Skip to content

feat: add signing and verifying example used to demonstrate AgentCard signing and verifying #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sokoliva merged 30 commits into from
Dec 22, 2025
Merged

feat: add signing and verifying example used to demonstrate AgentCard signing and verifying #420

sokoliva merged 30 commits into from
Dec 22, 2025

Conversation

@sokoliva
Copy link
Contributor

@sokoliva sokoliva commented Dec 17, 2025
edited
Loading

This change introduces a new agent whose agent_card is signed on the server side using signer function created by create_agent_card_signer and verified on the client side using a signature_verifier function created by create_signature_verifier.

Relevant link: Agent Card Signing

Thank you for opening a Pull Request!
Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

@sokoliva
WIP: Add agent card signing example
45a37aa 
This example demonstrated:
- Signing Agent Cards on the server side.
- Verifying Agent Card signatures on the client side.
@sokoliva
feat: add Signed agent example used to demonstrate AgentCard signing …
62ef4d7 
…and verifying
@sokoliva
refactor: add signature_verifier=signature_verifier to resolver.get_a…
866a94c 
…gent_card
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 17, 2025

Summary of Changes

Hello @sokoliva, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a robust example of an Agent-to-Agent (A2A) agent that integrates AgentCard signing and verification. The primary goal is to illustrate how agents can establish trust by cryptographically signing their identity cards, which clients can then verify. This example covers the full lifecycle from key generation and server-side signing of both public and extended agent cards, to client-side fetching and validation of these signatures, thereby enhancing the security posture of A2A interactions.

Highlights

  • New Signed Agent Example: Introduces a complete example of an A2A agent that demonstrates the signing and verification of AgentCards, showcasing secure communication practices.
  • Server-Side AgentCard Signing: The agent generates an EC key pair and uses the private key to sign both its public and authenticated extended AgentCards on the server side.
  • Client-Side Signature Verification: A dedicated test client is provided to fetch the AgentCards and verify their signatures using the corresponding public key, ensuring card authenticity.
  • Containerization Support: Includes a Containerfile for easily building and running the signed agent within a container environment, simplifying deployment and testing.
  • Comprehensive Documentation: A README.md file details how to set up, run, build, and validate the example, along with an important disclaimer regarding untrusted input in production.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 17, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a valuable example demonstrating agent card signing and verification. The implementation is well-structured, including a Containerfile and a comprehensive README.md. My review focuses on improving dependency management, container security, and adherence to standards like RFC 7515 for JWTs. I've also included minor suggestions for code style and error handling to enhance the quality of the example.

sokoliva and others added 21 commits December 17, 2025 14:28
@sokoliva @gemini-code-assist
Update samples/python/agents/signing_and_verifying/test_client.py
70c5b85 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@sokoliva @gemini-code-assist
Update samples/python/agents/signing_and_verifying/test_client.py
98e9f12 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@sokoliva
Refactor: few minor fixes
aa523db
@sokoliva
Merge remote-tracking branch 'refs/remotes/upstream/agent-card-signat…
f5a862f 
…ures-samples' into agent-card-signatures-samples
@sokoliva
Refactor: add "dnf clean all" to commands for UV package manager in C…
3f0b21d 
…ontainderfile
@sokoliva
fic: fix linter errors: add version number to pip install uv==0.9, ad…
f60b718 
…d newlines to README.md
@sokoliva
fic: fix linter errors in Containerfile
ad50111
@sokoliva
fix: fromat test_client.py and agent_executor.py
9412b77
@sokoliva
fix(linter): add version numbers to dnf install gcc
6ade877
@sokoliva
fix(linter): don't use latest
1146aeb
@sokoliva
fix: fix linter errors and add version number to redhat ubi8 import
75abee4
@sokoliva
fix: linter error. Final (I hope)
6db93dc
@sokoliva
fix(linter): change the locations of noqa declarations
068e7d5
@sokoliva
fix(linter): added tool.ruff.lint to pyproject.toml and generated…
848784c 
… formatting changes by running a `ruff format` command
@sokoliva
fix(linter): change import order, shorten lines
ce05bf1
@sokoliva
Fix: linter
d2ee67e
@sokoliva
refactor: remove unecessary exception handling
6e657de
@sokoliva
rerfactor: change LOG_LEVEL from WARN to DEBUG in linter.yaml. …
ac8c88a 
…This will be changed back to WARN before merging to main
@sokoliva
fix: fix formatting issues
f5116d7
@sokoliva
fix: update pyproject.toml
18e319e
@sokoliva
refactor: update README.md
a77319d
@sokoliva sokoliva changed the title feat: add Signed agent example used to demonstrate AgentCard signing and verifying feat: add signing and verifying example used to demonstrate AgentCard signing and verifying Dec 19, 2025
@sokoliva sokoliva changed the title feat: add signing and verifying example used to demonstrate AgentCard signing and verifying feat: add signing and verifying example used to demonstrate AgentCard signing and verifying Dec 19, 2025
ishymko
ishymko reviewed Dec 19, 2025
View reviewed changes
ishymko
ishymko reviewed Dec 19, 2025
View reviewed changes
@sokoliva
refactor:
01e9988 
- remove reading of `public_keys.json` in main
- add .gitignore
- remove `SignedAgent` in `agent_executor.py`
- replace `_public_agent` with `public_agent` in `test_client.py`
ishymko
ishymko approved these changes Dec 19, 2025
View reviewed changes
@sokoliva sokoliva merged commit 36176fa into a2aproject:main Dec 22, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ishymko ishymko ishymko approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sokoliva @ishymko