[Bug]: Server does not validate A2A-Version header — missing VersionNotSupportedError for unsupported versions

[jmesnil]

What happened?

Server does not validate A2A-Version header — missing VersionNotSupportedError for unsupported versions

Summary

The a2a-python SDK server does not validate the A2A-Version request header. Requests with unsupported versions (e.g., 99.0) are processed normally instead of returning a VersionNotSupportedError, failing on both JSON-RPC and HTTP+JSON transports.

Requirement

• ID: VER-SERVER-002
• Section: 3.6.2 — Agent returns VersionNotSupportedError for unsupported version
• Level: MUST
• Spec: https://github.com/a2aproject/A2A/blob/173695755607e884aa9acf8ce4feed90e32727a1/docs/specification.md#362-server-responsibilities

Specification

Agents MUST process requests using the semantics of the requested A2A-Version (matching Major.Minor). If the version is not supported by the interface, agents MUST return a VersionNotSupportedError.

Expected behavior

When a request includes A2A-Version: 99.0, the server should reject it with a VersionNotSupportedError:

• JSON-RPC: error response with code -32009
• HTTP+JSON: HTTP 400 Bad Request

Actual behavior

The server ignores the A2A-Version header entirely and processes the request normally, returning a successful result (HTTP 200) on both transports. The SDK defines VersionNotSupportedError and its error code mappings (src/a2a/utils/errors.py) but the server request handlers (jsonrpc_handler.py, rest_handler.py) never read or validate the header.

Reproducer

# 1. Verify the agent is running
curl -s http://localhost:9999/.well-known/agent-card.json | jq '.supportedInterfaces'

# 2. JSON-RPC: Send a request with unsupported A2A-Version 99.0
#    Expected: JSON-RPC error with code -32009
#    Actual: successful result with task data
curl -s -X POST http://localhost:9999 \
  -H "Content-Type: application/json" \
  -H "A2A-Version: 99.0" \
  -d '{"jsonrpc":"2.0","id":1,"method":"SendMessage","params":{"message":{"role":"ROLE_USER","parts":[{"text":"version test"}],"messageId":"ver-repro-001"}}}' | jq .

# 3. HTTP+JSON: Send a request with unsupported A2A-Version 99.0
#    Expected: HTTP 400 with VersionNotSupportedError
#    Actual: HTTP 200 with successful task result
curl -s -w "\nHTTP_STATUS: %{http_code}\n" -X POST http://localhost:9999/a2a/rest/message:send \
  -H "Content-Type: application/json" \
  -H "A2A-Version: 99.0" \
  -d '{"message":{"role":"ROLE_USER","parts":[{"text":"version test"}],"messageId":"ver-repro-002"}}'

TCK test

tests/compatibility/core_operations/test_error_handling.py::TestVersionErrors::test_unsupported_version_returns_error_jsonrpc
tests/compatibility/core_operations/test_error_handling.py::TestVersionErrors::test_unsupported_version_returns_error_rest

Relevant log output

Code of Conduct

• I agree to follow this project's Code of Conduct

[jmesnil]

I'm testing the a2a-python SDK from the v1.0.0-alpha.0 tag.

This is an ongoing task for the a2a-tck so I need to make sure that the SUT is properly implemented (it's in the PR at https://github.com/a2aproject/a2a-tck/pull/139/changes#diff-c45a7225191a2ae4f3bd7af29c3036b9e461ee93d3d31964aed417d46086d637) but this looks to be a genuine error.