A2A Protocol v1.2 — The Standard for AI Agent-to-Agent Communication

Posted on: 4/26/2026 6:14:13 PM

Table of contents

💡 Quick Summary
1. Why Do We Need A2A Protocol?
2. Evolution Timeline
3. Core Architecture
4. Transport Bindings — Three Ways to Communicate
1. Example: Sending a Message via HTTP/REST
2. Example: Streaming Response via SSE
5. Async Result Delivery Mechanisms
6. Security — Beyond Just OAuth
7. A2A vs MCP — Complementary, Not Competing
1. ✅ Which One First?
8. Multi-Turn Interaction
9. Ecosystem and SDKs
1. Quick Start with Google ADK
10. Production Deployments — Who's Using It?
11. Real-World System Design with A2A
12. Best Practices for A2A Deployment
1. 📋 Deployment Checklist
Conclusion
1. References

In today's increasingly complex AI landscape, organizations don't just have one AI agent — they have dozens, sometimes hundreds, of specialized agents. The question arises: how can agents from different frameworks, different vendors discover each other, communicate, and collaborate without custom integration for every pair? That's exactly the problem A2A Protocol (Agent-to-Agent) was built to solve.

💡 Quick Summary

If MCP (Model Context Protocol) is how an agent connects to tools and data, then A2A is how agents connect to each other. These two protocols complement each other — and both are governed by the Agentic AI Foundation under the Linux Foundation.

150+ Participating organizations

v1.2 Stable release (03/2026)

3 Transport bindings (HTTP, JSON-RPC, gRPC)

8 Task lifecycle states

1. Why Do We Need A2A Protocol?

Imagine an enterprise system with:

HR Agent (built on LangGraph) handling recruitment
Finance Agent (built on Semantic Kernel) managing budgets
IT Support Agent (built on CrewAI) providing technical assistance

When a new employee is hired, the HR Agent needs to request the Finance Agent to allocate equipment budget, while simultaneously asking the IT Support Agent to create an email account. Without a common protocol, you'd need N × M custom integrations for every agent pair — a maintenance nightmare.

graph LR
    A[HR Agent
LangGraph] -->|A2A| B[Finance Agent
Semantic Kernel]
    A -->|A2A| C[IT Support Agent
CrewAI]
    B -->|A2A| D[Procurement Agent
AutoGen]
    C -->|A2A| D
    style A fill:#e94560,stroke:#fff,color:#fff
    style B fill:#2c3e50,stroke:#fff,color:#fff
    style C fill:#2c3e50,stroke:#fff,color:#fff
    style D fill:#16213e,stroke:#fff,color:#fff

Agents from different frameworks communicating via the standardized A2A protocol

2. Evolution Timeline

04/2025

Google announces A2A Protocol at Cloud Next '25, with Salesforce, SAP, and ServiceNow as founding supporters.

06/2025

A2A transferred to the Linux Foundation, becoming a fully open-source project.

08/2025

Version v0.3 released: gRPC binding, signed Agent Cards, expanded Python SDK.

01/2026

A2A v1.0 goes stable — complete specification with all 3 transport bindings.

03/2026

A2A v1.2 — Signed Agent Cards with cryptographic signatures, domain verification, multi-tenancy. 150+ organizations participating.

3. Core Architecture

A2A is designed around 5 central concepts:

3.1 Agent Card — The Agent's Digital Identity

An Agent Card is a JSON metadata document published by an A2A Server, describing its identity, capabilities, skills, service endpoint, and authentication requirements. It's the discovery mechanism — allowing other agents to know who you are and what you can do.

{
  "name": "Finance Agent",
  "description": "Budget management, expense approval, financial reporting",
  "url": "https://agents.company.com/finance",
  "version": "1.2",
  "skills": [
    {
      "id": "budget-approval",
      "name": "Budget Approval",
      "description": "Approve spending requests under $10,000"
    },
    {
      "id": "expense-report",
      "name": "Expense Report",
      "description": "Generate expense reports by department"
    }
  ],
  "securitySchemes": {
    "oauth2": {
      "type": "oauth2",
      "flows": {
        "clientCredentials": {
          "tokenUrl": "https://auth.company.com/token",
          "scopes": { "finance:read": "", "finance:write": "" }
        }
      }
    }
  }
}

✅ Signed Agent Cards (v1.2)

Starting from v1.2, Agent Cards can be cryptographically signed for domain ownership verification. This prevents agent impersonation attacks — a critical security concern when agents automatically discover and communicate with each other.

3.2 Task — The Unit of Work

Each request between agents creates a Task — a stateful unit of work with interaction history and outputs. Tasks maintain state throughout their lifecycle, enabling asynchronous processing.

stateDiagram-v2
    [*] --> Submitted
    Submitted --> Working : Agent starts processing
    Working --> Completed : Success
    Working --> Failed : Error
    Working --> Canceled : Client cancels
    Working --> InputRequired : Needs more info
    Working --> AuthRequired : Needs authentication
    Submitted --> Rejected : Agent refuses
    InputRequired --> Working : Client provides info
    AuthRequired --> Working : Client authenticates
    Completed --> [*]
    Failed --> [*]
    Canceled --> [*]
    Rejected --> [*]

Task lifecycle state machine in A2A Protocol

Notable are the InputRequired and AuthRequired states — these are interrupted states enabling multi-turn interaction. An agent can request additional information or authentication before proceeding, similar to how humans ask clarifying questions.

3.3 Message, Artifact, and Part

Concept	Role	Example
Message	Communication unit between client and agent, carrying a role (user/agent) and one or more Parts	"Approve a $5,000 budget for the engineering team"
Artifact	Task output, separated from the communication flow	PDF report file, JSON data table
Part	Smallest content unit: text, bytes (base64), URL, or structured JSON	Text snippet, base64 image, file link

⚠️ Important Note

Per the specification: "Messages SHOULD NOT be used to deliver task outputs. Results SHOULD BE returned using Artifacts." — Separating communication (Message) from results (Artifact) makes the system easier to monitor and debug.

4. Transport Bindings — Three Ways to Communicate

A2A v1.2 supports 3 transport bindings for different use cases:

Binding	Format	Streaming	Use Case
HTTP/REST	JSON over HTTPS	SSE (Server-Sent Events)	Web apps, public APIs, easiest to get started
JSON-RPC 2.0	JSON-RPC over HTTPS	SSE	Compatible with MCP ecosystem (also uses JSON-RPC)
gRPC	Protocol Buffers	Server streaming	High-throughput, low-latency, internal microservices

Example: Sending a Message via HTTP/REST

POST /messages HTTP/1.1
Host: agents.company.com
Content-Type: application/json
A2A-Version: 1.2
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...

{
  "message": {
    "role": "user",
    "parts": [
      {
        "text": "Generate Q1/2026 expense report for Engineering department"
      }
    ]
  },
  "configuration": {
    "acceptedOutputModes": ["text", "file"],
    "blocking": false
  }
}

Example: Streaming Response via SSE

POST /messages:stream HTTP/1.1
Host: agents.company.com
A2A-Version: 1.2

---
event: TaskStatusUpdateEvent
data: {"taskId":"t-123","status":{"state":"working","message":"Querying data..."}}

event: TaskArtifactUpdateEvent
data: {"taskId":"t-123","artifact":{"parts":[{"text":"Total Q1 spending: $234,500"}]}}

event: TaskStatusUpdateEvent
data: {"taskId":"t-123","status":{"state":"completed"}}

5. Async Result Delivery Mechanisms

Not every task completes instantly. A2A provides 3 mechanisms for tracking long-running tasks:

graph TB
    subgraph Polling
        A1[Client] -->|GET /tasks/id| B1[Server]
        B1 -->|Task status| A1
    end
    subgraph Streaming
        A2[Client] -->|GET /tasks/id:subscribe| B2[Server]
        B2 -->|SSE events| A2
    end
    subgraph Push Notification
        A3[Client] -->|Register webhook| B3[Server]
        B3 -->|HTTP POST events| C3[Client Webhook]
    end
    style A1 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A2 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A3 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style B1 fill:#e94560,stroke:#fff,color:#fff
    style B2 fill:#e94560,stroke:#fff,color:#fff
    style B3 fill:#e94560,stroke:#fff,color:#fff
    style C3 fill:#2c3e50,stroke:#fff,color:#fff

Three async delivery mechanisms: Polling, Streaming, Push Notification

Mechanism	Latency	Complexity	When to Use
Polling	High (depends on poll frequency)	Low	Infrequent updates, prototyping
Streaming	Very low (real-time)	Medium	Instant feedback needed, progress UI
Push Notification	Low	High (needs webhook server)	Server-to-server, hours/days-long tasks

6. Security — Beyond Just OAuth

The A2A specification mandates rigorous multi-layer security:

Transport Security: HTTPS required for all communication
Authentication: Supports API Key, HTTP Bearer, OAuth 2.0, OpenID Connect, Mutual TLS
Signed Agent Cards (v1.2): Cryptographic signatures verify agent identity, preventing impersonation
Capability-based Authorization: Servers only grant access to authorized resources
Information Leakage Prevention: Servers MUST NOT distinguish between "not found" and "not authorized" — preventing enumeration attacks

// OAuth 2.0 Client Credentials flow for agent-to-agent
{
  "securitySchemes": {
    "agent_oauth": {
      "type": "oauth2",
      "flows": {
        "clientCredentials": {
          "tokenUrl": "https://auth.company.com/oauth2/token",
          "scopes": {
            "agent:execute": "Execute tasks",
            "agent:read": "Read task results"
          }
        }
      }
    }
  }
}

7. A2A vs MCP — Complementary, Not Competing

The most common question: "Should I use A2A or MCP?" The answer: both.

graph TB
    U[User] --> O[Orchestrator Agent]
    O -->|A2A| AG1[Analysis Agent]
    O -->|A2A| AG2[Report Writer Agent]
    O -->|A2A| AG3[Email Agent]
    AG1 -->|MCP| T1[Database Tool]
    AG1 -->|MCP| T2[Analytics API]
    AG2 -->|MCP| T3[Template Engine]
    AG3 -->|MCP| T4[Email Service]
    style U fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style O fill:#e94560,stroke:#fff,color:#fff
    style AG1 fill:#2c3e50,stroke:#fff,color:#fff
    style AG2 fill:#2c3e50,stroke:#fff,color:#fff
    style AG3 fill:#2c3e50,stroke:#fff,color:#fff
    style T1 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T2 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T3 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T4 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50

A2A for agent-to-agent routing, MCP for agent-to-tool execution

Criteria	A2A Protocol	MCP (Model Context Protocol)
Purpose	Agent communicates with Agent	Agent connects to Tool/Data
Discovery	Agent Card (JSON metadata)	Tool listing via capability negotiation
Transport	HTTPS, JSON-RPC, gRPC	stdio (local), Streamable HTTP (remote)
Opacity	Agent is a "black box" — internals hidden	Clear tool schema, deterministic
Stateful	Complex task lifecycle states	Stateless per-request
Created by	Google (04/2025)	Anthropic (11/2024)
Governance	Linux Foundation / AAIF	Linux Foundation / AAIF

✅ Which One First?

Start with MCP if you're building your first agent that needs to connect to databases, APIs, or file systems. Add A2A when you have multiple agents that need to coordinate — e.g., an HR agent calling a Finance agent to approve expenses.

8. Multi-Turn Interaction

A powerful A2A feature is multi-turn interaction via contextId. This enables:

Agents asking for clarification when information is missing (InputRequired state)
Related tasks grouped within the same conversational context
Agents maintaining conversational history across interactions

// Turn 1: Client sends request
{
  "message": {
    "role": "user",
    "parts": [{ "text": "Approve spending for the Backend team" }]
  }
}

// Server responds: needs more info
{
  "taskId": "t-456",
  "contextId": "ctx-789",
  "status": { "state": "input-required", "message": "What is the specific amount?" }
}

// Turn 2: Client provides info (same contextId)
{
  "message": {
    "role": "user",
    "contextId": "ctx-789",
    "taskId": "t-456",
    "parts": [{ "text": "$8,500 for Q2 software licenses" }]
  }
}

9. Ecosystem and SDKs

A2A has been natively integrated into the most popular agent frameworks:

Framework / SDK	A2A Support	Language
Google ADK (Agent Development Kit)	Native, first-class	Python
LangGraph	Built-in integration	Python, TypeScript
CrewAI	Plugin	Python
Semantic Kernel	Built-in	C#, Python
AutoGen	Built-in	Python
LlamaIndex Agents	Integration	Python

Quick Start with Google ADK

# Create project with A2A support
uvx agent-starter-pack create my-finance-agent -a adk@gemini-fullstack

# Agent Card auto-generated at /.well-known/agent.json
# Deploy to Cloud Run
gcloud run deploy my-finance-agent --source .

10. Production Deployments — Who's Using It?

A2A isn't just a paper specification — major organizations have deployed it in production:

Tyson Foods & Gordon Food Service: Supply chain systems with multiple A2A agents sharing product data and sales leads in real-time
Adobe: Creative content agents coordinating via A2A
ServiceNow: IT workflow agents auto-routing tickets through A2A
S&P Global: Financial analysis agents communicating cross-domain
Salesforce, SAP, Twilio: A2A integrated into their platform agent ecosystems

11. Real-World System Design with A2A

Here's a reference architecture for an order management system using A2A:

graph TB
    GW[API Gateway] --> OA[Order Agent]
    OA -->|A2A: check inventory| IA[Inventory Agent]
    OA -->|A2A: process payment| PA[Payment Agent]
    OA -->|A2A: create shipment| SA[Shipping Agent]
    PA -->|A2A: fraud check| FA[Fraud Detection Agent]
    SA -->|A2A: send notification| NA[Notification Agent]
    IA -->|MCP| DB1[(Inventory DB)]
    PA -->|MCP| PS[Payment Service]
    SA -->|MCP| LP[Logistics Partner API]
    NA -->|MCP| ES[Email/SMS Service]
    style GW fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style OA fill:#e94560,stroke:#fff,color:#fff
    style IA fill:#2c3e50,stroke:#fff,color:#fff
    style PA fill:#2c3e50,stroke:#fff,color:#fff
    style SA fill:#2c3e50,stroke:#fff,color:#fff
    style FA fill:#16213e,stroke:#fff,color:#fff
    style NA fill:#16213e,stroke:#fff,color:#fff
    style DB1 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style PS fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style LP fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style ES fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50

Order management system architecture combining A2A (agent-to-agent) and MCP (agent-to-tool)

12. Best Practices for A2A Deployment

📋 Deployment Checklist

Be specific in Agent Cards: Clearly describe skills, input/output formats, and limitations — vague agent cards lead to poor discovery
Use contextId to group tasks: Avoid creating new contexts for each message in the same workflow
Implement all 3 async mechanisms: Polling for backward compatibility, Streaming for great UX, Push for server-to-server
Signed Agent Cards are mandatory for production: Never trust unsigned agent cards in real environments
Separate Message and Artifact: Task results must be returned via Artifacts, not stuffed into Messages
Versioning: Always send the A2A-Version header, handle gracefully when the server doesn't support the requested version

Conclusion

A2A Protocol v1.2 marks the maturation of agent-to-agent communication: from a Google proposal to an open standard under the Linux Foundation with 150+ participating organizations. Combined with MCP for agent-to-tool connections, the A2A + MCP duo creates a complete communication foundation for multi-agent AI ecosystems.

With signed Agent Cards, multi-turn interaction, and 3 flexible transport bindings, A2A is production-ready. If you're operating more than one AI agent — it's time to seriously consider A2A.

References

#A2A Protocol #Agentic AI #Multi-Agent #system design #Google

# A2A Protocol v1.2 — The Standard for AI Agent-to-Agent Communication

In today's increasingly complex AI landscape, organizations don't just have one AI agent — they have dozens, sometimes hundreds, of specialized agents. The question arises: how can agents from different frameworks, different vendors **discover each other, communicate, and collaborate** without custom integration for every pair? That's exactly the problem **A2A Protocol (Agent-to-Agent)** was built to solve.

#### 💡 Quick Summary

If **MCP** (Model Context Protocol) is how an agent connects to *tools and data*, then **A2A** is how *agents connect to each other*. These two protocols complement each other — and both are governed by the **Agentic AI Foundation** under the Linux Foundation.

150+ Participating organizations

v1.2 Stable release (03/2026)

3 Transport bindings (HTTP, JSON-RPC, gRPC)

8 Task lifecycle states

## 1. Why Do We Need A2A Protocol?

Imagine an enterprise system with:

- **HR Agent** (built on LangGraph) handling recruitment
- **Finance Agent** (built on Semantic Kernel) managing budgets
- **IT Support Agent** (built on CrewAI) providing technical assistance

When a new employee is hired, the HR Agent needs to request the Finance Agent to allocate equipment budget, while simultaneously asking the IT Support Agent to create an email account. Without a common protocol, you'd need **N × M** custom integrations for every agent pair — a maintenance nightmare.

```
graph LR
    A[HR Agent  
LangGraph] -->|A2A| B[Finance Agent  
Semantic Kernel]
    A -->|A2A| C[IT Support Agent  
CrewAI]
    B -->|A2A| D[Procurement Agent  
AutoGen]
    C -->|A2A| D
    style A fill:#e94560,stroke:#fff,color:#fff
    style B fill:#2c3e50,stroke:#fff,color:#fff
    style C fill:#2c3e50,stroke:#fff,color:#fff
    style D fill:#16213e,stroke:#fff,color:#fff

```
Agents from different frameworks communicating via the standardized A2A protocol

## 2. Evolution Timeline

04/2025

Google announces A2A Protocol at Cloud Next '25, with Salesforce, SAP, and ServiceNow as founding supporters.

06/2025

A2A transferred to the **Linux Foundation**, becoming a fully open-source project.

08/2025

Version v0.3 released: gRPC binding, signed Agent Cards, expanded Python SDK.

01/2026

A2A v1.0 goes stable — complete specification with all 3 transport bindings.

03/2026

A2A v1.2 — Signed Agent Cards with cryptographic signatures, domain verification, multi-tenancy. 150+ organizations participating.

## 3. Core Architecture

A2A is designed around 5 central concepts:

### 3.1 Agent Card — The Agent's Digital Identity

An **Agent Card** is a JSON metadata document published by an A2A Server, describing its identity, capabilities, skills, service endpoint, and authentication requirements. It's the **discovery mechanism** — allowing other agents to know who you are and what you can do.

```
{
  "name": "Finance Agent",
  "description": "Budget management, expense approval, financial reporting",
  "url": "https://agents.company.com/finance",
  "version": "1.2",
  "skills": [
    {
      "id": "budget-approval",
      "name": "Budget Approval",
      "description": "Approve spending requests under $10,000"
    },
    {
      "id": "expense-report",
      "name": "Expense Report",
      "description": "Generate expense reports by department"
    }
  ],
  "securitySchemes": {
    "oauth2": {
      "type": "oauth2",
      "flows": {
        "clientCredentials": {
          "tokenUrl": "https://auth.company.com/token",
          "scopes": { "finance:read": "", "finance:write": "" }
        }
      }
    }
  }
}
```

#### ✅ Signed Agent Cards (v1.2)

Starting from v1.2, Agent Cards can be **cryptographically signed** for domain ownership verification. This prevents agent impersonation attacks — a critical security concern when agents automatically discover and communicate with each other.

### 3.2 Task — The Unit of Work

Each request between agents creates a **Task** — a stateful unit of work with interaction history and outputs. Tasks maintain state throughout their lifecycle, enabling asynchronous processing.

```
stateDiagram-v2
    [*] --> Submitted
    Submitted --> Working : Agent starts processing
    Working --> Completed : Success
    Working --> Failed : Error
    Working --> Canceled : Client cancels
    Working --> InputRequired : Needs more info
    Working --> AuthRequired : Needs authentication
    Submitted --> Rejected : Agent refuses
    InputRequired --> Working : Client provides info
    AuthRequired --> Working : Client authenticates
    Completed --> [*]
    Failed --> [*]
    Canceled --> [*]
    Rejected --> [*]

```
Task lifecycle state machine in A2A Protocol

Notable are the `InputRequired` and `AuthRequired` states — these are **interrupted states** enabling multi-turn interaction. An agent can request additional information or authentication before proceeding, similar to how humans ask clarifying questions.

### 3.3 Message, Artifact, and Part

| Concept | Role | Example |
| --- | --- | --- |
| **Message** | Communication unit between client and agent, carrying a role (user/agent) and one or more Parts | "Approve a $5,000 budget for the engineering team" |
| **Artifact** | Task output, separated from the communication flow | PDF report file, JSON data table |
| **Part** | Smallest content unit: text, bytes (base64), URL, or structured JSON | Text snippet, base64 image, file link |

#### ⚠️ Important Note

Per the specification: *"Messages SHOULD NOT be used to deliver task outputs. Results SHOULD BE returned using Artifacts."* — Separating communication (Message) from results (Artifact) makes the system easier to monitor and debug.

## 4. Transport Bindings — Three Ways to Communicate

A2A v1.2 supports 3 transport bindings for different use cases:

| Binding | Format | Streaming | Use Case |
| --- | --- | --- | --- |
| **HTTP/REST** | JSON over HTTPS | SSE (Server-Sent Events) | Web apps, public APIs, easiest to get started |
| **JSON-RPC 2.0** | JSON-RPC over HTTPS | SSE | Compatible with MCP ecosystem (also uses JSON-RPC) |
| **gRPC** | Protocol Buffers | Server streaming | High-throughput, low-latency, internal microservices |

### Example: Sending a Message via HTTP/REST

```
POST /messages HTTP/1.1
Host: agents.company.com
Content-Type: application/json
A2A-Version: 1.2
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...

{
  "message": {
    "role": "user",
    "parts": [
      {
        "text": "Generate Q1/2026 expense report for Engineering department"
      }
    ]
  },
  "configuration": {
    "acceptedOutputModes": ["text", "file"],
    "blocking": false
  }
}
```

### Example: Streaming Response via SSE

```
POST /messages:stream HTTP/1.1
Host: agents.company.com
A2A-Version: 1.2

---
event: TaskStatusUpdateEvent
data: {"taskId":"t-123","status":{"state":"working","message":"Querying data..."}}

event: TaskArtifactUpdateEvent
data: {"taskId":"t-123","artifact":{"parts":[{"text":"Total Q1 spending: $234,500"}]}}

event: TaskStatusUpdateEvent
data: {"taskId":"t-123","status":{"state":"completed"}}
```

## 5. Async Result Delivery Mechanisms

Not every task completes instantly. A2A provides 3 mechanisms for tracking long-running tasks:

```
graph TB
    subgraph Polling
        A1[Client] -->|GET /tasks/id| B1[Server]
        B1 -->|Task status| A1
    end
    subgraph Streaming
        A2[Client] -->|GET /tasks/id:subscribe| B2[Server]
        B2 -->|SSE events| A2
    end
    subgraph Push Notification
        A3[Client] -->|Register webhook| B3[Server]
        B3 -->|HTTP POST events| C3[Client Webhook]
    end
    style A1 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A2 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style A3 fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style B1 fill:#e94560,stroke:#fff,color:#fff
    style B2 fill:#e94560,stroke:#fff,color:#fff
    style B3 fill:#e94560,stroke:#fff,color:#fff
    style C3 fill:#2c3e50,stroke:#fff,color:#fff

```
Three async delivery mechanisms: Polling, Streaming, Push Notification

| Mechanism | Latency | Complexity | When to Use |
| --- | --- | --- | --- |
| **Polling** | High (depends on poll frequency) | Low | Infrequent updates, prototyping |
| **Streaming** | Very low (real-time) | Medium | Instant feedback needed, progress UI |
| **Push Notification** | Low | High (needs webhook server) | Server-to-server, hours/days-long tasks |

## 6. Security — Beyond Just OAuth

The A2A specification mandates rigorous multi-layer security:

- **Transport Security**: HTTPS required for all communication
- **Authentication**: Supports API Key, HTTP Bearer, OAuth 2.0, OpenID Connect, Mutual TLS
- **Signed Agent Cards** (v1.2): Cryptographic signatures verify agent identity, preventing impersonation
- **Capability-based Authorization**: Servers only grant access to authorized resources
- **Information Leakage Prevention**: Servers MUST NOT distinguish between "not found" and "not authorized" — preventing enumeration attacks

```
// OAuth 2.0 Client Credentials flow for agent-to-agent
{
  "securitySchemes": {
    "agent_oauth": {
      "type": "oauth2",
      "flows": {
        "clientCredentials": {
          "tokenUrl": "https://auth.company.com/oauth2/token",
          "scopes": {
            "agent:execute": "Execute tasks",
            "agent:read": "Read task results"
          }
        }
      }
    }
  }
}
```

## 7. A2A vs MCP — Complementary, Not Competing

The most common question: "Should I use A2A or MCP?" The answer: **both**.

```
graph TB
    U[User] --> O[Orchestrator Agent]
    O -->|A2A| AG1[Analysis Agent]
    O -->|A2A| AG2[Report Writer Agent]
    O -->|A2A| AG3[Email Agent]
    AG1 -->|MCP| T1[Database Tool]
    AG1 -->|MCP| T2[Analytics API]
    AG2 -->|MCP| T3[Template Engine]
    AG3 -->|MCP| T4[Email Service]
    style U fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style O fill:#e94560,stroke:#fff,color:#fff
    style AG1 fill:#2c3e50,stroke:#fff,color:#fff
    style AG2 fill:#2c3e50,stroke:#fff,color:#fff
    style AG3 fill:#2c3e50,stroke:#fff,color:#fff
    style T1 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T2 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T3 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style T4 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50

```
A2A for agent-to-agent routing, MCP for agent-to-tool execution

| Criteria | A2A Protocol | MCP (Model Context Protocol) |
| --- | --- | --- |
| **Purpose** | Agent communicates with Agent | Agent connects to Tool/Data |
| **Discovery** | Agent Card (JSON metadata) | Tool listing via capability negotiation |
| **Transport** | HTTPS, JSON-RPC, gRPC | stdio (local), Streamable HTTP (remote) |
| **Opacity** | Agent is a "black box" — internals hidden | Clear tool schema, deterministic |
| **Stateful** | Complex task lifecycle states | Stateless per-request |
| **Created by** | Google (04/2025) | Anthropic (11/2024) |
| **Governance** | Linux Foundation / AAIF | Linux Foundation / AAIF |

#### ✅ Which One First?

**Start with MCP** if you're building your first agent that needs to connect to databases, APIs, or file systems. **Add A2A when** you have multiple agents that need to coordinate — e.g., an HR agent calling a Finance agent to approve expenses.

## 8. Multi-Turn Interaction

A powerful A2A feature is **multi-turn interaction** via `contextId`. This enables:

- Agents asking for clarification when information is missing (`InputRequired` state)
- Related tasks grouped within the same conversational context
- Agents maintaining conversational history across interactions

```
// Turn 1: Client sends request
{
  "message": {
    "role": "user",
    "parts": [{ "text": "Approve spending for the Backend team" }]
  }
}

// Server responds: needs more info
{
  "taskId": "t-456",
  "contextId": "ctx-789",
  "status": { "state": "input-required", "message": "What is the specific amount?" }
}

// Turn 2: Client provides info (same contextId)
{
  "message": {
    "role": "user",
    "contextId": "ctx-789",
    "taskId": "t-456",
    "parts": [{ "text": "$8,500 for Q2 software licenses" }]
  }
}
```

## 9. Ecosystem and SDKs

A2A has been natively integrated into the most popular agent frameworks:

| Framework / SDK | A2A Support | Language |
| --- | --- | --- |
| **Google ADK** (Agent Development Kit) | Native, first-class | Python |
| **LangGraph** | Built-in integration | Python, TypeScript |
| **CrewAI** | Plugin | Python |
| **Semantic Kernel** | Built-in | C#, Python |
| **AutoGen** | Built-in | Python |
| **LlamaIndex Agents** | Integration | Python |

### Quick Start with Google ADK

```
# Create project with A2A support
uvx agent-starter-pack create my-finance-agent -a adk@gemini-fullstack

# Agent Card auto-generated at /.well-known/agent.json
# Deploy to Cloud Run
gcloud run deploy my-finance-agent --source .
```

## 10. Production Deployments — Who's Using It?

A2A isn't just a paper specification — major organizations have deployed it in production:

- **Tyson Foods & Gordon Food Service**: Supply chain systems with multiple A2A agents sharing product data and sales leads in real-time
- **Adobe**: Creative content agents coordinating via A2A
- **ServiceNow**: IT workflow agents auto-routing tickets through A2A
- **S&P Global**: Financial analysis agents communicating cross-domain
- **Salesforce, SAP, Twilio**: A2A integrated into their platform agent ecosystems

## 11. Real-World System Design with A2A

Here's a reference architecture for an order management system using A2A:

```
graph TB
    GW[API Gateway] --> OA[Order Agent]
    OA -->|A2A: check inventory| IA[Inventory Agent]
    OA -->|A2A: process payment| PA[Payment Agent]
    OA -->|A2A: create shipment| SA[Shipping Agent]
    PA -->|A2A: fraud check| FA[Fraud Detection Agent]
    SA -->|A2A: send notification| NA[Notification Agent]
    IA -->|MCP| DB1[(Inventory DB)]
    PA -->|MCP| PS[Payment Service]
    SA -->|MCP| LP[Logistics Partner API]
    NA -->|MCP| ES[Email/SMS Service]
    style GW fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style OA fill:#e94560,stroke:#fff,color:#fff
    style IA fill:#2c3e50,stroke:#fff,color:#fff
    style PA fill:#2c3e50,stroke:#fff,color:#fff
    style SA fill:#2c3e50,stroke:#fff,color:#fff
    style FA fill:#16213e,stroke:#fff,color:#fff
    style NA fill:#16213e,stroke:#fff,color:#fff
    style DB1 fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style PS fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style LP fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50
    style ES fill:#f8f9fa,stroke:#2c3e50,color:#2c3e50

```
Order management system architecture combining A2A (agent-to-agent) and MCP (agent-to-tool)

## 12. Best Practices for A2A Deployment

#### 📋 Deployment Checklist

- **Be specific in Agent Cards**: Clearly describe skills, input/output formats, and limitations — vague agent cards lead to poor discovery
- **Use contextId to group tasks**: Avoid creating new contexts for each message in the same workflow
- **Implement all 3 async mechanisms**: Polling for backward compatibility, Streaming for great UX, Push for server-to-server
- **Signed Agent Cards are mandatory for production**: Never trust unsigned agent cards in real environments
- **Separate Message and Artifact**: Task results must be returned via Artifacts, not stuffed into Messages
- **Versioning**: Always send the `A2A-Version` header, handle gracefully when the server doesn't support the requested version

## Conclusion

A2A Protocol v1.2 marks the maturation of agent-to-agent communication: from a Google proposal to an **open standard under the Linux Foundation** with 150+ participating organizations. Combined with MCP for agent-to-tool connections, the A2A + MCP duo creates a complete communication foundation for multi-agent AI ecosystems.

With signed Agent Cards, multi-turn interaction, and 3 flexible transport bindings, A2A is production-ready. If you're operating more than one AI agent — it's time to seriously consider A2A.

### References

- [A2A Protocol Specification v1.2](https://a2a-protocol.org/latest/specification/)
- [Google Developers Blog — Announcing A2A Protocol](https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/)
- [Google Cloud Blog — A2A Protocol Upgrades](https://cloud.google.com/blog/products/ai-machine-learning/agent2agent-protocol-is-getting-an-upgrade)
- [A2A Protocol GitHub Repository](https://github.com/a2aproject/A2A)
- [Developer's Guide to AI Agent Protocols — Google](https://developers.googleblog.com/developers-guide-to-ai-agent-protocols/)

Native AOT in .NET — Ahead-of-Time Compilation for 10x Faster Startup

GitHub Copilot Coding Agent — When AI Writes Code And Creates Pull Requests Autonomously

Disclaimer: The opinions expressed in this blog are solely my own and do not reflect the views or opinions of my employer or any affiliated organizations. The content provided is for informational and educational purposes only and should not be taken as professional advice. While I strive to provide accurate and up-to-date information, I make no warranties or guarantees about the completeness, reliability, or accuracy of the content. Readers are encouraged to verify the information and seek independent advice as needed. I disclaim any liability for decisions or actions taken based on the content of this blog.