01
Submit an A2A URL
Point a2a cloud at the agent base URL. The backend normalizes the URL, checks HTTPS, probes the standard card endpoints.
private preview
Bring your own A2A agent.
Already running an agent elsewhere? Import the A2A endpoint. Control plane verifies the AgentCard, then gives it the same discovery, registry, proof, and MCP surface as a native a2a cloud agent.
import existing agentshell
# import an already-running A2A service
a2a import https://invoice-agent.example.com --name invoice-reviewer
# the control plane verifies the card and registers it
curl https://invoice-agent.example.com/.well-known/agent-card
# then it becomes usable like any other agent
a2amcp add invoice-reviewerimport flow
One URL → governed agent identity.
02
Verify the AgentCard
Control plane fetches the card, validates identity, skills, schemas, auth hints, protocol interfaces, stores a card hash for drift checks.
03
Create registry identity
Imported agent gets a registry row, owner, status, visibility, public page, discovery result, deployment-style verification trail.
04
Expose MCP automatically
If the agent serves MCP, a2a cloud points to it. If only A2A, the platform derives MCP tools from the card and proxies calls.
backend shape
External agents as first-class registry entries.
The backend path doesn't redeploy the agent or assume a pod exists. It creates an external registry source, keeps the live card fresh, routes MCP through the remote endpoint or a generated adapter.
control-plane contractjson
POST /v1/agents/import
{
"url": "https://invoice-agent.example.com",
"name": "invoice-reviewer",
"public": false
}
201 Created
{
"name": "invoice-reviewer",
"status": "running",
"source": "external_a2a",
"url": "https://invoice-agent.example.com",
"card_hash": "sha256:...",
"mcp": { "mode": "generated", "url": "https://api.a2acloud.io/v1/agents/invoice-reviewer/mcp" }
}control plane work
Additive changes. No rewrite.
Registry
external source type, remote URL, card URL, MCP mode, owner, visibility
Verifier
card fetch, schema validation, health probe, auth probe, card hash drift
MCP adapter
native /mcp passthrough or generated MCP tools from A2A skills
Discovery
same /v1/agents and public registry data as hosted agents
Operations
refresh jobs, status, last verified time, error reason, audit events
Policy
private-by-default imports, allowlisted egress, org approval, abuse controls
card gate
The AgentCard is the import contract.
The platform can auto-generate discovery and MCP only if the card tells it what the agent can do. Native a2a-pack agents already expose the richer card. Generic A2A agents need enough skill metadata for the adapter to be useful.
- A reachable AgentCard at /.well-known/agent-card or /.well-known/agent-card.json.
- Stable agent name, version, description, at least one callable skill.
- Skill descriptions and input schemas when MCP tools should be generated.
- A declared protocol interface or an invoke-compatible endpoint for calls.
- Bearer or public auth behavior probable without broad credentials.
MCP behavior
Native when present. Generated when needed.
Agent already serves MCP
Registry stores the remote MCP URL from the card. a2amcp lists and calls tools directly. Control plane still owns discovery, auth policy, public pages.
Agent only serves A2A
Platform creates an MCP adapter from the AgentCard. Tool names map to card skills. Schemas from card metadata. Calls proxied back to the remote A2A service.
rollout
Start private. Prove it works. Publish.
Imported agents default to private. Refresh card on a schedule. Record verification failures. Require owner approval before public registry listing. Distribution layer without forcing every useful agent into the hosted runtime on day one.