Skip to content

Add A2AS Certificate #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
a2as-team wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add A2AS Certificate #14

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
273 changes: 273 additions & 0 deletions a2as.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,273 @@
manifest:
version: "0.1.2"
schema: https://a2as.org/cert/schema
subject:
name: wildestai/diffgraph-cli
source: https://github.com/wildestai/diffgraph-cli
branch: main
commit: "a43abac1"
scope: [diffgraph/graph_manager.py, diffgraph/cli.py, diffgraph/ai_analysis.py]
issued:
by: A2AS.org
at: '2026-01-26T16:14:45Z'
signatures:
digest: sha256:Wv8_AJ5iVHCdwnHFeCfXSiFojSLPKA7PRcx_9qRWz68
key: ed25519:EvlDNDdKn86Swdp-JnTIu7LF1CGKEiHlL2l0n5BWsTw
sig: ed25519:1yXq6p7-VywCKc5L_WB8G5QjypQbEyylafcFdD118Gw-8wrOHuqzSvpVjliD-IhyhrqfBpjWYJ4ZH_mA0DmnAw

agents:
agent:
type: instance
models: [gpt-4o]
params:
class: CodeAnalysisAgent
name: Code Analysis Agent
output_type: CodeChangeAnalysis
instructions: ['You are an expert code analyzer. Your task is to:', 1. Analyze the given code changes, '2. For each
component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
(added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
(what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
function that belongs to a container', '- Always include both container-level and nested component changes', '-
For nested components, specify their parent container', '- For containers, list any nested components that were
changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
it should be listed as a separate component with its parent specified', 3. Generate a clear summary of the changes,
'Note: For each component, you must specify:', '- component_type: what kind of component it is (container/function/method)',
'- change_type: how it was changed (added, deleted, modified)', '- parent: the name of its parent component if it''s
nested (e.g., a method within a class)', '- nested_components: list of any components nested within this one (if
it''s a container)']
Comment on lines +26 to +39
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Mixed types in instructions array may cause parsing issues.

The instructions array mixes quoted strings with unquoted numbered items (1. Analyze... and 3. Generate...). YAML will parse 1. as a float and 3. as a float, separating them from the subsequent text. This will result in unexpected array elements.

Proposed fix: Quote all instruction items consistently 
-      instructions: ['You are an expert code analyzer. Your task is to:', 1. Analyze the given code changes, '2. For each
+      instructions: ['You are an expert code analyzer. Your task is to:', '1. Analyze the given code changes', '2. For each
           component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
           (added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
           (what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
         'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
           traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
           function that belongs to a container', '- Always include both container-level and nested component changes', '-
           For nested components, specify their parent container', '- For containers, list any nested components that were
-          changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
-          it should be listed as a separate component with its parent specified', 3. Generate a clear summary of the changes,
+          changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
+          it should be listed as a separate component with its parent specified', '3. Generate a clear summary of the changes',
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
instructions: ['You are an expert code analyzer. Your task is to:', 1. Analyze the given code changes, '2. For each
component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
(added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
(what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
function that belongs to a container', '- Always include both container-level and nested component changes', '-
For nested components, specify their parent container', '- For containers, list any nested components that were
changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
it should be listed as a separate component with its parent specified', 3. Generate a clear summary of the changes,
'Note: For each component, you must specify:', '- component_type: what kind of component it is (container/function/method)',
'- change_type: how it was changed (added, deleted, modified)', '- parent: the name of its parent component if it''s
nested (e.g., a method within a class)', '- nested_components: list of any components nested within this one (if
it''s a container)']
instructions: ['You are an expert code analyzer. Your task is to:', '1. Analyze the given code changes', '2. For each
component that was changed, identify:', '- Its name', '- Its type (container/function/method)', '- How it was changed
(added, deleted, or modified)', '- Its parent component (if it''s nested within another component)', '- Its dependencies
(what it uses)', '- Its dependents (what uses it)', '- Any nested components within it (if it''s a container)',
'Important guidelines:', '- A ''container'' is any component that can contain other components (classes, interfaces,
traits, modules, namespaces)', '- A ''function'' is any standalone function or procedure', '- A ''method'' is any
function that belongs to a container', '- Always include both container-level and nested component changes', '-
For nested components, specify their parent container', '- For containers, list any nested components that were
changed', '- Dependencies can be to both container-level and nested components', '- If a method/function is changed,
it should be listed as a separate component with its parent specified', '3. Generate a clear summary of the changes',
'Note: For each component, you must specify:', '- component_type: what kind of component it is (container/function/method)',
'- change_type: how it was changed (added, deleted, modified)', '- parent: the name of its parent component if it''s
nested (e.g., a method within a class)', '- nested_components: list of any components nested within this one (if
it''s a container)']
🤖 Prompt for AI Agents 
In `@a2as.yaml` around lines 26 - 39, The instructions array mixes plain numbered
tokens and quoted strings causing YAML to parse items like "1." and "3." as
numbers; update the "instructions" array so every entry is a consistently quoted
string (e.g., change 1. Analyze... and 3. Generate... to "1. Analyze..." and "3.
Generate...") or convert the entire array to a uniform block-style list of
strings; target the "instructions" key in a2as.yaml and ensure each array
element is wrapped in quotes so all items are treated as strings.


models:
gpt-4o:
type: literal
agents: [agent]

imports:
Agent: agents.Agent
AnalysisResult: diffgraph.html_report.AnalysisResult
BaseModel: pydantic.BaseModel
ChangeType: graph_manager.ChangeType
click: click
CodeAnalysisAgent: diffgraph.ai_analysis.CodeAnalysisAgent
ComponentNode: graph_manager.ComponentNode
dataclass: dataclasses.dataclass
debug_environment: diffgraph.env_loader.debug_environment
Dict: typing.Dict
Enum: enum.Enum
FileStatus: graph_manager.FileStatus
generate_html_report: diffgraph.html_report.generate_html_report
GraphManager: graph_manager.GraphManager
html: html
involves_working_tree: diffgraph.utils.involves_working_tree
List: typing.List
load_env_file: diffgraph.env_loader.load_env_file
nx: networkx
openai: openai
Optional: typing.Optional
os: os
Path: pathlib.Path
random: random
re: re
Runner: agents.Runner
sanitize_diff_args: diffgraph.utils.sanitize_diff_args
Set: typing.Set
spinner: click_spinner.spinner
subprocess: subprocess
sys: sys
time: time
Tuple: typing.Tuple
Comment on lines +46 to +79
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if graph_manager is a standalone module or nested under diffgraph

# Search for graph_manager module location
fd -t f 'graph_manager.py' || echo "No graph_manager.py found with fd"

# Check current directory structure
echo "=== Repository structure ===" 
ls -la | head -20

# Look for diffgraph directory
echo "=== Diffgraph contents ===" 
find . -maxdepth 2 -type d -name diffgraph 2>/dev/null | head -5

# Check imports in Python files to see how graph_manager is imported
echo "=== How graph_manager is imported ===" 
rg -n "from graph_manager|import graph_manager" --type=py | head -20

echo "=== How diffgraph.graph_manager is imported ===" 
rg -n "from diffgraph.graph_manager|import diffgraph.graph_manager" --type=py | head -20

# Check the a2as.yaml file context
echo "=== Checking a2as.yaml directory ===" 
ls -la | grep -i yaml

# Check for __init__ files to understand package structure
echo "=== Package init files ===" 
find . -name __init__.py -path "*/diffgraph/*" 2>/dev/null | head -10

Repository: WildestAI/DiffGraph-CLI

Length of output: 1259

🏁 Script executed:

#!/bin/bash
# Let's understand what a2as.yaml is and how it uses these imports

echo "=== a2as.yaml content (full file) ===" 
cat a2as.yaml

echo -e "\n=== Checking where graph_manager is imported in Python files ===" 
rg -n "graph_manager" --type=py -A 2 | head -40

echo -e "\n=== Checking setup.py for clues about module structure ===" 
cat setup.py

Repository: WildestAI/DiffGraph-CLI

Length of output: 11213

Fix module path references for graph_manager imports in the imports section.

Lines 50, 53, 58, and 60 incorrectly reference graph_manager.* when they should reference diffgraph.graph_manager.*. The module is nested under the diffgraph package (diffgraph/graph_manager.py), and all four imports must use the full qualified path for consistency with the rest of the manifest:

  • ChangeType: diffgraph.graph_manager.ChangeType
  • ComponentNode: diffgraph.graph_manager.ComponentNode
  • FileStatus: diffgraph.graph_manager.FileStatus
  • GraphManager: diffgraph.graph_manager.GraphManager
🤖 Prompt for AI Agents 
In `@a2as.yaml` around lines 46 - 79, Update the incorrect imports that reference
graph_manager to use the fully qualified diffgraph package: change ChangeType,
ComponentNode, FileStatus, and GraphManager import mappings so they read
diffgraph.graph_manager.ChangeType, diffgraph.graph_manager.ComponentNode,
diffgraph.graph_manager.FileStatus, and diffgraph.graph_manager.GraphManager
respectively in the imports block of the manifest; ensure the keys remain the
same (ChangeType, ComponentNode, FileStatus, GraphManager) and only the module
path on the right-hand side is updated.


functions:
__init__:
type: sync
module: diffgraph.ai_analysis
args: [self, api_key]
__post_init__:
type: sync
module: diffgraph.graph_manager
args: [self]
_add_dependency_relationship:
type: sync
module: diffgraph.ai_analysis
args: [self, source_path, target_path]
params:
returns: bool
_determine_change_type:
type: sync
module: diffgraph.ai_analysis
args: [self, status]
params:
returns: ChangeType
_find_component_match:
type: sync
module: diffgraph.ai_analysis
args: [self, dep, other_comp, comp]
params:
returns: bool
_process_dependencies:
type: sync
module: diffgraph.ai_analysis
args: [self, comp, current_file, mode]
params:
returns: None
_run_agent_analysis:
type: sync
module: diffgraph.ai_analysis
args: [self, prompt]
params:
returns: str
_sanitize_tooltip:
type: sync
module: diffgraph.graph_manager
args: [self, text]
params:
returns: str
_would_create_cycle:
type: sync
module: diffgraph.ai_analysis
args: [self, source, target]
params:
returns: bool
add_component:
type: sync
module: diffgraph.graph_manager
args: [self, name, file_path, change_type, component_type, parent, summary, dependencies, dependents]
params:
returns: None
add_component_dependency:
type: sync
module: diffgraph.graph_manager
args: [self, source, target]
params:
returns: None
add_file:
type: sync
module: diffgraph.graph_manager
args: [self, file_path, change_type]
params:
returns: None
analyze_changes:
type: sync
module: diffgraph.ai_analysis
args: [self, files_with_content, progress_callback]
params:
returns: DiffAnalysis
exponential_backoff_retry:
type: sync
module: diffgraph.ai_analysis
args: [func]
get_changed_files:
type: sync
module: diffgraph.cli
args: [diff_args]
params:
returns: List[Dict]
get_connected_components:
type: sync
module: diffgraph.graph_manager
args: [self, start_component, max_depth]
params:
returns: Set[str]
get_mermaid_diagram:
type: sync
module: diffgraph.graph_manager
args: [self]
params:
returns: str
get_next_file:
type: sync
module: diffgraph.graph_manager
args: [self]
params:
returns: Optional[str]
is_git_repo:
type: sync
module: diffgraph.cli
params:
returns: bool
load_file_contents:
type: sync
module: diffgraph.cli
args: [changed_files, diff_args]
params:
returns: List[Dict]
main:
type: sync
module: diffgraph.cli
args: [args, api_key, output, no_open, debug_env]
mark_error:
type: sync
module: diffgraph.graph_manager
args: [self, file_path, error]
params:
returns: None
mark_processed:
type: sync
module: diffgraph.graph_manager
args: [self, file_path, summary, components]
params:
returns: None
mark_processing:
type: sync
module: diffgraph.graph_manager
args: [self, file_path]
params:
returns: None
progress_callback:
type: sync
module: diffgraph.cli
args: [current_file, total_files, status]
wrapper:
type: sync
module: diffgraph.ai_analysis

variables:
OPENAI_API_KEY:
type: env
params:
caller: [os.getenv]
path: [diffgraph.ai_analysis]

files:
current_file:
type: variable
actions: [read]
params:
caller: [os.path.basename]
file_path:
type: variable
actions: [read]
params:
caller: [open]
alias: [f]

processes:
git:
type: shell
actions: [exec]
args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
params:
caller: [subprocess.run]
shell: ["False", "False"]
open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["False"]
os.startfile:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [os.startfile]
shell: ["False"]
xdg-open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["False"]
Comment on lines +245 to +273
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

A2AS schema specification shell parameter type boolean

💡 Result:

In the A2A (Agent2Agent) protocol specification, there is no standard shell parameter in the core schema (e.g., AgentCard, AgentSkill, RPC params). The spec does define several boolean fields (for example AgentCapabilities.streaming, pushNotifications, extendedAgentCard, and AgentExtension.required). [1]

If you want a shell flag anyway, it would need to be extension-specific (e.g., inside AgentExtension.params, which is an arbitrary JSON object), and you’d represent it as a JSON boolean (true / false). [1]

Example (extension params):

{
  "uri": "https://example.com/extensions/shell/v1",
  "required": false,
  "params": {
    "shell": true
  }
}

Sources:
[1] A2A Protocol Specification (latest) — AgentCapabilities / AgentExtension / AgentSkill fields: (a2a-protocol.org)

Citations:

🏁 Script executed:

# Search for A2AS related documentation in the repository
find . -type f -name "*.yaml" -o -name "*.yml" -o -name "*schema*" -o -name "*a2as*" | head -20

Repository: WildestAI/DiffGraph-CLI

Length of output: 78

🏁 Script executed:

# Look for any schema or documentation files
fd -e md -e rst -e txt | xargs grep -l "a2as\|A2AS" 2>/dev/null | head -10

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

🏁 Script executed:

# Search for how the shell parameter is used in code
rg "shell.*False|shell.*false" -A 2 -B 2

Repository: WildestAI/DiffGraph-CLI

Length of output: 610

🏁 Script executed:

# Look for README or documentation mentioning a2as
rg -i "a2as|shell.*parameter" -A 5 -B 5 | head -50

Repository: WildestAI/DiffGraph-CLI

Length of output: 818

🏁 Script executed:

# Find Python or other code that parses a2as.yaml
rg "a2as\.yaml|yaml.*load|yaml.*parse" -A 3 -B 3

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

🏁 Script executed:

# Look at the actual a2as.yaml file to understand structure
cat a2as.yaml | head -100

Repository: WildestAI/DiffGraph-CLI

Length of output: 4027

🏁 Script executed:

# Search for any schema files or documentation
fd -e json -e schema -e spec | xargs ls -la 2>/dev/null

Repository: WildestAI/DiffGraph-CLI

Length of output: 900

🌐 Web query:

A2AS.org certification schema specification processes shell parameter

💡 Result:

In the A2AS Behavior Certificate schema (AI Agent Behavior Specification v0.1.2), process execution permissions are declared under the top-level processes map. Each process rule supports:

  • type: "shell", "mcp", or "syscall"
  • actions: e.g., "exec", "connect"
  • args: an array of arrays, where each inner array is an allowed invocation (command + arguments)
  • params: an open-ended object for extra constraints (the schema explicitly says it’s “unregulated additional fields”) [1]

Where the shell parameter fits

For entries with type: shell, the schema’s example shows params.shell as a list of allowed values, used to constrain whether the underlying execution API is invoked with a “shell mode” flag (e.g., Python subprocess.run(..., shell=False)):

processes:
  /bin/bash:
    type: shell
    actions: [exec]
    args: [[-lc, whoami]]
    params:
      caller: [subprocess.run]
      shell: ["false"]

[1]

So, processes.<id>.params.shell is the schema location for the “shell parameter”, and it’s intended as a constraint on the runtime’s shell-execution flag (example allowlist: ["false"]) [1].

Source: A2AS Certificate Schema page [1].

🏁 Script executed:

# Search for code that loads and uses a2as.yaml
rg "a2as" -i -A 5 -B 5

Repository: WildestAI/DiffGraph-CLI

Length of output: 818

🏁 Script executed:

# Search for YAML parsing code
rg "yaml\.|yaml\.load|yaml\.safe_load" -A 5 -B 5

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

🏁 Script executed:

# Search for any code that validates or parses the A2AS schema
rg -i "processes|shell.*param" -A 3 -B 3 --type py

Repository: WildestAI/DiffGraph-CLI

Length of output: 49

🏁 Script executed:

# Look for any documentation about the format
cat README.md

Repository: WildestAI/DiffGraph-CLI

Length of output: 2562

Use lowercase string "false" in shell parameters, not uppercase or YAML booleans.

The shell parameters use uppercase strings ("False") but the A2AS schema specification expects lowercase string values ("false"). While both are strings (not YAML booleans as initially suggested), matching the schema's documented format ensures consistency.

Proposed fix: Use lowercase string values 
   git:
     type: shell
     actions: [exec]
     args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
     params:
       caller: [subprocess.run]
-      shell: ["False", "False"]
+      shell: ["false", "false"]
   open:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [subprocess.run]
-      shell: ["False"]
+      shell: ["false"]
   os.startfile:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [os.startfile]
-      shell: ["False"]
+      shell: ["false"]
   xdg-open:
     type: shell
     actions: [exec]
     args: [[html_path]]
     params:
       caller: [subprocess.run]
-      shell: ["False"]
+      shell: ["false"]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
processes:
git:
type: shell
actions: [exec]
args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
params:
caller: [subprocess.run]
shell: ["False", "False"]
open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["False"]
os.startfile:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [os.startfile]
shell: ["False"]
xdg-open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["False"]
processes:
git:
type: shell
actions: [exec]
args: [[rev-parse, --is-inside-work-tree], [ls-files, --others, --exclude-standard, -z]]
params:
caller: [subprocess.run]
shell: ["false", "false"]
open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["false"]
os.startfile:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [os.startfile]
shell: ["false"]
xdg-open:
type: shell
actions: [exec]
args: [[html_path]]
params:
caller: [subprocess.run]
shell: ["false"]
🤖 Prompt for AI Agents 
In `@a2as.yaml` around lines 245 - 273, The shell parameter strings in the
processes entries (e.g., "git", "open", "os.startfile", "xdg-open") use "False"
but must use the lowercase string "false" to match the A2AS schema; update each
params.shell value under those process definitions in a2as.yaml from "False" to
"false" so the values remain strings but conform to the documented format.