Releases: agentrust-io/ca2a
Releases · agentrust-io/ca2a
Release list
cA2A 0.1.0a1 (alpha)
cA2A is a confidential, attested profile on top of A2A, not a competing transport. It adds attenuated delegation, sealed peer channels, and cross-vendor TEE attestation as a layer any A2A deployment can adopt, the way TRACE binds to RATS/EAT/SCITT.
This is the first public alpha. Everything in it is verifiable offline or in software today.
What this release provides
- The cA2A profile spec as an A2A binding
- Attenuated delegation with offline chain and provenance-DAG verification (
ca2a-verify) - An in-process peer-enforcement decision core (
enforce_peer_call) over an allow-set or a real Cedar policy - A sealed peer channel (X25519 -> HKDF-SHA256 -> ChaCha20-Poly1305) to a peer's attested key
- SEV-SNP, TDX, and TPM 2.0 verifiers, fail-closed, with chain paths validated against real vendor roots
- A conformance suite in CI
What this release does not yet claim
- Not attested across trust domains on real hardware: all attestation validation is software / synthetic-vector
- No live A2A transport: the decision core and sealing run in-process
- The seal is not yet bound to a verified measurement on a live inbound call
- Alpha schemas: delegation-credential and TRACE-link schemas are not stable or versioned, and peer evidence is not yet RATS/EAT conformant
Proof, not promises: the confidential-across-trust-domains claim ships when real-hardware attestation and a live transport land (tracked in #47).
Install: pip install --pre ca2a-runtime
Limitations: LIMITATIONS.md · Roadmap: ROADMAP.md