zuowei/tw2
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a64378956ad9c03e3b4a2808847eb6332cf543bc
tw2/examples/agent/a2ui_agent/samples/client/lit/shell/README.md
codex-bot a64378956a
Some checks failed
Pre-commit / run (ubuntu-latest) (push) Has been cancelled
Details
Deploy Sphinx documentation to Pages / build_en (ubuntu-latest, 3.10) (push) Has been cancelled
Details
Deploy Sphinx documentation to Pages / build_zh (ubuntu-latest, 3.10) (push) Has been cancelled
Details
Python Unittest Coverage / test (macos-15, 3.10) (push) Has been cancelled
Details
Python Unittest Coverage / test (macos-15, 3.11) (push) Has been cancelled
Details
Python Unittest Coverage / test (macos-15, 3.12) (push) Has been cancelled
Details
Python Unittest Coverage / test (ubuntu-latest, 3.10) (push) Has been cancelled
Details
Python Unittest Coverage / test (ubuntu-latest, 3.11) (push) Has been cancelled
Details
Python Unittest Coverage / test (ubuntu-latest, 3.12) (push) Has been cancelled
Details
Python Unittest Coverage / test (windows-latest, 3.10) (push) Has been cancelled
Details
Python Unittest Coverage / test (windows-latest, 3.11) (push) Has been cancelled
Details
Python Unittest Coverage / test (windows-latest, 3.12) (push) Has been cancelled
Details
chore: initialize sandbox and overwrite remote content
2026-03-02 22:32:27 +08:00

2.2 KiB
Raw Blame History

A2UI Generator

This is a UI to generate and visualize A2UI responses.

Prerequisites

  1. nodejs

Running

This sample depends on the Lit renderer. Before running this sample, you need to build the renderer.

  1. Build the renderer:

    cd ../../../renderers/lit
npm install
npm run build

  2. Run this sample:

    cd - # back to the sample directory
npm install

  3. Run the servers:

    • Run the A2A server
    • Run the dev server: npm run dev

After starting the dev server, you can open http://localhost:5173/ to view the sample.

Important: The sample code provided is for demonstration purposes and illustrates the mechanics of A2UI and the Agent-to-Agent (A2A) protocol. When building production applications, it is critical to treat any agent operating outside of your direct control as a potentially untrusted entity.

All operational data received from an external agent—including its AgentCard, messages, artifacts, and task statuses—should be handled as untrusted input. For example, a malicious agent could provide crafted data in its fields (e.g., name, skills.description) that, if used without sanitization to construct prompts for a Large Language Model (LLM), could expose your application to prompt injection attacks.

Similarly, any UI definition or data stream received must be treated as untrusted. Malicious agents could attempt to spoof legitimate interfaces to deceive users (phishing), inject malicious scripts via property values (XSS), or generate excessive layout complexity to degrade client performance (DoS). If your application supports optional embedded content (such as iframes or web views), additional care must be taken to prevent exposure to malicious external sites.

Developer Responsibility: Failure to properly validate data and strictly sandbox rendered content can introduce severe vulnerabilities. Developers are responsible for implementing appropriate security measures—such as input sanitization, Content Security Policies (CSP), strict isolation for optional embedded content, and secure credential handling—to protect their systems and users.

Reference in New Issue View Git Blame Copy Permalink