Skip to content

Releases: agentrust-io/ca2a

cA2A 0.1.0a1 (alpha)

cA2A 0.1.0a1 (alpha) Pre-release
Pre-release

Choose a tag to compare

@imran-siddique imran-siddique released this 13 Jul 15:43
65df59b

cA2A is a confidential, attested profile on top of A2A, not a competing transport. It adds attenuated delegation, sealed peer channels, and cross-vendor TEE attestation as a layer any A2A deployment can adopt, the way TRACE binds to RATS/EAT/SCITT.

This is the first public alpha. Everything in it is verifiable offline or in software today.

What this release provides

  • The cA2A profile spec as an A2A binding
  • Attenuated delegation with offline chain and provenance-DAG verification (ca2a-verify)
  • An in-process peer-enforcement decision core (enforce_peer_call) over an allow-set or a real Cedar policy
  • A sealed peer channel (X25519 -> HKDF-SHA256 -> ChaCha20-Poly1305) to a peer's attested key
  • SEV-SNP, TDX, and TPM 2.0 verifiers, fail-closed, with chain paths validated against real vendor roots
  • A conformance suite in CI

What this release does not yet claim

  • Not attested across trust domains on real hardware: all attestation validation is software / synthetic-vector
  • No live A2A transport: the decision core and sealing run in-process
  • The seal is not yet bound to a verified measurement on a live inbound call
  • Alpha schemas: delegation-credential and TRACE-link schemas are not stable or versioned, and peer evidence is not yet RATS/EAT conformant

Proof, not promises: the confidential-across-trust-domains claim ships when real-hardware attestation and a live transport land (tracked in #47).

Install: pip install --pre ca2a-runtime
Limitations: LIMITATIONS.md · Roadmap: ROADMAP.md