feat(a2a): add agent acknowledgment command and enhance registry discovery

[alisa-alisa]

Summary

Building on the recently submitted Branch 3 infrastructure, this PR enhances the
A2A and general agent discovery systems with robust trust validation, improved
registry policies, and idempotent client management. It refactors
A2AClientManager from a global singleton to an instance-based object tied to
the Config instance, resolving state conflicts in multi-task server
environments.

File-based Changes

packages/core/src/agents/

a2a-client-manager.ts & a2a-client-manager.test.ts

• Change: Removed the static singleton pattern and getInstance(). The
  constructor now requires a Config instance.
• Purpose: Enables each session/task to have its own isolated
  communication manager, preventing "already loaded" errors.

registry.ts & registry.test.ts

• Change:
  1. Updated loadAgents to populate allDefinitions for all discovered project agents.
  2. Updated reload and registerRemoteAgent to use the instance-specific A2AClientManager via this.config.getA2AClientManager().
• Purpose: Aligns registry discovery and remote agent loading with the new instance-based architecture.

remote-invocation.ts & remote-invocation.test.ts

• Change: Updated RemoteAgentInvocation to accept AgentLoopContext in its constructor and retrieve the A2AClientManager from the config instance.
• Purpose: Ensures that remote agent calls use the communication manager associated with their specific session.

subagent-tool-wrapper.ts

• Change: Pass the context to the RemoteAgentInvocation constructor.
• Purpose: Provides the necessary context for instance-based manager lookup.

---

packages/core/src/config/

config.ts & config.test.ts

• Change:
  1. Added a2aClientManager as a private property of the Config class.
  2. Initialized it in the constructor and provided a getA2AClientManager() getter.
  3. Updated proxy configuration tests to use instance-based instantiation.
• Purpose: Centralizes the management of the communication manager within the configuration instance, mirroring the mcpClientManager pattern.

---

packages/a2a-server/src/config/

config.ts

• Change: Added a manual YOLO policy rule (priority 998) when GEMINI_YOLO_MODE is active.
• Purpose: Ensures that YOLO mode behaves consistently with the Gemini CLI by automatically approving all registered tools.

settings.ts & settings.test.ts

• Change: Added experimental.enableAgents to the Settings interface and verified its loading via tests.
• Purpose: Allows the server to recognize the agent discovery flag.

---

Testing

Automated Tests

• a2a-client-manager.test.ts: Refactored to use direct instantiation instead of singleton access.
• remote-invocation.test.ts: Updated to verify instance-based manager lookup.
• registry.test.ts: Updated mocks to handle the new getA2AClientManager and constructor pattern.
• config.test.ts: Added coverage for instance-specific manager initialization and fixed proxy test failures.
• settings.test.ts (a2a-server): Verified that experimental.enableAgents is correctly loaded from settings.

Manual Test (gRPC V0 Compatibility)

1. Prepare the Go Server (a2a-go repo)

   • Switch to V0 Handler in examples/helloworld/server/grpc/main.go.
   • Set protocol Version to "0.1" in a2a/core.go.
   • Run: go run examples/helloworld/server/grpc/main.go (listens on port 9001).

2. Prepare the Gemini CLI

   • Create .gemini/agents/grpc-test-agent.md with URL: http://localhost:9001/.well-known/agent-card.json.
   • Ensure "enableAgents": true in the experimental block of .gemini/settings.json.

3. Verify

   • Start server:

     export CODER_AGENT_WORKSPACE_PATH="/path/to/your/workspace" && DEBUG=true npm run start -w @google/gemini-cli-a2a-server

   • Step 1: Acknowledge the agent (Manual Step):
     To trust the agent, you must manually add its entry to your local acknowledgments file:
     ~/.gemini/acknowledgments/agents.json.

     Example entry:

     {
       "/absolute/path/to/your/workspace": {
         "grpc-test-agent": "http://localhost:9001/.well-known/agent-card.json"
       }
     }

     (For remote agents, the "hash" is the agentCardUrl).

   • Step 2: Trigger call:

     curl -N -X POST http://localhost:PORT/ \
       -H "Content-Type: application/json" \
       -d '{
         "jsonrpc": "2.0",
         "id": "1",
         "method": "message/stream",
         "params": {
           "message": {
             "kind": "message",
             "role": "user",
             "parts": [{ "kind": "text", "text": "Hello, call the grpc-test-agent tool and say hi" }],
             "messageId": "test-final-attempt"
           }
         }
       }'

Related Issues

Closes #22199

[gemini-cli]

Hi @alisa-alisa, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the A2A and general agent discovery systems by introducing a mechanism for manual agent trust, refining agent registration logic, and standardizing policy management. These changes bolster trust validation, enhance registry policies, and ensure idempotent client management, laying further groundwork for robust agent interactions.

Highlights

• New Acknowledge Agent Command: Introduced a new acknowledge-agent command for the A2A server, allowing manual trust of discovered agents via a JSON-RPC endpoint.
• Enhanced Agent Registry Discovery: Improved agent discovery in the core registry by populating all agent definitions for name-based lookup and preventing redundant agent loading if already active.
• Standardized YOLO Policy Management: Centralized the PRIORITY_YOLO_ALLOW_ALL constant and implemented a manual YOLO policy rule in the A2A server configuration to align with Gemini CLI behavior.
• Experimental Agent Settings: Added an experimental.enableAgents setting to the A2A server configuration to recognize and enable agent discovery flags.

Changelog

• packages/a2a-server/src/commands/acknowledge-agent.test.ts
  • Added corresponding unit tests for the new acknowledge-agent command.
• packages/a2a-server/src/commands/acknowledge-agent.ts
  • Added a new JSON-RPC command to allow clients to manually acknowledge (trust) a discovered agent by name via the /executeCommand endpoint.
• packages/a2a-server/src/commands/command-registry.ts
  • Registered the new AcknowledgeAgentCommand.
• packages/a2a-server/src/config/config.ts
  • Added a manual YOLO policy rule using PRIORITY_YOLO_ALLOW_ALL when GEMINI_YOLO_MODE is active.
• packages/a2a-server/src/config/settings.ts
  • Added experimental.enableAgents to the Settings interface.
• packages/core/src/agents/registry.ts
  • Updated loadAgents to populate allDefinitions for all discovered project agents, enabling them to be referenced by name before registration.
  • Added a check in registerRemoteAgent to skip redundant loadAgent calls if the agent is already active in the client manager.
• packages/core/src/policy/config.ts
  • Added the PRIORITY_YOLO_ALLOW_ALL constant (998).

Activity

• Automated tests were added and verified for the new acknowledge-agent command, its registration, YOLO policy configuration, and experimental settings loading.
• Manual testing was performed to verify gRPC V0 Compatibility, including steps to acknowledge an agent and trigger a call.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces an acknowledge-agent command for the A2A server, enhances agent discovery, and centralizes a policy priority constant. A critical security vulnerability has been identified in the trust validation for remote agents; using the agent's URL as a hash allows for a 'Time-of-Check to Time-of-Use' (TOCTOU) bypass, enabling content modification after acknowledgment. This requires addressing by implementing a content-based cryptographic hash for trust validation. Additionally, a logic flaw exists in packages/core/src/agents/registry.ts due to duplicated agent registration code, leading to redundant operations.

[github-actions]

Size Change: +100 B (0%)

Total Size: 26.2 MB

Filename	Size	Change
./bundle/chunk-3J4ZR7YH.js	0 B	-13.5 MB (removed)	🏆
./bundle/chunk-HW6H4YEL.js	0 B	-3.63 MB (removed)	🏆
./bundle/chunk-OIY7FXRG.js	0 B	-1.95 MB (removed)	🏆
./bundle/core-VCDG7EWN.js	0 B	-41.3 kB (removed)	🏆
./bundle/devtoolsService-GZPCB5DZ.js	0 B	-27.7 kB (removed)	🏆
./bundle/interactiveCli-SPJEVUXW.js	0 B	-1.6 MB (removed)	🏆
./bundle/oauth2-provider-MOJAYQ3O.js	0 B	-9.19 kB (removed)	🏆
./bundle/chunk-KSXNAKP2.js	3.63 MB	+3.63 MB (new file)	🆕
./bundle/chunk-MTWFU6M5.js	1.95 MB	+1.95 MB (new file)	🆕
./bundle/chunk-QJF2VSOE.js	13.5 MB	+13.5 MB (new file)	🆕
./bundle/core-6RNRYTCV.js	41.3 kB	+41.3 kB (new file)	🆕
./bundle/devtoolsService-K3GMSM5P.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/interactiveCli-O2Z7P52T.js	1.6 MB	+1.6 MB (new file)	🆕
./bundle/oauth2-provider-SY2UINDN.js	9.19 kB	+9.19 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-37ZTTFQF.js	966 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/gemini.js	696 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-7QMQUGPE.js	0 B	-922 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/undici-4X2YZID5.js	360 B	0 B
./bundle/memoryDiscovery-WXMOR3XQ.js	922 B	+922 B (new file)	🆕

_{compressed-size-action}

[adamfweidman]

I think the correct order of things to do here is:

• Make A2AClientManager no longer static across the whole process. Just mirror mcpClientManager which is tied to a Config instance. This should solve part of the issue for a2a-server.
• TThe acknowledgment endpoint is a good addition, but the a2a-server still has no way to surface unacknowledged agents to the client (no one listens for the AgentsDiscovered event). Rather than building a bespoke notification mechanism now, we should wait for #20995's ADK integration, which includes explicit human-in-the-loop suspension primitives that would provide the right pattern for this.

[adamfweidman]

LGTM!!!