Protocols and Frameworks
A2A and interoperability
Agents talking to agents
Your agent can already call tools and coordinate helpers inside your own stack. This lesson is about the harder frontier: how your agent hires an agent it does not own - built by another team, another vendor, on another framework - discovering it, delegating a task, and getting a result back, without either side cracking the other open.
The N times M problem: agents need a lingua franca
By 2025 every serious org had a pile of agents on different stacks - LangGraph here, CrewAI there, Google ADK, Semantic Kernel, a bespoke thing a team shipped last quarter. Each had its own memory, tools, and orchestration. The moment you wanted agent A (a hiring-manager assistant) to use agent B (a sourcing specialist built elsewhere), you hand-wrote an integration - re-inventing discovery, auth, task semantics, and streaming every single time. Wire M clients to N providers that way and you face up to N times M bespoke bridges.[1] Worse, direct integration usually meant leaking internal state, tool schemas, or prompts across a trust boundary.
's thesis is that agents should collaborate the way microservices or companies do - through a published contract and opaque service calls, not by sharing internals. Agent B advertises what it can do and how to reach it; agent A sends work and gets results; neither peeks inside the other. Each agent stays a black box (protecting IP, security, and independent evolution) while still composing into something larger. Google announced A2A on April 9, 2025 with 50+ partners and donated it to the Linux Foundation on June 23, 2025 (Apache-2.0, vendor-neutral governance; founding members include Google, AWS, Cisco, Salesforce, SAP, Microsoft, and ServiceNow).[5]
Tap a node to see what it does.
Google's five design principles
MCP vs A2A: tools vs peers
This is the single most confused point in the whole space, so resolve it first. You met the back in the previous lesson. MCP and A2A are not competitors - they standardize different edges of the same agent. The mental model that makes it click: MCP is vertical, A2A is horizontal.[1]
Tap a node to see what it does.
| MCP | A2A | |
|---|---|---|
| Origin | Anthropic, Nov 2024 | Google, Apr 2025, then Linux Foundation |
| Axis | Vertical: agent to tools | Horizontal: agent to agent |
| Other side is a... | tool / resource server | autonomous peer agent |
| Counterparty state | a capability you drive | an opaque actor that plans |
| Unit of interaction | tool call / resource read | task delegation to artifact |
| Primitives | Tools, Resources, Prompts | Agent Card, Task, Message |
The clean decision rule
The three primitives
A2A runs over plain HTTP(S). Everything else is three load-bearing objects.[2]
- Agent Card. A JSON "business card" a server publishes: identity, endpoint, transports, auth schemes, and - the important bit - a list of skills the client matches against. The discovery and capability document.
- Task. A stateful unit of work with a unique
id, an optionalcontextId, astatusthat walks a defined lifecycle, a growing messagehistory, and outputartifacts. The opaque job the peer performs. - Message / Part. A Message is one turn (
role= user or agent) carrying typed Parts -text,file, or structureddata. An Artifact is a finished deliverable, itself made of Parts. The content exchanged.
The is where discovery begins. Here is a trimmed one for a sourcing agent - note the skills array, which is the unit a client (or a registry) selects on:
{
"name": "TalentScout Sourcing Agent",
"description": "Finds and screens engineering candidates.",
"version": "1.2.0",
"url": "https://sourcing.example.com/a2a",
"capabilities": { "streaming": true, "pushNotifications": true },
"defaultInputModes": ["text/plain", "application/json"],
"defaultOutputModes": ["application/json"],
"securitySchemes": {
"oauth": { "type": "oauth2", "flows": { "clientCredentials": {
"tokenUrl": "https://sourcing.example.com/oauth/token" } } }
},
"skills": [{
"id": "source-candidates",
"name": "Source Candidates",
"description": "Given role criteria, returns ranked candidate profiles.",
"tags": ["recruiting", "sourcing"],
"examples": ["Find senior Go engineers in Dublin"]
}]
}Version nuance - pin your examples
/.well-known/agent.json) to the v0.3 / v1.0 line (multi-binding, card at /.well-known/agent-card.json).[3] Copy-pasting a v0.2 path against a v1.0 agent silently fails discovery. Teach the concepts; pin any wire string to a stated version and negotiate the advertised Major.Minor.Discovery to delegation, on the wire
Now the whole handshake, cross-vendor. A hiring manager tells their client agent (Vendor A) "find backend engineers in Dublin with Go." The client does not source candidates itself - it delegates to Vendor B's Sourcing Agent it discovered a moment ago.
- GET the Agent Card. The client fetches
/.well-known/agent-card.jsonfrom Vendor B. - Card returned. It carries
skillsandauth: oauth2; the client matches the skillsource-candidatesand gets a token. - message/send. The client sends the request as parts
[text, data]. - Task working. Vendor B returns a
Task { id, state: "working" }. - SSE input-required. The task pauses mid-flight and asks "Include contractors?" over an SSE stream, entering state
input-required. - Client answers. A second
message/sendagainst the sametaskIdresumes the task. - Completed plus Artifact. The task reaches
completedand returns an Artifact:{ candidates: [ ...ranked profiles ] }. Neither agent saw the other's tools, memory, or prompts - only the published Card and the returned Artifact crossed the trust boundary.
The method names you actually put on the wire: message/send (block for the result), message/stream (SSE events as work progresses), tasks/get, tasks/cancel, and tasks/pushNotificationConfig/set for webhooks.[4] The v0.3/v1.0 line also defines gRPC and HTTP+JSON/REST bindings for the same abstract operations - an agent advertises which it speaks in its Card.[2]
The task lifecycle
A Task walks a small state machine. The two interrupt states - input-required and auth-required - are the ones that make long-running, human-in-the-loop work first-class: the task pauses, asks, and resumes without failing.
Tap a node to see what it does.
Opacity and trust cut both ways
AGNTCY and the wider interop landscape
A2A is a wire protocol. AGNTCY ("Internet of Agents") is a broader infrastructure stack - open-sourced by Cisco/Outshift with LangChain, LlamaIndex, Galileo, and Glean, and welcomed into the Linux Foundation on July 29, 2025.[7] Crucially, it does not replace A2A or MCP - it wraps them with directory, identity, and telemetry.
AGNTCY's four layers
Others you will meet (mostly emerging)
Think of A2A/MCP as the protocols and AGNTCY as the directory plus identity plus telemetry around them. It positions itself explicitly as interoperable with both, making A2A agents and MCP servers discoverable and observable rather than competing on the wire.[8]
Why it matters for 2026: an internet of agents
What separates 2026 from 2025's demos is that the standard landed in the platforms. In its first year A2A crossed 150+ organizations, 22k+ GitHub stars, 5 official SDKs (Python, JS, Java, Go, .NET), and shipped v1.0 - with multi-protocol bindings, enterprise multi-tenancy, and signed Agent Cards. Microsoft wired it into Azure AI Foundry and Copilot Studio; AWS added it via Bedrock AgentCore; enterprises report production use in supply chain, financial services, insurance, and IT ops.[6]
Standardized / shipped
Still emerging / uneven
How to combine the protocols in practice
skills (with tags and examples) into your Card so registries can find you, pick delivery mode by task duration, and do not trust a logo wall - test the actual handshake, because "interoperable" only holds when versions, auth, and modalities all line up.Check yourself
Match each A2A concept to what it is.
self-describing document advertising skills, endpoint, auth
stateful, opaque unit of work with a lifecycle
finished deliverable a task produces
the task pauses to ask for clarification
SSE events as the work progresses
State the vertical/horizontal model, name A2A's three primitives, and give the path where a public Agent Card lives.
Which older path should you not copy-paste? Try to state it, then check.
Two vendors' agents must collaborate without exposing internal tools, memory, or prompts to each other. Which approach fits the requirement?
Why does A2A model work as a stateful task rather than a synchronous request and response?
Lock it in
- MCP is vertical, A2A is horizontal. Invoke a capability, MCP. Delegate to an actor that decides how, A2A. Production uses both.
- A2A's three primitives: Agent Card (discovery via
/.well-known/agent-card.json), Task (stateful, opaque, with a lifecycle), and Message/Part/Artifact (the content). - Agents compose across a trust boundary through a published contract plus opaque calls - neither side exposes tools, memory, or prompts. That opacity is the point.
input-requiredandauth-requiredmake long-running, human-in-the-loop tasks first-class; pick sync / SSE / webhook by duration.- A standard turns N times M glue into an N plus M ecosystem - the precondition for a real internet of agents. Guard it with signed cards, scoped auth, and allow-lists.
Primary source
Google - Announcing the Agent2Agent Protocol (A2A)The cleanest single read for the why: the five design principles, the explicit complementarity with MCP, capability discovery / task management / collaboration, and the candidate-sourcing example. Pair it with the A2A specification when you need exact wire details.
Sources
- 1.Google, Announcing the Agent2Agent Protocol (A2A)
- 2.A2A protocol specification
- 3.A2A specification (protocol repository)
- 4.LangChain LangSmith, A2A JSON-RPC binding
- 5.Linux Foundation, A2A Protocol Project launch
- 6.Linux Foundation, A2A surpasses 150 organizations in its first year
- 7.Linux Foundation, welcomes the AGNTCY project
- 8.Cisco Outshift, Building the Internet of Agents (AGNTCY)
- 9.Threat modeling of agent interoperability protocols (arXiv)