A2A Jakarta 1.0.0.CR2 is released!
I am happy to announce the 1.0.0.CR2 release of A2A Jakarta.
This release upgrades to a2a-java 1.1.0.Final and includes several improvements of its own.
a2a-java 1.1.0.Final
The headline feature of a2a-java 1.1.0.Final is a new Task Authorization SPI (TaskAuthorizationProvider) that enables per-user task authorization — particularly useful for multi-tenant deployments. It also includes several bug fixes such as disabling HTML escaping in protobuf JSON serialization, CDI request context handling improvements, and more. See the a2a-java 1.1.0.Final release announcement for full details.
Task Authorization Tests
Building on the new Task Authorization SPI from a2a-java, this release adds comprehensive authorization integration tests across all transports (JSON-RPC, REST, and gRPC), including v0.3 compatibility and multiversion variants.
Simplified Multiversion Routing
The multiversion routing architecture has been significantly simplified. Six -web and multiversion- modules have been replaced with @PreMatching filters in http-common that discover A2AVersionProvider beans via CDI and rewrite request URIs to version-prefixed internal paths. This makes the module structure cleaner and reduces the number of dependencies needed for multiversion deployments.
Hardened HTTP Common Module
The http-common module has been hardened with RFC 8259-compliant JSON escaping for control characters, improved charset handling and exception chaining, deterministic version ordering, and unit tests for all filters and version resolution.
ITK Module
A new ITK (Interoperability Test Kit) module has been added for cross-SDK interoperability testing, helping to ensure that A2A Jakarta works correctly with other A2A implementations.
Get Involved
If you have any issues with the project, please open an issue. Also, pull requests are welcome!
