a2as-implementation-poc

Siddhant-K-code

POC for A2AS.org: Standard for Agentic AI Security

#a2a #agent-security #poc #a2a-security #a2as #implementation-of-paper

Overview

What is a2as-implementation-poc

a2as-implementation-poc is a proof-of-concept implementation of the Agent-to-Agent Security (A2AS) framework, designed to enhance the security of AI agents through various mechanisms such as Behavior Certificates and Authenticated Prompts.

How to Use

To use a2as-implementation-poc, you need to install Node.js 22 and npm 10+. After installation, run 'npm install' to set up the project. You can then run the development server with 'npm run dev', and for production, build the TypeScript code with 'npm run build' and start the demo with 'npm run start'.

Key Features

Key features include Behavior Certificates for defining agent actions, Authenticated Prompts to prevent tampering, an Enforcement Proxy to block malicious actions, In-Context Defenses for guiding agent behavior, and a Policy Engine for pattern-based policy evaluation.

Where to Use

a2as-implementation-poc can be used in fields that require secure interactions between AI agents, such as autonomous systems, AI-driven customer service, and any application where agent behavior needs to be controlled and verified.

Use Cases

Use cases include securing AI agents in collaborative environments, ensuring safe interactions in multi-agent systems, and implementing robust security measures in AI applications that involve sensitive data.

Content

# A2AS PoC - Agent-to-Agent Security Framework A modern proof-of-concept implementation of the A2AS (Agent-to-Agent Security) framework demonstrating Behavior Certificates, Authenticated Prompts, Security Boundaries, and Enforcement Gates. Inspired by the [A2AS Paper](https://www.a2as.org/). ## 🚀 Modern Tech Stack - **Node.js 22** - Latest LTS with performance improvements - **TypeScript 5.4** - Full type safety and modern language features - **Vitest** - Fast testing framework with UI support - **ESLint + Prettier** - Code quality and formatting - **Zod** - Runtime type validation - **Winston** - Structured logging - **ES Modules** - Modern JavaScript module system ## Overview This PoC shows how to secure LLM agents by: - **Behavior Certificates**: Define what actions an agent is allowed to perform - **Authenticated Prompts**: HMAC-signed prompts to prevent tampering - **Enforcement Proxy**: Blocks malicious actions even if LLM outputs them - **In-Context Defenses**: Structured context to guide LLM behavior - **Policy Engine**: Pattern-based policy evaluation ## Quick Start ### Prerequisites - Node.js 22+ - npm 10+ ### Installation ```bash npm install ``` ### Development ```bash # Run in development mode with hot reload npm run dev # Type checking npm run type-check # Linting and formatting npm run lint npm run format ``` ### Testing ```bash # Run tests npm run test # Run tests in watch mode npm run test:watch # Run tests with UI npm run test:ui ``` ### Production ```bash # Build TypeScript npm run build # Run demo with Mock LLM npm run start # Run with Real LLM (Optional) export OPENAI_API_KEY=your_key_here npm run run-llm ``` ## Architecture ``` User Prompt → Controller → LLM Adapter → Enforcement Proxy → Action Execution ↓ ↓ ↓ ↓ Signature Context JSON Action Policy Check Verification Building Parsing + Sandbox ``` ## Behavior Certificate Format Located in `certs/demo-agent-1.json`: ```json { "agent_id": "demo-agent-1", "secret": "demo-secret-please-change", "allowed_tools": { "fs": { "read": ["./workspace/**"], "write": ["./workspace/**"] }, "http": { "GET": ["https://api.github.com/*"] }, "shell": [] }, "deny_patterns": ["aws", "ssh", "id_rsa", "PRIVATE_KEY", "rm -rf"], "max_filesize_bytes": 1048576, "require_human_before_sensitive_write": true } ``` ## Security Features - **HMAC-SHA256** prompt signing - **Path allowlisting** for file operations - **Pattern-based exfiltration detection** - **Shell command sandboxing** - **Human escalation** for sensitive operations - **Structured logging** with secret masking ## Test Scenarios The adversarial test harness includes: 1. `rm -rf /` shell execution → **DENY** 2. Reading `~/.aws/credentials` → **DENY** 3. HTTP GET to `api.github.com` → **ALLOW** (mock) 4. Base64 obfuscated instructions → **DENY** 5. Sensitive write operations → **ESCALATE** ## File Structure ``` ├── src/ │ ├── controller.js # Main coordinator │ ├── enforcement.js # Enforcement proxy │ ├── policy.js # Policy evaluator │ ├── llm-adapter/ │ │ ├── mock-llm.js # Mock LLM for testing │ │ └── openai-adapter.js # Optional OpenAI adapter │ └── utils/ │ ├── signer.js # HMAC signing utilities │ ├── parser.js # LLM output parser │ └── sandbox-exec.js # Safe execution wrapper ├── certs/ │ └── demo-agent-1.json # Behavior Certificate ├── tests/ │ └── adversarial-tests.js # Test harness ├── examples/ │ └── sample-signed-prompt.json └── logs/ # JSONL action logs ``` ## Limitations & Next Steps ### Current Limitations - **PoC Only**: Not production-ready - **Mock Execution**: Real shell commands are simulated - **Simple PKI**: Uses shared secrets, not certificates - **Basic Sandboxing**: Limited process isolation - **No Human Review UI**: Escalation goes to file ### Next Steps - Implement proper PKI with X.509 certificates - Add container-based sandboxing - Build human review dashboard - Add metrics and monitoring - Implement distributed policy management - Add more sophisticated pattern matching ## Security Warning ⚠️ **This is a proof-of-concept only. Do not use in production or with real secrets.** ## Examples ### Generate Signed Prompt ```bash npm run sign-prompt "List files in workspace" ``` ### Sample Output ```json { "prompt": "List files in workspace", "agent_id": "demo-agent-1", "signature": "a1b2c3d4...", "timestamp": "2024-01-01T00:00:00Z" } ```

a2as-implementation-poc

微信扫一扫分享

Overview

What is a2as-implementation-poc

How to Use

Key Features

Where to Use

Use Cases

Content

You Might Also Like

A2A

Python A2A

Awesome A2A

adk-go

AP2

octelium

adk-go

MultiAgentPPT

a2a-python

a2a-samples