Handler
Verified Safeby alDuncanson
Overview
An A2A (Agent-to-Agent) Protocol client and developer toolkit providing CLI, TUI, local server agent, and MCP server for interacting with AI agents.
Installation
handler mcpEnvironment Variables
- OLLAMA_MODEL
- OLLAMA_API_BASE
- HANDLER_API_KEY
Security Notes
The project handles authentication credentials (API keys, bearer tokens) and stores them in `~/.handler/sessions.json` on the local filesystem. While common for developer tools, this file is not encrypted, making stored credentials vulnerable if the user's home directory is compromised. The `handler server agent` component uses `subprocess.run` to interact with the `ollama` CLI, which is generally safe for its intended use cases (`ollama list`, `ollama pull`) but always carries a minor risk if arguments were less controlled. The `APIKeyAuthMiddleware` for the local A2A server uses `secrets.token_urlsafe` for generating API keys, which is good practice. Local servers (`handler server agent` and `handler server push`) bind to `0.0.0.0` or `127.0.0.1` by default; users should be aware of network exposure when binding to `0.0.0.0` without additional security measures, though the A2A agent supports API key authentication.
Similar Servers
gemini-cli
Provides an A2A (Agent-to-Agent) server for the Gemini CLI, enabling external agents to interact with and utilize the CLI's capabilities for executing tasks and accessing tools.
mcp-gateway-registry
Provides a programmatic interface to interact with the main MCP Gateway Registry API, enabling tasks like registering/toggling services, managing groups/users, and intelligently discovering tools across registered services using semantic search and access control.
agentor
Build and deploy scalable AI agents that can interact with various tools and communicate via A2A and MCP protocols.
AgentUp
A developer-first framework for building, deploying, and managing AI agents, bringing Docker-like consistency and operational ease to AI agent development.