hermes-agent

Timmy_Foundation/hermes-agent

Fork 0

Commit Graph

Author	SHA1	Message	Date
Alexander Whitestone	ac28444bf2	feat: add A2AMTLSServer routing API, A2AMTLSClient, and expand tests to 20 (#806 ) All checks were successful Lint / lint (pull_request) Successful in 9s Details Builds on the existing A2AServer / build_*_ssl_context foundation: - agent/a2a_mtls.py: - Add A2AMTLSServer: routing-based HTTPS server with add_route() and context-manager (__enter__/__exit__) lifecycle support - Add A2AMTLSClient: fleet-cert-presenting HTTP client with .get() / .post() - Widen imports (json, Callable, Dict, urlopen) - tests/agent/test_a2a_mtls.py: - Fix datetime.utcnow() deprecation — use datetime.now(timezone.utc) - Add TestA2AMTLSServerAndClient (9 tests): routing GET/POST, 404, context-manager stop, rogue-cert rejection, A2AMTLSClient, concurrency - Total: 11 → 20 passing tests Refs #806	2026-04-21 15:21:10 -04:00
Alexander Whitestone	91faf6f956	feat: A2A auth — mutual TLS between fleet agents All checks were successful Lint / lint (pull_request) Successful in 10s Details Implements mutual TLS for secure agent-to-agent communication (#806). - scripts/gen_fleet_ca.sh: generate fleet CA (4096-bit RSA, 10-year) - scripts/gen_agent_cert.sh: per-agent cert signed by fleet CA (timmy, allegro, ezra) - agent/a2a_mtls.py: A2AServer requiring client cert verification (CERT_REQUIRED), build_server_ssl_context / build_client_ssl_context helpers, server_from_env() - ansible/roles/fleet_mtls_certs/: distribute CA + per-agent certs to fleet nodes, write /etc/hermes/a2a.env, notify hermes-a2a service on change - ansible/fleet_mtls.yml + ansible/inventory/fleet.ini.example: playbook + example inventory - tests/agent/test_a2a_mtls.py: 11 tests — authorized agent accepted (200/202), self-signed cert rejected, no-cert rejected, lifecycle, env-var wiring Fixes #806 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-21 13:28:28 -04:00

Author

SHA1

Message

Date

Alexander Whitestone

ac28444bf2

feat: add A2AMTLSServer routing API, A2AMTLSClient, and expand tests to 20 (#806 )

Lint / lint (pull_request) Successful in 9s

Details

Builds on the existing A2AServer / build_*_ssl_context foundation:

- agent/a2a_mtls.py:
  - Add A2AMTLSServer: routing-based HTTPS server with add_route() and
    context-manager (__enter__/__exit__) lifecycle support
  - Add A2AMTLSClient: fleet-cert-presenting HTTP client with .get() / .post()
  - Widen imports (json, Callable, Dict, urlopen)

- tests/agent/test_a2a_mtls.py:
  - Fix datetime.utcnow() deprecation — use datetime.now(timezone.utc)
  - Add TestA2AMTLSServerAndClient (9 tests): routing GET/POST, 404,
    context-manager stop, rogue-cert rejection, A2AMTLSClient, concurrency
  - Total: 11 → 20 passing tests

Refs #806

2026-04-21 15:21:10 -04:00

Alexander Whitestone

91faf6f956

feat: A2A auth — mutual TLS between fleet agents

Lint / lint (pull_request) Successful in 10s

Details

Implements mutual TLS for secure agent-to-agent communication (#806).

- scripts/gen_fleet_ca.sh: generate fleet CA (4096-bit RSA, 10-year)
- scripts/gen_agent_cert.sh: per-agent cert signed by fleet CA (timmy, allegro, ezra)
- agent/a2a_mtls.py: A2AServer requiring client cert verification (CERT_REQUIRED),
  build_server_ssl_context / build_client_ssl_context helpers, server_from_env()
- ansible/roles/fleet_mtls_certs/: distribute CA + per-agent certs to fleet nodes,
  write /etc/hermes/a2a.env, notify hermes-a2a service on change
- ansible/fleet_mtls.yml + ansible/inventory/fleet.ini.example: playbook + example inventory
- tests/agent/test_a2a_mtls.py: 11 tests — authorized agent accepted (200/202),
  self-signed cert rejected, no-cert rejected, lifecycle, env-var wiring

Fixes #806

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-21 13:28:28 -04:00

2 Commits