Daemon - Aion Docs

Metadata

Field	Value
Canonical URI	`https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0`
Issuer	`aion`
Version	`1.0.0`
Activation	This extension will only activate when specified.
Related Extensions	Traceability

Overview

The Daemon extension marks an agent behavior as supporting authenticated, environment-scoped daemon interaction. Daemon requests are not public chat requests. They are Aion-authenticated requests that intentionally target the daemon identity bound to an agent environment. Hosted, non-hosted, system, and third-party behaviors can declare support for this extension in their agent card. In Aion-hosted ingress, that declaration is used with the a2a.daemon capability to decide whether daemon access is allowed for a resolved environment. This extension does not define MCP tool-call payloads. An agent may use MCP tools while handling a daemon request, but MCP invocation context is derived from the authenticated daemon session rather than from this A2A extension payload.

What Is Daemon Access?

Daemon access is a controlled A2A execution mode for internal or authenticated automation.

Responsibility	Description
Declaration	A behavior declares daemon support by publishing this extension in its agent card.
Authorization	Aion ingress requires an authenticated Aion principal and daemon execution permission.
Capability Gate	Aion ingress requires the `a2a.daemon` capability configuration to be enabled.
Targeting	The request targets the daemon identity bound to a concrete agent environment.
Runtime Context	Aion attaches daemon, requester, behavior, and environment metadata to the request.

Out of scope:

This extension does not bypass Aion authentication or authorization.
This extension does not make every A2A-capable behavior daemon-addressable.
This extension does not define model, tool, or MCP transport semantics.

Agent Card Declaration

Behaviors that support daemon-style interaction declare the extension in their agent card.

{
  "capabilities": {
    "extensions": [
      {
        "uri": "https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0",
        "description": "Authenticated daemon access for environment-scoped automation",
        "required": false
      }
    ]
  }
}

The declaration means the behavior understands daemon request semantics. It does not, by itself, grant access. Aion-hosted ingress also requires authentication, authorization, and an enabled capability configuration.

Activation

Daemon activation uses the standard A2A extension activation mechanism. For HTTP bindings, the request includes the daemon URI in A2A-Extensions:

A2A-Extensions: https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0
Authorization: Bearer <aion-token>

When Aion ingress accepts a daemon request, it should:

Resolve the daemon identity to a target agent environment.
Verify the caller is authenticated with an Aion principal.
Verify daemon execution authorization for the resolved environment.
Verify the target behavior declares this extension.
Verify the a2a.daemon capability configuration is enabled.
Attach the daemon extension payload to request metadata.
Forward the request to the target agent actor or runtime.

Client-supplied daemon metadata should not be trusted at Aion ingress. The server should replace or regenerate the payload after authorization.

Payloads

DaemonExtensionPayload

Schema URI: https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0#DaemonExtensionPayload Daemon extension data is request-scoped and attached at: params.metadata["https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0"]. Placement summary:

DaemonURI: https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0
Payload location: params.metadata[DaemonURI]
Activation location: A2A-Extensions / a2a-extensions

When the payload is present, downstream consumers should expect daemonIdentity, behavior, and environment to be included. requesterIdentity is included when the authenticated requester resolves to an Aion identity record.

Payload Shape

The canonical shape is:

metadata:
  "https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0":
    daemonIdentity:
      kind: "daemon"
      id: "daemon-agent-identity-uuid"
      networkType: "Aion"
      organizationId: "org-uuid"
      displayName?: "Inventory Daemon"
      userName?: "inventory_daemon"
      avatarImageUrl?: "https://..."
      url?: "https://..."
    requesterIdentity?:
      kind: {Literal("personal", "principal", "daemon", "system")}
      id: "requester-agent-identity-uuid"
      networkType: "Aion"
      representedUserId?: "aion-user-uuid"
      organizationId: "org-uuid"
      displayName?: "Ops Agent"
      userName?: "ops_agent"
      avatarImageUrl?: "https://..."
      url?: "https://..."
    behavior:
      id: "behavior-uuid"
      behaviorKey: "inventoryAgent"
      versionId: "version-uuid"
    environment:
      id: "environment-uuid"
      name: "Production"
      deploymentId: "deployment-uuid"
      configurationVariables: {Map[String, String]}
      daemonAgentIdentityId: "daemon-agent-identity-uuid"

Fields

Field	Type	Required	Description
`daemonIdentity`	`IdentityRecord`	required	Daemon identity bound to the target environment.
`requesterIdentity`	`IdentityRecord`	optional	Authenticated requester when it resolves to an identity record.
`behavior`	`BehaviorRecord`	required	Behavior context selected for the target environment.
`environment`	`EnvironmentRecord`	required	Environment context selected for the target daemon identity.

IdentityRecord

Daemon identity records use the same identity projection shape as the Distribution extension. The kind field is the discriminator:

kind: "daemon" is the target daemon agent identity projection.
Most requester identities will use kind: "principal" or kind: "personal".
Certain integration scenarios may use kind: "system" or kind: "service".

Field	Type	Required	Description
`kind`	`String`	required	Identity discriminator (`personal`, `principal`, `daemon`, `system`, or `service`).
`id`	`UUID`	required	Identity record id.
`networkType`	`String`	required	Network/provider namespace for the identity. Use `Aion` for Aion identities.
`representedUserId`	`UUID`	optional	End-user id represented by this identity when one exists.
`organizationId`	`UUID`	required	Owning organization id.
`displayName`	`String`	optional	Display name for rendering.
`userName`	`String`	optional	Provider-facing username or Aion handle.
`avatarImageUrl`	`String`	optional	Avatar URL for display.
`url`	`String`	optional	Profile, card, or service URL when available.

Do not include internal notes, email addresses, background images, credentials, or secrets in this payload.

BehaviorRecord

Field	Type	Required	Description
`id`	`UUID`	required	Behavior id in Aion.
`behaviorKey`	`String`	required	Stable behavior key used by the runtime.
`versionId`	`UUID`	required	Behavior version id selected for execution.

EnvironmentRecord

Field	Type	Required	Description
`id`	`UUID`	required	Agent environment id in Aion.
`name`	`String`	required	Environment display name.
`deploymentId`	`UUID`	required	Deployment id associated with this environment.
`configurationVariables`	`Map[String, String]`	required	Runtime-safe environment configuration values.
`daemonAgentIdentityId`	`UUID`	required	Daemon identity assigned to this environment.

Optional fields should be omitted when unknown rather than serialized as null.

Processing Rules

A daemon extension declaration in an agent card means the behavior supports daemon semantics.
A daemon extension declaration does not grant daemon access by itself.
Aion-hosted ingress must require Aion authentication and daemon execution authorization.
Aion-hosted ingress must verify the a2a.daemon capability configuration before dispatch.
Aion-hosted ingress should regenerate daemon metadata after authorization instead of trusting caller-supplied daemon metadata.
Downstream agents should treat the payload as request-scoped context, not as a reusable credential.
Components forwarding to external A2A servers should avoid forwarding daemon metadata unless the downstream server is the intended daemon-capable target.

Example: Daemon SendMessage

POST /a2a HTTP/1.1
Host: api.aion.to
Content-Type: application/json
A2A-Extensions: https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0
Authorization: Bearer <aion-token>

{
  "jsonrpc": "2.0",
  "id": "req-daemon-1",
  "method": "SendMessage",
  "params": {
    "message": {
      "role": "ROLE_USER",
      "messageId": "msg-daemon-1",
      "parts": [
        {
          "text": "Run a health check for the inventory workflow."
        }
      ]
    },
    "metadata": {
      "https://docs.aion.to/a2a/extensions/aion/daemon/1.0.0": {
        "daemonIdentity": {
          "kind": "daemon",
          "id": "9e69c4ef-d1a5-4745-94a5-1f5e3f587dbb",
          "networkType": "Aion",
          "organizationId": "3f5a4a8f-8bb1-4c22-9421-d4dc4cb5f55b",
          "displayName": "Inventory Daemon",
          "userName": "inventory_daemon"
        },
        "requesterIdentity": {
          "kind": "principal",
          "id": "db0a311e-88af-4810-b411-3d8ea08d8fd4",
          "networkType": "Aion",
          "organizationId": "3f5a4a8f-8bb1-4c22-9421-d4dc4cb5f55b",
          "displayName": "Ops Agent",
          "userName": "ops_agent"
        },
        "behavior": {
          "id": "cdbb37fb-78c3-42f6-8572-5dfe3bb59272",
          "behaviorKey": "inventoryAgent",
          "versionId": "059e5ff9-687e-4a3f-98a8-438b0f826cc5"
        },
        "environment": {
          "id": "1e4586bc-02a7-4659-bd4d-f8ae9d2dd1f4",
          "name": "Production",
          "deploymentId": "d739f802-b2b8-4602-9dac-2a316286a48f",
          "configurationVariables": {
            "REGION": "us-west-2"
          },
          "daemonAgentIdentityId": "9e69c4ef-d1a5-4745-94a5-1f5e3f587dbb"
        }
      }
    }
  }
}

Aion Extensions

Documentation Index

​Overview

​What Is Daemon Access?

​Agent Card Declaration

​Activation

​Payloads

​DaemonExtensionPayload

​Payload Shape

​Fields

​IdentityRecord

​BehaviorRecord

​EnvironmentRecord

​Processing Rules

​Example: Daemon SendMessage