Skip to content

Fix A2A agent card advertising unroutable wildcard address#1685

Merged
dgageot merged 1 commit intodocker:mainfrom
dgageot:fix-1679
Feb 11, 2026
Merged

Fix A2A agent card advertising unroutable wildcard address#1685
dgageot merged 1 commit intodocker:mainfrom
dgageot:fix-1679

Conversation

@dgageot
Copy link
Copy Markdown
Member

@dgageot dgageot commented Feb 10, 2026

Replace wildcard listen addresses (::, 0.0.0.0) with localhost in the agent card URL so clients can actually reach the server. Also switch TCP listeners to tcp4 to avoid binding to IPv6 on dual-stack systems.

Fixes #1679

Assisted-By: cagent
@dgageot
Fix A2A agent card advertising unroutable wildcard address
ee47fa0 
Replace wildcard listen addresses (::, 0.0.0.0) with localhost in the
agent card URL so clients can actually reach the server. Also switch
TCP listeners to tcp4 to avoid binding to IPv6 on dual-stack systems.

Fixes docker#1679

Assisted-By: cagent
@dgageot dgageot requested a review from a team as a code owner February 10, 2026 18:26
docker-agent[bot]
docker-agent Bot reviewed Feb 10, 2026
View reviewed changes
Copy link
Copy Markdown

@docker-agent docker-agent Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

The routableAddr() function is well-implemented with good test coverage. However, there's a concern about the tcp4 change in listen.go that removes IPv6 support, potentially breaking existing users without clear error messages.

See inline comment for details.
Comment thread pkg/server/listen.go
func listenTCP(ctx context.Context, addr string) (net.Listener, error) {
var lc net.ListenConfig
return lc.Listen(ctx, "tcp", addr)
return lc.Listen(ctx, "tcp4", addr)
Copy link
Copy Markdown

@docker-agent docker-agent Bot Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential Breaking Change: IPv6 Support Removed

Changing from "tcp" to "tcp4" restricts socket binding to IPv4 only. While this aligns with the PR description ("avoid binding to IPv6 on dual-stack systems"), it introduces a breaking change:

  • Impact: If users pass IPv6 addresses like [::1]:8080 or [2001:db8::1]:8080, binding will fail with a cryptic error: "listen tcp4: address ::1: no suitable address found"
  • No validation: There's no check to prevent IPv6 addresses from being passed or to provide a clear error message
  • Tests consider IPv6: The routableAddr() tests include IPv6 cases ("[::]:8080"), suggesting IPv6 was considered in the design

Alternative approach: Consider keeping "tcp" for backward compatibility and let routableAddr() handle the agent card URL transformation. This would:

  • Fix the wildcard address advertising issue (the original bug)
  • Maintain IPv6 support for explicit addresses
  • Avoid a breaking change

If tcp4 is the desired approach: Consider adding validation to detect IPv6 addresses and return a clear error message like "IPv6 addresses are not supported, please use IPv4".

Thoughts?

@dgageot dgageot merged commit 9ed1daa into docker:main Feb 11, 2026
8 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Feb 12, 2026
Merged
@dgageot dgageot deleted the fix-1679 branch February 27, 2026 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@dgageot @trungutt