Make the A2A task store per-server-instance and bounded#2
Open
daryllundy wants to merge 1 commit into
Open
Conversation
Move the task Map from module scope into each createDirectorA2AServer call so server instances no longer share one global registry (ListTasks on one instance previously returned another instance's tasks). Add a MAX_TASKS=1000 cap with oldest-first eviction so a long-running server's store cannot grow unbounded. Thread the store explicitly through handleJsonRpc and createAndRunTask, matching how dependencies are already passed. Add an isolation test verifying two servers do not share tasks. Found and fixed with assistance from Claude Code (Anthropic). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1.
Problem
The A2A server kept its task registry in a module-scope
Map(
src/a2a/server.ts), so allcreateDirectorA2AServerinstances in a processshared it —
ListTaskson one server returned another server's tasks, and themap was never pruned (unbounded growth on a long-running server).
Change
Mapinto eachcreateDirectorA2AServerinstance; thread itexplicitly through
handleJsonRpcandcreateAndRunTask, matching theexisting pattern for
dependencies.MAX_TASKS = 1000cap with oldest-first eviction (Map insertion order)so the store can't grow without bound.
server A is not visible from server B.
No changes to JSON-RPC method names,
A2ATask/artifact shapes, or any SDK file.A2A stays a thin adapter over the SDK.
Note on scope (happy to adjust)
The isolation fix is the core of this PR. The eviction cap is an
optional add-on — it changes one observable behavior (
GetTaskon a very old,evicted id returns "not found" on a busy server). If you'd prefer the minimal
isolation-only change, or a different cap / configurable limit, say the word and
I'll trim it.
Testing
npm run typecheck— passesnpm test— passes (16 tests incl. the new isolation test)npm run build— passesnpm audit --audit-level=moderate— 0 vulnerabilitiesnpm run pack:dry— unaffected (change issrc/-only)Disclosure
I used Claude Code (Anthropic's agentic coding tool) to identify and implement
this fix. I reviewed the diff and ran the full check suite locally. The commit
carries a
Co-Authored-Bytrailer for that assistance.