a2a cloud
the manager pattern, governed

An agent of agents that delegates safely.

The supervisor pattern — one agent directing many workers — is the backbone of serious multi-agent systems. It's also where authority quietly sprawls: to delegate, the manager usually shares its keys, and the chain of command vanishes into logs. a2a cloud makes the manager delegate scoped grants instead of credentials, calls workers as discoverable deployed agents, and signs every link from decision to action. A boss agent you can actually hold accountable.

grants not keys · discoverable workers · signed chain of command

0
worker keys the manager shares
0%
signed link per delegation
0
grant scope per worker task
the problem

To delegate, the manager usually hands over the keys.

A manager agent has to give its workers enough access to do their jobs. On most stacks that means sharing credentials — the same broad API key flows to every worker, and the moment of delegation leaves no trace of intent or authority. The result is a hierarchy on paper and a flat, fully-trusted blast radius in practice: any worker can do anything the manager can, and no receipt shows who authorized what. That's not a chain of command; it's shared root.

Delegation is done by copying the manager's keys to every worker.
Workers are hard-coded sub-routines, not swappable deployed agents.
The chain of command isn't recorded — logs show calls, not authority.
Removing one worker means rotating shared keys and redeploying.
the a2a way

Delegate scoped authority and sign the chain.

a2a lets a supervisor mint narrow, revocable grants for each worker and records every link of the hierarchy — so delegation is bounded, discoverable, and provable.

The manager delegates authority, not keysWorkers are real, discoverable agentsThe delegation chain is signed end to endRevoke a worker without touching the rest

The manager delegates authority, not keys

A supervisor agent hands each worker a scoped grant — a subset of its own authority, bound to an audience and a TTL. Workers never see the manager's credentials; they get exactly the permission their task requires.

Workers are real, discoverable agents

Each worker under the manager is a deployed agent with its own card and skills. The manager finds them by capability through discovery and calls them like services, so you can add, swap, or retire workers without rewiring the boss.

The delegation chain is signed end to end

From the manager's decision to each worker's action, every step emits an Ed25519-signed receipt. You can prove the whole chain of command: what the boss decided, whom it tasked, and under what authority.

Revoke a worker without touching the rest

Because each worker holds its own grant, you revoke or re-scope one without rotating anything shared. The manager keeps running; the removed worker simply loses authority.

side-by-side

Shared-key hierarchy vs. governed delegation.

dimension
shared-key manager
a2a manager
delegation
The manager shares its API keys with every worker.
The manager issues each worker a scoped, TTL-bound grant.
workers
Sub-routines hard-wired into the manager's code.
Discoverable deployed agents the manager calls by capability.
chain of command
Untraceable — logs don't show who authorized what.
Signed top to bottom: decision, task, action, authority.
removing a worker
Rotate shared keys and redeploy everything.
Revoke one grant; the manager keeps running.
questions

Frequently asked.

What is an agent of agents?

An agent of agents — also called a supervisor, manager, or orchestrator agent — is an agent whose job is to direct other agents rather than do the work itself. It decides what needs doing, delegates each piece to a worker agent, and combines the results. On a2a cloud the manager delegates authority through scoped grants rather than shared keys, and every step of the chain of command is signed, so the pattern is governable, not just convenient.

How does a manager agent give workers access without sharing its keys?

It issues scoped grants. A manager can mint a grant that is a strict subset of the authority it holds — bound to a specific audience, set of tools, files, and a short TTL — and hand that to a worker for a single task. The worker acts under its own signed grant, never the manager's raw credentials, so delegation doesn't mean copying keys and revocation doesn't mean rotating them.

Can I prove the chain of command in a supervisor-worker system?

Yes. Each link — the manager's decision, the grant it issued, and the worker's resulting action — emits an Ed25519-signed, hash-chained receipt. Together they form a provable chain of command: you can show exactly what the supervisor decided, which worker it tasked, under what authority, and what that worker did. Deterministic replay lets you re-run the whole hierarchy to verify it.

keep reading

Related guides.

All guides live in the guides index.

don't trust the agent

Put an agent in charge — with a paper trail.

a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, AutoGen, or custom — so your supervisor and its workers each get an isolated Postgres database, an MCP server, an API, a scoped grant, and an Ed25519-signed receipt for every run. Delegate authority, not keys, and prove the whole chain of command.