feat: Support multi-tenancy

[bartek-gralewicz]

Description

Added support for multi-tenancy.

Multi-Tenancy

This handler supports multi-tenant deployments through the tenant field present
on all request objects (per A2A spec Sections 3.1.x and 4.4.6). The tenant value
flows through the system as follows:

1. Transport layer extracts tenant from the protocol-specific source:

   • REST: URL path prefix (/:tenant/...)
   • JSON-RPC: params.tenant in the request body
   • gRPC: tenant field in the request message

2. ServerCallContext.tenant carries the tenant to all downstream components,
   including TaskStore, PushNotificationStore, and AgentExecutor.

3. InMemoryTaskStore and InMemoryPushNotificationStore use context.tenant
   to scope data with composite keys ({tenant}:{id}), providing tenant isolation.

Similar PR done in Python SDK: a2aproject/a2a-python#758

Fixes #325 🦕

[github-actions]

🧪 Code Coverage

⬇️ Download Full Report

	Base	PR	Delta
src/client/factory.ts	95.58%	95.62%	🟢 +0.04%
src/client/transports/grpc/grpc_transport.ts	91.07%	91.16%	🟢 +0.09%
src/client/transports/json_rpc_transport.ts	59.17%	58.65%	🔴 -0.52%
src/client/transports/rest_transport.ts	75.29%	85.55%	🟢 +10.26%
src/server/express/rest_handler.ts	88.97%	84.79%	🔴 -4.18%
src/server/grpc/grpc_service.ts	73.25%	73.41%	🟢 +0.16%
src/server/push_notification/push_notification_store.ts	85.36%	87.3%	🟢 +1.94%
src/server/request_handler/default_request_handler.ts	79.64%	80.06%	🟢 +0.42%
src/server/store.ts	64.83%	70.09%	🟢 +5.26%
src/server/transports/jsonrpc/jsonrpc_transport_handler.ts	72.8%	75.42%	🟢 +2.62%
src/server/transports/rest/rest_transport_handler.ts	98.81%	98.87%	🟢 +0.06%
src/client/transports/tenant_transport_decorator.ts (new)	—	100%	—
Total	83.54%	84.8%	🟢 +1.26%

Generated by coverage-comment.yml

[bartek-gralewicz]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces comprehensive multi-tenancy support across the client and server components. Key updates include the addition of a tenant field to the ServerCallContext, the implementation of tenant-aware routing in REST, gRPC, and JSON-RPC transports, and the introduction of tenant-scoped data isolation in the in-memory task and push notification stores. While the implementation successfully enables multi-tenant workflows, the review identifies a critical vulnerability in the composite key generation logic used for storage. Specifically, the current key structure is susceptible to collisions between tenanted and global-scope identifiers, which could lead to unintended data overwrites and loss of isolation.