Run DeepAgents in production.
DeepAgents — planning, subagents, a virtual file system — are built for long, complex tasks. But their default in-graph backend loses the files the model writes and has nowhere safe to run code. a2a cloud hosts DeepAgents with a workspace-backed backend: files land in a real per-agent workspace, `execute` runs in a sandboxed microVM, subagent calls carry scoped grants, and every run ships a signed receipt.
workspace-backed · sandboxed · signed
DeepAgents' default backend loses your files.
DeepAgents defaults to an in-graph StateBackend. That's fine for scratch state, but it's the wrong default for a hosted agent: files the model writes disappear into LangGraph state instead of landing in the caller's workspace, there's no isolated place to run code, and nothing records what the run actually did. Ship that as a product and you're stitching hosting, storage, a sandbox, and audit around it yourself.
Hosted DeepAgents, with a real workspace and proof.
a2a_pack.deepagents swaps the backend so the A2A workspace and sandbox — not in-graph state — are the authority. Deploy the graph you already have.
Workspace-backed files
a2a_pack.deepagents ships a WorkspaceBackend that makes the invocation workspace the source of truth. DeepAgents' built-in file tools write to the caller's MinIO/FUSE workspace instead of vanishing into LangGraph state.
Sandboxed execute
When a sandbox is attached, DeepAgents' `execute` routes through the same workspace-mounted runtime — a libkrun microVM per run. Real code, real files, hardware-isolated.
Built-in tools that persist
read, write, edit, and download map onto the A2A workspace contract, so artifacts a DeepAgents run produces survive the task and are downloadable — not trapped in graph scratch state.
Scoped grants for subagents
DeepAgents spawns subagents and hands off work. On a2a, every agent-to-agent call carries an Ed25519-signed grant — audience, TTL, file and tool scope — instead of a shared credential.
A signed receipt per run
Each DeepAgents run returns a tamper-evident, replayable receipt: inputs, tool calls, files touched, cost, and caller identity. Proof of what the agent did, not just a log.
One deploy, the whole app
`a2a deploy` gives your DeepAgents agent a hosted A2A + MCP service, an OpenAPI gateway, a managed Postgres database, auth, and TLS. Keep the graph; skip the infra.
Drop-in backend
WorkspaceBackend targets DeepAgents' BackendProtocol, so you keep your existing DeepAgents graph and swap the backend — the authority is A2A's workspace/sandbox contract, not DeepAgents state.
DeepAgents defaults vs. DeepAgents on a2a.
Frequently asked.
What is DeepAgents?
DeepAgents is a framework for long-horizon agents that combines a planning tool, subagents, a virtual file system, and detailed prompting so an agent can tackle complex, multi-step tasks instead of shallow one-shot tool calls.
How do I run DeepAgents in production?
Deploy them on a2a cloud. The a2a_pack.deepagents WorkspaceBackend plugs into DeepAgents' BackendProtocol, and `a2a deploy` turns your DeepAgents graph into a hosted A2A + MCP service with a database, auth, and an API — no infrastructure to wire up.
Why do my DeepAgents files disappear?
DeepAgents defaults to an in-graph StateBackend, so files the model writes live inside LangGraph state and don't land anywhere durable. a2a's WorkspaceBackend makes the invocation workspace (MinIO/FUSE) the source of truth, so file tools write to a real, downloadable workspace.
Can DeepAgents run code safely on a2a?
Yes. When a sandbox is attached, DeepAgents' execute is routed through a workspace-mounted libkrun microVM — a hardware-isolated boundary per run — so generated code runs against the real workspace without touching the host.
How do DeepAgents subagents authenticate to each other?
Every agent-to-agent call on a2a carries an Ed25519-signed grant that binds the audience, a short TTL, and file and tool scope. Subagents get exactly the authority they were granted — never the caller's full credentials.
Does this work with the standard DeepAgents API?
WorkspaceBackend implements DeepAgents' BackendProtocol, so you keep your existing graph and swap the backend. The authority becomes A2A's workspace and sandbox contract instead of DeepAgents' in-graph state.
Ship the graph. Keep the proof.
Point a2a_pack.deepagents at your DeepAgents graph and run `a2a deploy`. You get a hosted A2A + MCP service with a managed Postgres database, a workspace where files actually persist, a sandboxed microVM for execute, scoped grants between subagents, and an Ed25519-signed receipt for every run.