry encrypted auth (query params and headers); we decrypt in Rust. +#[allow(clippy::module_name_repetitions)] +pub fn init_queue(max_concurrent: usize, max_queued: Option, auth_secret: Option) { + let _ = AUTH_SECRET.set(auth_secret); + let _ = QUEUE_STATE.get_or_init(|| { + SHUTDOWN_REQUESTED.store(false, Ordering::SeqCst); + let (sender, mut rx) = match max_queued { + Some(capacity) => { + let (tx, rx) = mpsc::channel::(capacity); + (QueueSender::Bounded(tx), QueueReceiver::Bounded(rx)) + } + None => { + let (tx, rx) = mpsc::unbounded_channel::(); + (QueueSender::Unbounded(tx), QueueReceiver::Unbounded(rx)) + } + }; + info!( + "A2A invoke queue: max_concurrent={}, max_queued={:?}", + max_concurrent, max_queued + ); + thread::spawn(move || { + let rt = Runtime::new().expect("A2A queue Tokio runtime"); + rt.block_on(async { + let semaphore = Arc::new(Semaphore::new(max_concurrent)); + let mut joinset: JoinSet<()> = JoinSet::new(); + let mut pending_jobs: VecDeque = VecDeque::new(); + let mut pending_shutdown: Option = None; + loop { + let next_message = if let Some(shutdown) = pending_shutdown.take() { + Some(QueueMessage::Shutdown { + ack: shutdown.ack, + drain_timeout: shutdown.drain_timeout, + }) + } else if let Some(job) = pending_jobs.pop_front() { + Some(QueueMessage::Job(job)) + } else { + rx.recv().await + }; + match next_message { + Some(QueueMessage::Job(job)) => { + let jobs = coalesce_job( + job, + &mut pending_jobs, + &mut rx, + &mut pending_shutdown, + ); + let sem = semaphore.clone(); + joinset.spawn(async move { + run_job_group(jobs, sem).await; + }); + } + Some(QueueMessage::Shutdown { ack, drain_timeout }) => { + let deadline = Instant::now() + drain_timeout; + while let Some(job) = pending_jobs.pop_front() { + let jobs = coalesce_job( + job, + &mut pending_jobs, + &mut rx, + &mut pending_shutdown, + ); + let sem = semaphore.clone(); + joinset.spawn(async move { + run_job_group(jobs, sem).await; + }); + } + while Instant::now() < deadline { + match rx.try_recv() { + Ok(QueueMessage::Job(job)) => { + let jobs = coalesce_job( + job, + &mut pending_jobs, + &mut rx, + &mut pending_shutdown, + ); + let sem = semaphore.clone(); + joinset.spawn(async move { + run_job_group(jobs, sem).await; + }); + } + Ok(QueueMessage::Shutdown { + ack: _, + drain_timeout: _, + }) => {} + Err(QueueTryRecvError::Empty) => break, + Err(QueueTryRecvError::Disconnected) => break, + } + } + // Wait for in-flight jobs to finish (best effort within drain_timeout). + while Instant::now() < deadline { + let remaining = deadline.saturating_duration_since(Instant::now()); + if remaining.is_zero() { + break; + } + match tokio::time::timeout(remaining, joinset.join_next()).await { + Ok(Some(_)) => continue, + Ok(None) => break, + Err(_) => break, + } + } + let _ = ack.send(()); + break; + } + None => break, + } + } + }); + }); + sender + }); +} + +/// Submit a batch to the queue. Returns a receiver for the result, or QueueError if the queue is unavailable. +/// Requires [`init_queue`] to have been called first. +#[allow(clippy::module_name_repetitions)] +pub fn try_submit_batch( + requests: Vec, + timeout: Duration, +) -> Result>, QueueError> { + if SHUTDOWN_REQUESTED.load(Ordering::SeqCst) { + return Err(QueueError::Shutdown); + } + let tx = QUEUE_STATE.get().ok_or(QueueError::NotInitialized)?.clone(); + let (result_tx, result_rx) = oneshot::channel(); + let msg = QueueMessage::Job(Job { + requests, + timeout, + result_tx, + }); + match tx { + QueueSender::Bounded(tx) => tx.try_send(msg).map_err(|e| match e { + mpsc::error::TrySendError::Full(_) => QueueError::Full, + mpsc::error::TrySendError::Closed(_) => QueueError::Shutdown, + })?, + QueueSender::Unbounded(tx) => tx.send(msg).map_err(|_| QueueError::Shutdown)?, + } + Ok(result_rx) +} + +/// Graceful shutdown: signal the worker to stop accepting new work and drain pending jobs, then wait for ack (or timeout). +/// Call this from Python's lifespan after stopping the metrics buffer; await with the desired timeout. +/// After this returns, [`try_submit_batch`] will return `Err(QueueError::Shutdown)`. +pub async fn shutdown_queue(timeout_secs: f64) -> Result<(), String> { + let tx = QUEUE_STATE + .get() + .ok_or_else(|| "A2A invoke queue was not initialized".to_string())? + .clone(); + SHUTDOWN_REQUESTED.store(true, Ordering::SeqCst); + let drain_timeout = Duration::from_secs_f64(timeout_secs); + let (ack_tx, ack_rx) = oneshot::channel(); + match tx { + QueueSender::Bounded(tx) => { + tx.send(QueueMessage::Shutdown { + ack: ack_tx, + drain_timeout, + }) + .await + .map_err(|e| format!("queue worker channel closed: {}", e))?; + } + QueueSender::Unbounded(tx) => { + tx.send(QueueMessage::Shutdown { + ack: ack_tx, + drain_timeout, + }) + .map_err(|e| format!("queue worker channel closed: {}", e))?; + } + } + let wait_timeout = Duration::from_secs_f64(timeout_secs + 5.0); + tokio::time::timeout(wait_timeout, ack_rx) + .await + .map_err(|_| "queue shutdown ack timed out".to_string())? + .map_err(|_| "queue shutdown ack channel closed".to_string())?; + Ok(()) +} + +enum QueueReceiver { + Bounded(mpsc::Receiver), + Unbounded(mpsc::UnboundedReceiver), +} + +impl QueueReceiver { + async fn recv(&mut self) -> Option { + match self { + QueueReceiver::Bounded(rx) => rx.recv().await, + QueueReceiver::Unbounded(rx) => rx.recv().await, + } + } + + fn try_recv(&mut self) -> Result { + match self { + QueueReceiver::Bounded(rx) => match rx.try_recv() { + Ok(msg) => Ok(msg), + Err(mpsc::error::TryRecvError::Empty) => Err(QueueTryRecvError::Empty), + Err(mpsc::error::TryRecvError::Disconnected) => { + Err(QueueTryRecvError::Disconnected) + } + }, + QueueReceiver::Unbounded(rx) => match rx.try_recv() { + Ok(msg) => Ok(msg), + Err(mpsc::error::TryRecvError::Empty) => Err(QueueTryRecvError::Empty), + Err(mpsc::error::TryRecvError::Disconnected) => { + Err(QueueTryRecvError::Disconnected) + } + }, + } + } +} + +enum QueueTryRecvError { + Empty, + Disconnected, +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_queue_full_is_send_sync() { + fn assert_send_sync() {} + assert_send_sync::(); + } +} diff --git a/tools_rust/a2a_service/src/server.rs b/tools_rust/a2a_service/src/server.rs new file mode 100644 index 0000000000..c93067a99e --- /dev/null +++ b/tools_rust/a2a_service/src/server.rs @@ -0,0 +1,333 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! Axum router and handlers for the A2A invoke service (used by binary and integration tests). + +use std::sync::Arc; + +use axum::{ + extract::State, + http::{HeaderMap, HeaderName, HeaderValue, Method, StatusCode}, + response::IntoResponse, + routing::{get, post}, + Json, Router, +}; +use futures::future::join_all; + +use crate::{ + submit_batch, BatchSubmitError, InvokeRequestDto, QueueError, +}; + +/// Shared state for the A2A HTTP server. +#[derive(Clone)] +pub struct AppState { + /// Optional auth secret for decrypting encrypted auth blobs in invoke requests. + pub auth_secret: Option, + /// Per-request timeout in seconds for low-level invoke. + pub timeout_secs: f64, + /// Base URL of the Python gateway (for proxy and a2a invoke). + pub backend_base_url: String, + /// HTTP client for proxying to the backend. + pub client: reqwest::Client, +} + +/// Build the Axum router with all A2A routes. Caller must have called `init_invoker` and `init_queue` before using `/invoke`. +pub fn router(state: Arc) -> Router { + Router::new() + .route("/health", get(health)) + .route("/invoke", post(invoke_low_level)) + .route("/a2a/{agent_name}/invoke", post(a2a_invoke)) + .nest("/a2a", Router::new().fallback(a2a_proxy)) + .with_state(state) +} + +async fn health() -> &'static str { + "ok" +} + +/// POST /invoke: low-level endpoint for internal use. +/// Body is either a single `InvokeRequestDto` or an array of them (batch). +/// Optional header X-Auth-Secret overrides config auth secret for decryption. +async fn invoke_low_level( + State(state): State>, + request: axum::http::Request, +) -> impl IntoResponse { + let auth_secret = request + .headers() + .get("X-Auth-Secret") + .and_then(|v| v.to_str().ok().map(String::from)) + .or_else(|| state.auth_secret.clone()); + + let body = match axum::body::to_bytes(request.into_body(), 100 * 1024 * 1024).await { + Ok(b) => b, + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("body read: {}", e) })), + ) + .into_response(); + } + }; + + let requests: Vec = match serde_json::from_slice::(&body) { + Ok(serde_json::Value::Array(arr)) => { + match serde_json::from_value(serde_json::Value::Array(arr)) { + Ok(r) => r, + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("batch array: {}", e) })), + ) + .into_response(); + } + } + } + Ok(serde_json::Value::Object(_)) => match serde_json::from_slice::(&body) + { + Ok(single) => vec![single], + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("single request: {}", e) })), + ) + .into_response(); + } + }, + _ => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": "body must be a JSON object or array" })), + ) + .into_response(); + } + }; + + if requests.is_empty() { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": "empty batch" })), + ) + .into_response(); + } + + match submit_batch(&requests, auth_secret.as_deref(), state.timeout_secs).await { + Ok(results) => { + let json = if results.len() == 1 { + serde_json::to_value(&results[0]).unwrap_or(serde_json::Value::Null) + } else { + serde_json::to_value(&results).unwrap_or(serde_json::Value::Array(vec![])) + }; + (StatusCode::OK, Json(json)).into_response() + } + Err(e) => { + let (status, msg) = match &e { + BatchSubmitError::Parse(_) => (StatusCode::BAD_REQUEST, e.to_string()), + BatchSubmitError::Queue(QueueError::Full) => { + (StatusCode::SERVICE_UNAVAILABLE, "queue full".to_string()) + } + BatchSubmitError::Queue(QueueError::NotInitialized) => ( + StatusCode::INTERNAL_SERVER_ERROR, + "queue not initialized".to_string(), + ), + BatchSubmitError::Queue(QueueError::Shutdown) => { + (StatusCode::SERVICE_UNAVAILABLE, "queue shutdown".to_string()) + } + }; + (status, Json(serde_json::json!({ "error": msg }))).into_response() + } + } +} + +/// POST /a2a/{agent_name}/invoke: single or batch; batch fans out to backend per item. +async fn a2a_invoke( + State(state): State>, + axum::extract::Path(agent_name): axum::extract::Path, + headers: HeaderMap, + request: axum::http::Request, +) -> impl IntoResponse { + let body_bytes = match axum::body::to_bytes(request.into_body(), 100 * 1024 * 1024).await { + Ok(b) => b, + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("body read: {}", e) })), + ) + .into_response(); + } + }; + + let value: serde_json::Value = match serde_json::from_slice(&body_bytes) { + Ok(v) => v, + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("invalid json: {}", e) })), + ) + .into_response(); + } + }; + + if let serde_json::Value::Array(items) = value { + let futs = items.into_iter().map(|item| { + let agent = item + .get("agent_name") + .and_then(|v| v.as_str()) + .map(str::to_string) + .unwrap_or_else(|| agent_name.clone()); + proxy_invoke_one(state.clone(), agent, &headers, item) + }); + let results = join_all(futs).await; + return (StatusCode::OK, Json(serde_json::Value::Array(results))).into_response(); + } + + proxy_invoke_raw(state, &agent_name, &headers, body_bytes.to_vec()).await +} + +async fn proxy_invoke_one( + state: Arc, + agent_name: String, + headers: &HeaderMap, + item: serde_json::Value, +) -> serde_json::Value { + let body = match serde_json::to_vec(&item) { + Ok(b) => b, + Err(e) => return serde_json::json!({ "error": format!("encode: {e}") }), + }; + let resp = proxy_invoke_raw(state, &agent_name, headers, body).await; + response_body_to_json(resp).await +} + +async fn proxy_invoke_raw( + state: Arc, + agent_name: &str, + headers: &HeaderMap, + body: Vec, +) -> axum::response::Response { + let path = format!("/a2a/{}/invoke", agent_name); + let url = format!("{}{}", state.backend_base_url, path); + let mut req = state.client.post(url); + for (k, v) in headers.iter() { + if should_forward_header(k) { + req = req.header(k, v); + } + } + match req.body(body).send().await { + Ok(resp) => response_to_axum(resp).await, + Err(e) => ( + StatusCode::BAD_GATEWAY, + Json(serde_json::json!({ "error": format!("backend invoke: {}", e) })), + ) + .into_response(), + } +} + +async fn a2a_proxy( + State(state): State>, + request: axum::http::Request, +) -> impl IntoResponse { + proxy_request_with_prefix(state, request, "/a2a").await +} + +async fn proxy_request_with_prefix( + state: Arc, + request: axum::http::Request, + prefix: &str, +) -> axum::response::Response { + let (parts, body) = request.into_parts(); + let path_and_query = parts + .uri + .path_and_query() + .map(|pq| pq.as_str()) + .unwrap_or("/"); + let url = format!("{}{}{}", state.backend_base_url, prefix, path_and_query); + let method = parts.method; + let body_bytes = match axum::body::to_bytes(body, 100 * 1024 * 1024).await { + Ok(b) => b.to_vec(), + Err(e) => { + return ( + StatusCode::BAD_REQUEST, + Json(serde_json::json!({ "error": format!("body read: {}", e) })), + ) + .into_response(); + } + }; + + let mut req = state.client.request(method_to_reqwest(method), url); + for (k, v) in parts.headers.iter() { + if should_forward_header(k) { + req = req.header(k, v); + } + } + match req.body(body_bytes).send().await { + Ok(resp) => response_to_axum(resp).await, + Err(e) => ( + StatusCode::BAD_GATEWAY, + Json(serde_json::json!({ "error": format!("backend proxy: {}", e) })), + ) + .into_response(), + } +} + +fn method_to_reqwest(method: Method) -> reqwest::Method { + match method { + Method::GET => reqwest::Method::GET, + Method::POST => reqwest::Method::POST, + Method::PUT => reqwest::Method::PUT, + Method::PATCH => reqwest::Method::PATCH, + Method::DELETE => reqwest::Method::DELETE, + Method::HEAD => reqwest::Method::HEAD, + Method::OPTIONS => reqwest::Method::OPTIONS, + other => reqwest::Method::from_bytes(other.as_str().as_bytes()) + .unwrap_or(reqwest::Method::POST), + } +} + +fn should_forward_header(name: &HeaderName) -> bool { + !matches!( + name.as_str().to_ascii_lowercase().as_str(), + "connection" + | "keep-alive" + | "proxy-authenticate" + | "proxy-authorization" + | "te" + | "trailer" + | "transfer-encoding" + | "upgrade" + | "host" + | "content-length" + ) +} + +async fn response_to_axum(resp: reqwest::Response) -> axum::response::Response { + let status = StatusCode::from_u16(resp.status().as_u16()).unwrap_or(StatusCode::BAD_GATEWAY); + let mut out_headers = HeaderMap::new(); + for (k, v) in resp.headers().iter() { + if let (Ok(name), Ok(val)) = ( + HeaderName::from_bytes(k.as_str().as_bytes()), + HeaderValue::from_bytes(v.as_bytes()), + ) { + if should_forward_header(&name) { + out_headers.insert(name, val); + } + } + } + let bytes = match resp.bytes().await { + Ok(b) => b.to_vec(), + Err(_) => Vec::new(), + }; + (status, out_headers, bytes).into_response() +} + +async fn response_body_to_json(resp: axum::response::Response) -> serde_json::Value { + let (parts, body) = resp.into_parts(); + let status = parts.status.as_u16(); + let bytes = match axum::body::to_bytes(body, 100 * 1024 * 1024).await { + Ok(b) => b.to_vec(), + Err(e) => { + return serde_json::json!({ "status_code": status, "error": format!("body read: {e}") }); + } + }; + serde_json::from_slice(&bytes).unwrap_or_else(|_| { + serde_json::json!({ "status_code": status, "error": "invalid backend response" }) + }) +} diff --git a/tools_rust/a2a_service/tests/integration.rs b/tools_rust/a2a_service/tests/integration.rs new file mode 100644 index 0000000000..18911f83bd --- /dev/null +++ b/tools_rust/a2a_service/tests/integration.rs @@ -0,0 +1,239 @@ +// Copyright 2026 +// SPDX-License-Identifier: Apache-2.0 +// +//! Integration tests for the A2A Axum app: health, invoke, and proxy routes. + +use std::sync::Arc; + +use a2a_service::{init_invoker, init_queue, server}; +use axum::body::Body; +use axum::http::{Request, StatusCode}; +use http_body_util::BodyExt; +use tower::ServiceExt; +use wiremock::matchers::{method, path}; +use wiremock::{Mock, MockServer, ResponseTemplate}; + +fn test_state(backend_base_url: String) -> Arc { + Arc::new(server::AppState { + auth_secret: None, + timeout_secs: 60.0, + backend_base_url, + client: reqwest::Client::new(), + }) +} + +/// Ensure queue and invoker are initialized so /invoke can run (shared state across tests). +fn ensure_init() { + init_invoker(4, 1); + init_queue(4, Some(100), None); +} + +#[tokio::test] +async fn test_health_returns_ok() { + let state = test_state("http://127.0.0.1:4444".to_string()); + let app = server::router(state); + + let request = Request::builder() + .uri("/health") + .body(Body::empty()) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + let body = response.into_body().collect().await.unwrap().to_bytes(); + assert_eq!(body.as_ref(), b"ok"); +} + +#[tokio::test] +async fn test_invoke_empty_batch_returns_400() { + ensure_init(); + let state = test_state("http://127.0.0.1:4444".to_string()); + let app = server::router(state); + + let body = serde_json::json!([]); + let request = Request::builder() + .method("POST") + .uri("/invoke") + .header("Content-Type", "application/json") + .body(Body::from(serde_json::to_vec(&body).unwrap())) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::BAD_REQUEST); +} + +#[tokio::test] +async fn test_invoke_invalid_json_returns_400() { + ensure_init(); + let state = test_state("http://127.0.0.1:4444".to_string()); + let app = server::router(state); + + let request = Request::builder() + .method("POST") + .uri("/invoke") + .header("Content-Type", "application/json") + .body(Body::from(Vec::from(b"not json" as &[u8]))) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::BAD_REQUEST); +} + +#[tokio::test] +async fn test_invoke_not_object_or_array_returns_400() { + ensure_init(); + let state = test_state("http://127.0.0.1:4444".to_string()); + let app = server::router(state); + + let request = Request::builder() + .method("POST") + .uri("/invoke") + .header("Content-Type", "application/json") + .body(Body::from(Vec::from(b"\"string\"" as &[u8]))) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::BAD_REQUEST); +} + +#[tokio::test] +async fn test_invoke_single_request_success() { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"result":true}"#)) + .mount(&mock) + .await; + + ensure_init(); + let state = test_state("http://127.0.0.1:4444".to_string()); + let app = server::router(state); + + let body = serde_json::json!({ + "id": 1, + "base_url": mock.uri(), + "body": "{}" + }); + let request = Request::builder() + .method("POST") + .uri("/invoke") + .header("Content-Type", "application/json") + .body(Body::from(serde_json::to_vec(&body).unwrap())) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + let buf = response.into_body().collect().await.unwrap().to_bytes(); + let json: serde_json::Value = serde_json::from_slice(&buf).unwrap(); + assert_eq!(json.get("status_code").and_then(|v| v.as_u64()), Some(200)); + assert_eq!(json.get("success").and_then(|v| v.as_bool()), Some(true)); +} + +#[tokio::test] +async fn test_a2a_invoke_batch_returns_array() { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/a2a/my_agent/invoke")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"ok":true}"#)) + .mount(&mock) + .await; + + let uri = mock.uri(); + let base = uri.trim_end_matches('/').to_string(); + let state = test_state(base); + let app = server::router(state); + + let body = serde_json::json!([{"query": "a"}, {"query": "b"}]); + let request = Request::builder() + .method("POST") + .uri("/a2a/my_agent/invoke") + .header("Content-Type", "application/json") + .body(Body::from(serde_json::to_vec(&body).unwrap())) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + let buf = response.into_body().collect().await.unwrap().to_bytes(); + let json: serde_json::Value = serde_json::from_slice(&buf).unwrap(); + let arr = json.as_array().unwrap(); + assert_eq!(arr.len(), 2); +} + +#[tokio::test] +async fn test_a2a_proxy_forwards_to_backend() { + let mock = MockServer::start().await; + // Axum nesting may forward /a2a as either /a2a or /a2a/ depending on slash normalization. + Mock::given(method("GET")) + .and(path("/a2a")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"agents":[]}"#)) + .mount(&mock) + .await; + Mock::given(method("GET")) + .and(path("/a2a/")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"agents":[]}"#)) + .mount(&mock) + .await; + + let base = mock.uri().trim_end_matches('/').to_string(); + let state = test_state(base); + let app = server::router(state); + + let request = Request::builder() + .method("GET") + .uri("/a2a") + .body(Body::empty()) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + let buf = response.into_body().collect().await.unwrap().to_bytes(); + let json: serde_json::Value = serde_json::from_slice(&buf).unwrap(); + assert!(json.get("agents").is_some()); +} + +#[tokio::test] +async fn test_a2a_proxy_post_returns_backend_response() { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/a2a")) + .respond_with(ResponseTemplate::new(201).set_body_string(r#"{"id":"new"}"#)) + .mount(&mock) + .await; + Mock::given(method("POST")) + .and(path("/a2a/")) + .respond_with(ResponseTemplate::new(201).set_body_string(r#"{"id":"new"}"#)) + .mount(&mock) + .await; + + let base = mock.uri().trim_end_matches('/').to_string(); + let state = test_state(base); + let app = server::router(state); + + let request = Request::builder() + .method("POST") + .uri("/a2a") + .header("Content-Type", "application/json") + .body(Body::from(Vec::from(b"{}" as &[u8]))) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::CREATED); +} + +#[tokio::test] +async fn test_a2a_invoke_single_proxies_to_backend() { + let mock = MockServer::start().await; + Mock::given(method("POST")) + .and(path("/a2a/foo/invoke")) + .respond_with(ResponseTemplate::new(200).set_body_string(r#"{"result":"ok"}"#)) + .mount(&mock) + .await; + + let base = mock.uri().trim_end_matches('/').to_string(); + let state = test_state(base); + let app = server::router(state); + + let request = Request::builder() + .method("POST") + .uri("/a2a/foo/invoke") + .header("Content-Type", "application/json") + .body(Body::from(Vec::from(b"{\"method\":\"test\"}" as &[u8]))) + .unwrap(); + let response = app.oneshot(request).await.unwrap(); + assert_eq!(response.status(), StatusCode::OK); + let buf = response.into_body().collect().await.unwrap().to_bytes(); + let json: serde_json::Value = serde_json::from_slice(&buf).unwrap(); + assert_eq!(json.get("result").and_then(|v| v.as_str()), Some("ok")); +}