Add A2AS Certificate

[a2as-team]

Add A2AS Certificate for Agent Transparency and Security

Summary

This PR adds an agent certificate using the A2AS format - an open standard for agentic AI security. The certificate declares operational boundaries, agentic actions, and resources. It acts as a transparency artifact for your agent.

This repository has been certified and added to the registry.

Info and visualization available via the link or badge:

A2AS.org/certified/agents/wildestai/diffgraph-cli

About A2AS Certificates

A2AS certificates are declarative manifests for agent behavior. They describe what an agent is designed to do:

• AI level: agents, models, tools, resources
• APP level: imports, functions, variables
• OS level: files, networks, processes

Certificates are human-readable and machine-readable, and can be used as a transparency and security artifact.

The A2AS standard is a project from the A2AS.org initiative led by experts from big tech and security companies.

Benefits For This Project

This A2AS certificate can help to:

• Make it easier for contributors to see what the agent does
• Increase trust in your agent by making its behavior explicit
• Grow adoption with security-conscious and enterprise users

What This PR Does

This PR doesn't change any code:

• Only adds a2as.yaml to the repository root
• Aligns the certificate with the current agent logic
• Does not modify agent code, prompts, or configuration

Optional Next Steps

When the agent changes, the A2AS certificate is expected to be updated.

A2AS project maintainers can help with updating the certificate as your agent evolves.

If you find this relevant, you can add the A2AS Shield to your README.md file:

Summary by CodeRabbit

• Chores
  • Added a new manifest configuration file (v0.1.2) with agent and process definitions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new YAML manifest file (a2as.yaml) was added that defines configuration for the A2AS framework version 0.1.2, including agent setup, function declarations, variables, and process definitions for code analysis operations.

Changes

Cohort / File(s)	Summary
Manifest Configuration a2as.yaml	New 273-line manifest defining A2AS v0.1.2 with gpt-4o agent configuration, comprehensive function signatures for code analysis lifecycle, environment-backed variables, file variables with read actions, and shell process definitions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Add A2AS Certificate' directly matches the changeset's primary purpose: adding a new a2as.yaml manifest file that serves as an A2AS-format agent certificate.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@a2as.yaml`:
- Around line 26-39: The instructions array mixes plain numbered tokens and
quoted strings causing YAML to parse items like "1." and "3." as numbers; update
the "instructions" array so every entry is a consistently quoted string (e.g.,
change 1. Analyze... and 3. Generate... to "1. Analyze..." and "3. Generate...")
or convert the entire array to a uniform block-style list of strings; target the
"instructions" key in a2as.yaml and ensure each array element is wrapped in
quotes so all items are treated as strings.
- Around line 46-79: Update the incorrect imports that reference graph_manager
to use the fully qualified diffgraph package: change ChangeType, ComponentNode,
FileStatus, and GraphManager import mappings so they read
diffgraph.graph_manager.ChangeType, diffgraph.graph_manager.ComponentNode,
diffgraph.graph_manager.FileStatus, and diffgraph.graph_manager.GraphManager
respectively in the imports block of the manifest; ensure the keys remain the
same (ChangeType, ComponentNode, FileStatus, GraphManager) and only the module
path on the right-hand side is updated.
- Around line 245-273: The shell parameter strings in the processes entries
(e.g., "git", "open", "os.startfile", "xdg-open") use "False" but must use the
lowercase string "false" to match the A2AS schema; update each params.shell
value under those process definitions in a2as.yaml from "False" to "false" so
the values remain strings but conform to the documented format.

🧹 Nitpick comments (1)

a2as.yaml (1)

221-223: Incomplete function declaration for wrapper.

The wrapper function declaration lacks args and params sections, making it less useful for documentation purposes compared to other function declarations in this manifest.

Consider adding complete function signature

   wrapper:
     type: sync
     module: diffgraph.ai_analysis
+    args: ['*args', '**kwargs']
+    params:
+      returns: Any

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Mixed types in instructions array may cause parsing issues.

The instructions array mixes quoted strings with unquoted numbered items (1. Analyze... and 3. Generate...). YAML will parse 1. as a float and 3. as a float, separating them from the subsequent text. This will result in unexpected array elements.

Proposed fix: Quote all instruction items consistently

-      instructions: ['You are an expert code analyzer. Your task is to:', 1. Analyze the given code changes, '2. For each
+      instructions: ['You are an expert code analyzer. Your task is to:', '1. Analyze the given code changes', '2. For each
           component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
           (added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
           (what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
         'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
           traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
           function that belongs to a container', '- Always include both container-level and nested component changes', '-
           For nested components, specify their parent container', '- For containers, list any nested components that were
-          changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
-          it should be listed as a separate component with its parent specified', 3. Generate a clear summary of the changes,
+          changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
+          it should be listed as a separate component with its parent specified', '3. Generate a clear summary of the changes',

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	instructions: ['You are an expert code analyzer. Your task is to:', 1. Analyze the given code changes, '2. For each
	component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
	(added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
	(what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
	'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
	traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
	function that belongs to a container', '- Always include both container-level and nested component changes', '-
	For nested components, specify their parent container', '- For containers, list any nested components that were
	changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
	it should be listed as a separate component with its parent specified', 3. Generate a clear summary of the changes,
	'Note: For each component, you must specify:', '- component_type: what kind of component it is (container/function/method)',
	'- change_type: how it was changed (added, deleted, modified)', '- parent: the name of its parent component if it''s
	nested (e.g., a method within a class)', '- nested_components: list of any components nested within this one (if
	it''s a container)']
	instructions: ['You are an expert code analyzer. Your task is to:', '1. Analyze the given code changes', '2. For each
	component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
	(added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
	(what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
	'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
	traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
	function that belongs to a container', '- Always include both container-level and nested component changes', '-
	For nested components, specify their parent container', '- For containers, list any nested components that were
	changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
	it should be listed as a separate component with its parent specified', '3. Generate a clear summary of the changes',
	'Note: For each component, you must specify:', '- component_type: what kind of component it is (container/function/method)',
	'- change_type: how it was changed (added, deleted, modified)', '- parent: the name of its parent component if it''s
	nested (e.g., a method within a class)', '- nested_components: list of any components nested within this one (if
	it''s a container)']

🤖 Prompt for AI Agents

In `@a2as.yaml` around lines 26 - 39, The instructions array mixes plain numbered
tokens and quoted strings causing YAML to parse items like "1." and "3." as
numbers; update the "instructions" array so every entry is a consistently quoted
string (e.g., change 1. Analyze... and 3. Generate... to "1. Analyze..." and "3.
Generate...") or convert the entire array to a uniform block-style list of
strings; target the "instructions" key in a2as.yaml and ensure each array
element is wrapped in quotes so all items are treated as strings.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if graph_manager is a standalone module or nested under diffgraph

# Search for graph_manager module location
fd -t f 'graph_manager.py' || echo "No graph_manager.py found with fd"

# Check current directory structure
echo "=== Repository structure ===" 
ls -la | head -20

# Look for diffgraph directory
echo "=== Diffgraph contents ===" 
find . -maxdepth 2 -type d -name diffgraph 2>/dev/null | head -5

# Check imports in Python files to see how graph_manager is imported
echo "=== How graph_manager is imported ===" 
rg -n "from graph_manager|import graph_manager" --type=py | head -20

echo "=== How diffgraph.graph_manager is imported ===" 
rg -n "from diffgraph.graph_manager|import diffgraph.graph_manager" --type=py | head -20

# Check the a2as.yaml file context
echo "=== Checking a2as.yaml directory ===" 
ls -la | grep -i yaml

# Check for __init__ files to understand package structure
echo "=== Package init files ===" 
find . -name __init__.py -path "*/diffgraph/*" 2>/dev/null | head -10

Repository: WildestAI/DiffGraph-CLI

Length of output: 1259

---

🏁 Script executed:

#!/bin/bash
# Let's understand what a2as.yaml is and how it uses these imports

echo "=== a2as.yaml content (full file) ===" 
cat a2as.yaml

echo -e "\n=== Checking where graph_manager is imported in Python files ===" 
rg -n "graph_manager" --type=py -A 2 | head -40

echo -e "\n=== Checking setup.py for clues about module structure ===" 
cat setup.py

Repository: WildestAI/DiffGraph-CLI

Length of output: 11213

---

Fix module path references for graph_manager imports in the imports section.

Lines 50, 53, 58, and 60 incorrectly reference graph_manager.* when they should reference diffgraph.graph_manager.*. The module is nested under the diffgraph package (diffgraph/graph_manager.py), and all four imports must use the full qualified path for consistency with the rest of the manifest:

• ChangeType: diffgraph.graph_manager.ChangeType
• ComponentNode: diffgraph.graph_manager.ComponentNode
• FileStatus: diffgraph.graph_manager.FileStatus
• GraphManager: diffgraph.graph_manager.GraphManager

🤖 Prompt for AI Agents

In `@a2as.yaml` around lines 46 - 79, Update the incorrect imports that reference
graph_manager to use the fully qualified diffgraph package: change ChangeType,
ComponentNode, FileStatus, and GraphManager import mappings so they read
diffgraph.graph_manager.ChangeType, diffgraph.graph_manager.ComponentNode,
diffgraph.graph_manager.FileStatus, and diffgraph.graph_manager.GraphManager
respectively in the imports block of the manifest; ensure the keys remain the
same (ChangeType, ComponentNode, FileStatus, GraphManager) and only the module
path on the right-hand side is updated.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

A2AS schema specification shell parameter type boolean

💡 Result:

In the A2A (Agent2Agent) protocol specification, there is no standard shell parameter in the core schema (e.g., AgentCard, AgentSkill, RPC params). The spec does define several boolean fields (for example AgentCapabilities.streaming, pushNotifications, extendedAgentCard, and AgentExtension.required). [1]

If you want a shell flag anyway, it would need to be extension-specific (e.g., inside AgentExtension.params, which is an arbitrary JSON object), and you’d represent it as a JSON boolean (true / false). [1]

Example (extension params):

{
  "uri": "https://example.com/extensions/shell/v1",
  "required": false,
  "params": {
    "shell": true
  }
}

Sources:
[1] A2A Protocol Specification (latest) — AgentCapabilities / AgentExtension / AgentSkill fields: (a2a-protocol.org)

Citations:

• 1: https://a2a-protocol.org/latest/specification/

---

🏁 Script executed:

# Search for A2AS related documentation in the repository
find . -type f -name "*.yaml" -o -name "*.yml" -o -name "*schema*" -o -name "*a2as*" | head -20

Repository: WildestAI/DiffGraph-CLI

Length of output: 78

---

🏁 Script executed:

# Look for any schema or documentation files
fd -e md -e rst -e txt | xargs grep -l "a2as\|A2AS" 2>/dev/null | head -10

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

---

🏁 Script executed:

# Search for how the shell parameter is used in code
rg "shell.*False|shell.*false" -A 2 -B 2

Repository: WildestAI/DiffGraph-CLI

Length of output: 610

---

🏁 Script executed:

# Look for README or documentation mentioning a2as
rg -i "a2as|shell.*parameter" -A 5 -B 5 | head -50

Repository: WildestAI/DiffGraph-CLI

Length of output: 818

---

🏁 Script executed:

# Find Python or other code that parses a2as.yaml
rg "a2as\.yaml|yaml.*load|yaml.*parse" -A 3 -B 3

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

---

🏁 Script executed:

# Look at the actual a2as.yaml file to understand structure
cat a2as.yaml | head -100

Repository: WildestAI/DiffGraph-CLI

Length of output: 4027

---

🏁 Script executed:

# Search for any schema files or documentation
fd -e json -e schema -e spec | xargs ls -la 2>/dev/null

Repository: WildestAI/DiffGraph-CLI

Length of output: 900

---

🌐 Web query:

A2AS.org certification schema specification processes shell parameter

💡 Result:

In the A2AS Behavior Certificate schema (AI Agent Behavior Specification v0.1.2), process execution permissions are declared under the top-level processes map. Each process rule supports:

• type: "shell", "mcp", or "syscall"
• actions: e.g., "exec", "connect"
• args: an array of arrays, where each inner array is an allowed invocation (command + arguments)
• params: an open-ended object for extra constraints (the schema explicitly says it’s “unregulated additional fields”) [1]

Where the shell parameter fits

For entries with type: shell, the schema’s example shows params.shell as a list of allowed values, used to constrain whether the underlying execution API is invoked with a “shell mode” flag (e.g., Python subprocess.run(..., shell=False)):

processes:
  /bin/bash:
    type: shell
    actions: [exec]
    args: [[-lc, whoami]]
    params:
      caller: [subprocess.run]
      shell: ["false"]

[1]

So, processes.<id>.params.shell is the schema location for the “shell parameter”, and it’s intended as a constraint on the runtime’s shell-execution flag (example allowlist: ["false"]) [1].

Source: A2AS Certificate Schema page [1].

---

🏁 Script executed:

# Search for code that loads and uses a2as.yaml
rg "a2as" -i -A 5 -B 5

Repository: WildestAI/DiffGraph-CLI

Length of output: 818

---

🏁 Script executed:

# Search for YAML parsing code
rg "yaml\.|yaml\.load|yaml\.safe_load" -A 5 -B 5

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

---

🏁 Script executed:

# Search for any code that validates or parses the A2AS schema
rg -i "processes|shell.*param" -A 3 -B 3 --type py

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

---

🏁 Script executed:

# Look for any documentation about the format
cat README.md

Repository: WildestAI/DiffGraph-CLI

Length of output: 2562

---

Use lowercase string "false" in shell parameters, not uppercase or YAML booleans.

The shell parameters use uppercase strings ("False") but the A2AS schema specification expects lowercase string values ("false"). While both are strings (not YAML booleans as initially suggested), matching the schema's documented format ensures consistency.

Proposed fix: Use lowercase string values

   git:
     type: shell
     actions: [exec]
     args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
     params:
       caller: [subprocess.run]
-      shell: ["False", "False"]
+      shell: ["false", "false"]
   open:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [subprocess.run]
-      shell: ["False"]
+      shell: ["false"]
   os.startfile:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [os.startfile]
-      shell: ["False"]
+      shell: ["false"]
   xdg-open:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [subprocess.run]
-      shell: ["False"]
+      shell: ["false"]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	processes:
	git:
	type: shell
	actions: [exec]
	args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
	params:
	caller: [subprocess.run]
	shell: ["False", "False"]
	open:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [subprocess.run]
	shell: ["False"]
	os.startfile:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [os.startfile]
	shell: ["False"]
	xdg-open:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [subprocess.run]
	shell: ["False"]
	processes:
	git:
	type: shell
	actions: [exec]
	args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
	params:
	caller: [subprocess.run]
	shell: ["false", "false"]
	open:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [subprocess.run]
	shell: ["false"]
	os.startfile:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [os.startfile]
	shell: ["false"]
	xdg-open:
	type: shell
	actions: [exec]
	args: [[html_path]]
	params:
	caller: [subprocess.run]
	shell: ["false"]

🤖 Prompt for AI Agents

In `@a2as.yaml` around lines 245 - 273, The shell parameter strings in the
processes entries (e.g., "git", "open", "os.startfile", "xdg-open") use "False"
but must use the lowercase string "false" to match the A2AS schema; update each
params.shell value under those process definitions in a2as.yaml from "False" to
"false" so the values remain strings but conform to the documented format.