Skip to content

feat(DATAGO-122217): Add ssl_verify config option for A2A proxy #838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gregmeldrum wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(DATAGO-122217): Add ssl_verify config option for A2A proxy #838

gregmeldrum wants to merge 1 commit into from

Conversation

@gregmeldrum
Copy link
Collaborator

@gregmeldrum gregmeldrum commented Jan 19, 2026

What is the purpose of this change?

Add a boolean configuration option (ssl_verify) to disable SSL certificate verification for individual A2A proxied agents. This allows connecting to remote A2A agents using self-signed certificates in development/testing environments.

How was this change implemented?

  • config.py: Added ssl_verify field to A2AProxiedAgentConfig with default value True
  • component.py: Applied ssl_verify setting to httpx clients for both agent card fetching and task invocation
  • proxies.md: Added documentation section on SSL verification with security warnings
  • a2a_proxy_example.yaml: Added commented example showing ssl_verify: false usage

Key Design Decisions

  • Default is True (verify certificates) to maintain security by default
  • Setting applies to both agent card fetching and task invocations for consistency
  • Per-agent configuration allows mixed environments (some verified, some not)

How was this change tested?

  • Unit tests: Added 7 new tests in tests/unit/agent/proxies/a2a/test_config.py
  • Ruff linting: All checks pass
  • Manual testing: Not yet tested with actual self-signed certificate

Is there anything the reviewers should focus on/be aware of?

  • Security documentation warns users about the risks of disabling SSL verification
  • The setting only affects HTTPS connections; HTTP connections are unaffected

@gregmeldrum @claude
feat(a2a-proxy): add ssl_verify config option for self-signed certifi…
104858e 
…cates

Add a boolean configuration option to disable SSL certificate verification
for individual A2A proxied agents. This allows connecting to remote A2A
agents using self-signed certificates in development/testing environments.

Changes:
- Add ssl_verify field to A2AProxiedAgentConfig (default: true)
- Apply ssl_verify to httpx clients for agent card fetching and task invocation
- Add documentation section on SSL verification with security warnings
- Add example configuration in a2a_proxy_example.yaml
- Add unit tests for the new configuration option

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gregmeldrum