Three A2A client configuration bugs: protocol selection silently reset on card refresh, no way to set custom HTTP headers per agent, and multi-agent call timeout was hardcoded at 300s with no way to override it.

Protocol preservation on refresh

refresh_agent_card() was re-extracting the protocol from the remote card and overwriting the user's choice. Removed the update_protocol_type branch entirely — protocol is now exclusively mutated via explicit update_agent_protocol().

Custom headers support

• New custom_headers JSON column on A2AExternalAgent
• build_a2a_headers(api_key, custom_headers) merges user-supplied headers after base headers, allowing overrides
• Propagated through a2a_agent_db → a2a_client_service → ExternalA2AAgentConfig → A2AAgentInfo → _build_headers()
• New PUT /agents/{id}/settings endpoint accepting custom_headers and timeout

Configurable timeout

• New timeout Float column on A2AExternalAgent (default 300.0)
• _build_external_agent_config() reads agent.get("timeout") or 300.0 instead of the hardcoded literal
• SQL migration: v2.2.1_add_custom_headers_timeout_to_external_agent.sql

Frontend

Replaced the narrow AgentProtocolSetting popover with a unified AgentSettings component covering protocol selection, timeout (InputNumber, 1–3600 s), and custom header key-value pairs. i18n keys added for both en and zh locales.

Tests

• test_a2a_http_client.py: 5 new cases for build_a2a_headers with custom_headers
• test_a2a_agent_db.py: mock ORM class updated with custom_headers/timeout columns
• test_a2a_client_service.py: assertion updated to match new build_a2a_headers signature