Merge branch 'main' into split_proto_deps

Author: vinoo999

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [0.3.14](https://github.com/a2aproject/a2a-python/compare/v0.3.13...v0.3.14) (2025-11-17)
+
+
+### Features
+
+* **jsonrpc:** add option to disable oversized payload check in JSONRPC applications ([ba142df](https://github.com/a2aproject/a2a-python/commit/ba142df821d1c06be0b96e576fd43015120fcb0b))
+
+## [0.3.13](https://github.com/a2aproject/a2a-python/compare/v0.3.12...v0.3.13) (2025-11-13)
+
+
+### Bug Fixes
+
+* return entire history when history_length=0 ([#537](https://github.com/a2aproject/a2a-python/issues/537)) ([acdc0de](https://github.com/a2aproject/a2a-python/commit/acdc0de4fa03d34a6b287ab252ff51b19c3016b5))
+
 ## [0.3.12](https://github.com/a2aproject/a2a-python/compare/v0.3.11...v0.3.12) (2025-11-12)
 
 

src/a2a/client/__init__.py

@@ -7,6 +7,7 @@
     CredentialService,
     InMemoryContextCredentialStore,
 )
+from a2a.client.base_client import BaseClient
 from a2a.client.card_resolver import A2ACardResolver
 from a2a.client.client import Client, ClientConfig, ClientEvent, Consumer
 from a2a.client.client_factory import ClientFactory, minimal_agent_card
@@ -51,6 +52,7 @@ def __init__(self, *args, **kwargs):
     'A2AClientTimeoutError',
     'A2AGrpcClient',
     'AuthInterceptor',
+    'BaseClient',
     'Client',
     'ClientCallContext',
     'ClientCallInterceptor',

src/a2a/server/apps/jsonrpc/fastapi_app.py

@@ -77,6 +77,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the A2AFastAPIApplication.
 
@@ -94,6 +95,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_fastapi_installed:
             raise ImportError(
@@ -108,6 +111,7 @@ def __init__(  # noqa: PLR0913
             context_builder=context_builder,
             card_modifier=card_modifier,
             extended_card_modifier=extended_card_modifier,
+            max_content_length=max_content_length,
         )
 
     def add_routes_to_app(

src/a2a/server/apps/jsonrpc/jsonrpc_app.py

@@ -91,8 +91,6 @@
         Response = Any
         HTTP_413_REQUEST_ENTITY_TOO_LARGE = Any
 
-MAX_CONTENT_LENGTH = 10_000_000
-
 
 class StarletteUserProxy(A2AUser):
     """Adapts the Starlette User class to the A2A user representation."""
@@ -185,6 +183,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the JSONRPCApplication.
 
@@ -202,6 +201,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -220,6 +221,7 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier=extended_card_modifier,
         )
         self._context_builder = context_builder or DefaultCallContextBuilder()
+        self._max_content_length = max_content_length
 
     def _generate_error_response(
         self, request_id: str | int | None, error: JSONRPCError | A2AError
@@ -261,6 +263,22 @@ def _generate_error_response(
             status_code=200,
         )
 
+    def _allowed_content_length(self, request: Request) -> bool:
+        """Checks if the request content length is within the allowed maximum.
+
+        Args:
+            request: The incoming Starlette Request object.
+
+        Returns:
+            False if the content length is larger than the allowed maximum, True otherwise.
+        """
+        if self._max_content_length is not None:
+            with contextlib.suppress(ValueError):
+                content_length = int(request.headers.get('content-length', '0'))
+                if content_length and content_length > self._max_content_length:
+                    return False
+        return True
+
     async def _handle_requests(self, request: Request) -> Response:  # noqa: PLR0911
         """Handles incoming POST requests to the main A2A endpoint.
 
@@ -291,18 +309,14 @@ async def _handle_requests(self, request: Request) -> Response:  # noqa: PLR0911
                     request_id, str | int
                 ):
                     request_id = None
-            # Treat very large payloads as invalid request (-32600) before routing
-            with contextlib.suppress(Exception):
-                content_length = int(request.headers.get('content-length', '0'))
-                if content_length and content_length > MAX_CONTENT_LENGTH:
-                    return self._generate_error_response(
-                        request_id,
-                        A2AError(
-                            root=InvalidRequestError(
-                                message='Payload too large'
-                            )
-                        ),
-                    )
+            # Treat payloads lager than allowed as invalid request (-32600) before routing
+            if not self._allowed_content_length(request):
+                return self._generate_error_response(
+                    request_id,
+                    A2AError(
+                        root=InvalidRequestError(message='Payload too large')
+                    ),
+                )
             logger.debug('Request body: %s', body)
             # 1) Validate base JSON-RPC structure only (-32600 on failure)
             try:

src/a2a/server/apps/jsonrpc/starlette_app.py

@@ -59,6 +59,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the A2AStarletteApplication.
 
@@ -76,6 +77,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -90,6 +93,7 @@ def __init__(  # noqa: PLR0913
             context_builder=context_builder,
             card_modifier=card_modifier,
             extended_card_modifier=extended_card_modifier,
+            max_content_length=max_content_length,
         )
 
     def routes(

src/a2a/utils/task.py

@@ -83,11 +83,9 @@ def apply_history_length(task: Task, history_length: int | None) -> Task:
         A new task object with limited history
     """
     # Apply historyLength parameter if specified
-    if history_length is not None and task.history:
+    if history_length is not None and history_length > 0 and task.history:
         # Limit history to the most recent N messages
-        limited_history = (
-            task.history[-history_length:] if history_length > 0 else []
-        )
+        limited_history = task.history[-history_length:]
         # Create a new task instance with limited history
         return task.model_copy(update={'history': limited_history})
 

tests/server/apps/jsonrpc/test_serialization.py

@@ -136,6 +136,42 @@ def test_handle_oversized_payload(agent_card_with_api_key: AgentCard):
     assert data['error']['code'] == InvalidRequestError().code
 
 
+@pytest.mark.parametrize(
+    'max_content_length',
+    [
+        None,
+        11 * 1024 * 1024,
+        30 * 1024 * 1024,
+    ],
+)
+def test_handle_oversized_payload_with_max_content_length(
+    agent_card_with_api_key: AgentCard,
+    max_content_length: int | None,
+):
+    """Test handling of JSON payloads with sizes within custom max_content_length."""
+    handler = mock.AsyncMock()
+    app_instance = A2AStarletteApplication(
+        agent_card_with_api_key, handler, max_content_length=max_content_length
+    )
+    client = TestClient(app_instance.build())
+
+    large_string = 'a' * 11 * 1_000_000  # 11MB string
+    payload = {
+        'jsonrpc': '2.0',
+        'method': 'test',
+        'id': 1,
+        'params': {'data': large_string},
+    }
+
+    response = client.post('/', json=payload)
+    assert response.status_code == 200
+    data = response.json()
+    # When max_content_length is set, requests up to that size should not be
+    # rejected due to payload size. The request might fail for other reasons,
+    # but it shouldn't be an InvalidRequestError related to the content length.
+    assert data['error']['code'] != InvalidRequestError().code
+
+
 def test_handle_unicode_characters(agent_card_with_api_key: AgentCard):
     """Test handling of unicode characters in JSON payload."""
     handler = mock.AsyncMock()

tests/server/request_handlers/test_default_request_handler.py

@@ -834,6 +834,11 @@ async def test_on_message_send_non_blocking():
 
     assert task is not None
     assert task.status.state == TaskState.completed
+    assert (
+        result.history
+        and task.history
+        and len(result.history) == len(task.history)
+    )
 
 
 @pytest.mark.asyncio
@@ -855,7 +860,7 @@ async def test_on_message_send_limit_history():
         configuration=MessageSendConfiguration(
             blocking=True,
             accepted_output_modes=['text/plain'],
-            history_length=0,
+            history_length=1,
         ),
     )
 
@@ -866,17 +871,17 @@ async def test_on_message_send_limit_history():
     # verify that history_length is honored
     assert result is not None
     assert isinstance(result, Task)
-    assert result.history is not None and len(result.history) == 0
+    assert result.history is not None and len(result.history) == 1
     assert result.status.state == TaskState.completed
 
     # verify that history is still persisted to the store
     task = await task_store.get(result.id)
     assert task is not None
-    assert task.history is not None and len(task.history) > 0
+    assert task.history is not None and len(task.history) > 1
 
 
 @pytest.mark.asyncio
-async def test_on_task_get_limit_history():
+async def test_on_get_task_limit_history():
     task_store = InMemoryTaskStore()
     push_store = InMemoryPushNotificationConfigStore()
 
@@ -892,7 +897,8 @@ async def test_on_task_get_limit_history():
             parts=[Part(root=TextPart(text='Hi'))],
         ),
         configuration=MessageSendConfiguration(
-            blocking=True, accepted_output_modes=['text/plain']
+            blocking=True,
+            accepted_output_modes=['text/plain'],
         ),
     )
 
@@ -904,14 +910,14 @@ async def test_on_task_get_limit_history():
     assert isinstance(result, Task)
 
     get_task_result = await request_handler.on_get_task(
-        TaskQueryParams(id=result.id, history_length=0),
+        TaskQueryParams(id=result.id, history_length=1),
         create_server_call_context(),
     )
     assert get_task_result is not None
     assert isinstance(get_task_result, Task)
     assert (
         get_task_result.history is not None
-        and len(get_task_result.history) == 0
+        and len(get_task_result.history) == 1
     )