{"id":46373482,"url":"https://github.com/capiscio/validate-a2a","last_synced_at":"2026-03-05T04:34:34.999Z","repository":{"id":325487113,"uuid":"1069223340","full_name":"capiscio/validate-a2a","owner":"capiscio","description":"Official CapiscIO GitHub Action to validate A2A (Agent-to-Agent) Agent Cards. Features schema validation, cryptographic verification, and live endpoint testing with 3D quality scoring.","archived":false,"fork":false,"pushed_at":"2026-02-27T21:12:42.000Z","size":1819,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-28T01:47:32.992Z","etag":null,"topics":["a2a","a2a-protocol","agent-card","agent-to-agent","ai-agents","capiscio","github-action","protocol","validation"],"latest_commit_sha":null,"homepage":"https://capisc.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/capiscio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-03T15:35:37.000Z","updated_at":"2026-02-27T21:12:44.000Z","dependencies_parsed_at":null,"dependency_job_id":"bae2ce1d-df8c-4bd4-a159-bb62488302be","html_url":"https://github.com/capiscio/validate-a2a","commit_stats":null,"previous_names":["capiscio/validate-a2a"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/capiscio/validate-a2a","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capiscio%2Fvalidate-a2a","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capiscio%2Fvalidate-a2a/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capiscio%2Fvalidate-a2a/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capiscio%2Fvalidate-a2a/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/capiscio","download_url":"https://codeload.github.com/capiscio/validate-a2a/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capiscio%2Fvalidate-a2a/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30110441,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["a2a","a2a-protocol","agent-card","agent-to-agent","ai-agents","capiscio","github-action","protocol","validation"],"created_at":"2026-03-05T04:34:34.360Z","updated_at":"2026-03-05T04:34:34.989Z","avatar_url":"https://github.com/capiscio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Validate A2A Agent Card\n\n\u003e GitHub Action to validate A2A protocol agent cards with three-dimensional scoring, cryptographic verification, and live endpoint testing\n\n**Powered by [capiscio-core](https://github.com/capiscio/capiscio-core)** - High-performance Go binary (v2.2.0)\n\n## Features\n\n✅ **Three-Dimensional Scoring** - Compliance, Trust, and Availability evaluation  \n✅ **JWS Signature Verification** - Cryptographic authenticity validation  \n✅ **Live Endpoint Testing** - Real A2A protocol message testing  \n✅ **Production Readiness** - Clear thresholds for deployment decisions  \n✅ **Rich Outputs** - Scores, errors, warnings available for downstream steps  \n✅ **Zero Dependencies** - Uses standalone binary, no npm install required\n\n## Usage\n\n### Basic Validation\n\n```yaml\nname: Validate Agent Card\non: [push, pull_request]\n\njobs:\n  validate:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Validate A2A Agent Card\n        uses: capiscio/validate-a2a@v1\n        with:\n          agent-card: './agent-card.json'\n```\n\n### Strict Mode for Production\n\n```yaml\n- name: Validate for Production\n  uses: capiscio/validate-a2a@v1\n  with:\n    agent-card: './agent-card.json'\n    strict: true\n    test-live: true\n```\n\n### Use Outputs in Downstream Steps\n\n```yaml\n- name: Validate Agent Card\n  id: validate\n  uses: capiscio/validate-a2a@v1\n  with:\n    agent-card: './agent-card.json'\n\n- name: Check Production Readiness\n  run: |\n    echo \"Result: ${{ steps.validate.outputs.result }}\"\n    echo \"Compliance Score: ${{ steps.validate.outputs.compliance-score }}\"\n    echo \"Trust Score: ${{ steps.validate.outputs.trust-score }}\"\n    echo \"Production Ready: ${{ steps.validate.outputs.production-ready }}\"\n```\n\n### Validate Remote Agent Card\n\n```yaml\n- name: Validate Remote Agent\n  uses: capiscio/validate-a2a@v1\n  with:\n    agent-card: 'https://example.com/agent-card.json'\n    test-live: true\n```\n\n### Full Example with All Options\n\n```yaml\n- name: Comprehensive Validation\n  uses: capiscio/validate-a2a@v1\n  with:\n    agent-card: './agent-card.json'\n    strict: true\n    test-live: true\n    skip-signature: false\n    timeout: 15000\n    fail-on-warnings: true\n```\n\n## Inputs\n\n| Input | Description | Required | Default |\n|-------|-------------|----------|---------|\n| `agent-card` | Path to agent-card.json or URL | No | `./agent-card.json` |\n| `strict` | Enable strict validation mode | No | `false` |\n| `test-live` | Test live endpoint with real messages | No | `false` |\n| `skip-signature` | Skip JWS signature verification | No | `false` |\n| `timeout` | Request timeout in milliseconds | No | `10000` |\n| `fail-on-warnings` | Fail action on validation warnings | No | `false` |\n\n## Outputs\n\n| Output | Description | Example |\n|--------|-------------|---------|\n| `result` | Validation result | `passed` or `failed` |\n| `compliance-score` | Compliance score (0-100) | `95` |\n| `trust-score` | Trust score (0-100) | `72` |\n| `availability-score` | Availability score or \"not-tested\" | `88` or `not-tested` |\n| `production-ready` | Meets production thresholds | `true` or `false` |\n| `error-count` | Number of validation errors | `0` |\n| `warning-count` | Number of validation warnings | `2` |\n\n## Scoring System\n\n### Three Quality Dimensions\n\n**Compliance (0-100)** - A2A v0.3.0 specification adherence\n- Core fields, skills quality, format compliance, data quality\n\n**Trust (0-100)** - Security and authenticity\n- Cryptographic signatures, provider trust, security posture, documentation\n- **Trust Confidence Multiplier**: 1.0x (valid sig), 0.6x (no sig), 0.4x (invalid sig)\n\n**Availability (0-100)** - Operational readiness (requires `test-live: true`)\n- Primary endpoint, transport support, response quality\n\n### Production Readiness Thresholds\n- **Compliance ≥95** - Specification adherence sufficient\n- **Trust ≥60** - Minimum trust level  \n- **Availability ≥80** - Operational stability sufficient\n\n[Learn more about scoring →](https://docs.capisc.io/concepts/scoring/)\n\n## Examples\n\n### Post-Deployment Verification\n\n```yaml\nname: Post-Deploy Validation\non:\n  deployment_status:\n\njobs:\n  validate:\n    if: github.event.deployment_status.state == 'success'\n    runs-on: ubuntu-latest\n    steps:\n      - name: Validate Deployed Agent\n        uses: capiscio/validate-a2a@v1\n        with:\n          agent-card: ${{ secrets.DEPLOYED_AGENT_URL }}\n          strict: true\n          test-live: true\n```\n\n### PR Validation with Comments\n\n```yaml\nname: PR Validation\non: [pull_request]\n\njobs:\n  validate:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Validate Agent Card\n        id: validate\n        uses: capiscio/validate-a2a@v1\n        with:\n          agent-card: './agent-card.json'\n      \n      - name: Comment on PR\n        uses: actions/github-script@v7\n        with:\n          script: |\n            github.rest.issues.createComment({\n              issue_number: context.issue.number,\n              owner: context.repo.owner,\n              repo: context.repo.repo,\n              body: `## Validation Results\n              \n              📊 **Scores:**\n              - Compliance: ${{ steps.validate.outputs.compliance-score }}/100\n              - Trust: ${{ steps.validate.outputs.trust-score }}/100\n              - Availability: ${{ steps.validate.outputs.availability-score }}\n              \n              🎯 **Production Ready:** ${{ steps.validate.outputs.production-ready }}\n              `\n            })\n```\n\n### Matrix Testing Multiple Environments\n\n```yaml\nname: Multi-Environment Validation\non: [push]\n\njobs:\n  validate:\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        environment: [dev, staging, prod]\n    steps:\n      - name: Validate ${{ matrix.environment }}\n        uses: capiscio/validate-a2a@v1\n        with:\n          agent-card: https://api-${{ matrix.environment }}.example.com/agent-card.json\n          strict: ${{ matrix.environment == 'prod' }}\n          test-live: true\n```\n\n## License\n\nApache-2.0 - See [LICENSE](LICENSE) for details\n\n## Related\n\n- [capiscio-core](https://github.com/capiscio/capiscio-core) - The underlying validation engine\n- [capiscio-python](https://github.com/capiscio/capiscio-python) - Python CLI wrapper\n- [A2A Protocol](https://capisc.io) - Learn about the A2A protocol\n- [Web Validator](https://capisc.io/validator) - Browser-based validation tool\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapiscio%2Fvalidate-a2a","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcapiscio%2Fvalidate-a2a","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapiscio%2Fvalidate-a2a/lists"}