a2a cloud
one command, a production API

Deploy your AI agent as an API, batteries included.

Getting an agent to run is not the hard part. Making it a production service — an API with schemas, a database, authentication, and an audit trail — is. a2a cloud collapses that into one command: `a2a deploy` turns your agent into a REST/OpenAPI service with managed Postgres, auth on the front door, TLS, and an Ed25519-signed receipt for every request.

REST · MCP · A2A · frontend — one deploy

0
commands to production
0
surfaces per agent
0%
signed per request
the problem

Your agent works. Turning it into a service is the other 80%.

A working agent in a notebook is a long way from a service other systems can depend on. To ship it as an API you write route handlers and schemas, provision and migrate a database, integrate authentication, add logging you can't really trust, containerize it, and put TLS in front. None of that is your agent's logic — it's the undifferentiated infrastructure every team rebuilds, badly, before their agent does anything for a caller.

Wrapping the agent in FastAPI or Express and hand-writing routes and schemas is pure boilerplate.
Provisioning Postgres, wiring the connection, and managing migrations is a project of its own.
Building auth — token issuance, verification, rotation — delays v1 by weeks.
Bolt-on logging is mutable and can't prove what the agent did on a given request.
the a2a way

One deploy. The API, the database, the auth, the proof.

a2a cloud makes the whole production surface a single output. You ship the agent; the platform generates the API, provisions the database, authenticates callers, and signs a receipt for every request.

One command, a real APIManaged Postgres, wired inAuth without building authA signed receipt per requestMCP, A2A, and a frontend toomicroVM-isolated runtime

One command, a real API

`a2a deploy` turns your agent into a REST service with a generated OpenAPI spec. Every tool becomes an endpoint with typed request and response schemas — callable from curl, an SDK, or another service.

Managed Postgres, wired in

A managed Postgres database is provisioned and connected on the first deploy. Your agent has durable state from the start, not after you go set up a database and paste a connection string.

Auth without building auth

The API is authenticated by default. Callers present short-lived signed tokens and scoped grants — you don't stand up OAuth, an identity provider, or a key-management scheme to ship v1.

A signed receipt per request

Every API call returns an Ed25519-signed receipt: inputs, outputs, tool calls, cost, caller, and the grant that authorized it. You can prove what your agent API did on any given request.

MCP, A2A, and a frontend too

The same tools are published as MCP tools and A2A operations, and you can host a frontend on the same deploy. One agent, reachable as an API, an MCP server, an A2A peer, and a web app.

microVM-isolated runtime

Each agent API runs inside a libkrun microVM with hypervisor-grade isolation and TLS on a stable hostname — a production service boundary, not a shared process behind a proxy.

side-by-side

Building it yourself vs. `a2a deploy`.

dimension
roll your own
a2a cloud
getting an API
Wrap the agent in FastAPI or Express, write route handlers, define schemas, and containerize it.
`a2a deploy` generates a REST/OpenAPI surface from your tools — no hand-written routes.
database
Provision Postgres, manage migrations, wire the connection string, handle secrets.
A managed Postgres database is provisioned and connected on the first deploy.
auth
Integrate an identity provider or roll token issuance, verification, and rotation yourself.
Authenticated by default with short-lived signed tokens and scoped grants.
audit
Add logging, hope it captures enough, and accept it's mutable and unprovable.
Every request returns an Ed25519-signed, hash-chained receipt you can verify externally.
surfaces
Rebuild the same logic to also speak MCP, A2A, or serve a UI.
REST, MCP, A2A, and frontend hosting from one deploy of one agent.
questions

Frequently asked.

How do I deploy an AI agent as an API?

Run `a2a deploy` against your agent. a2a cloud generates a REST service with an OpenAPI spec — each tool becomes a typed endpoint — and provisions a managed Postgres database, authentication, TLS, and a stable hostname. Your agent is a callable production API without any of the plumbing written by hand.

What do I get beyond the REST endpoints?

The same tools are also published as MCP tools and A2A operations, and you can host a frontend on the same deploy. Every request returns an Ed25519-signed receipt, callers authenticate with short-lived tokens and scoped grants, and the runtime is isolated in a libkrun microVM — API, database, auth, and audit in one command.

Do I need to write route handlers or an OpenAPI spec?

No. The REST surface and its OpenAPI spec are generated from the tools you already expose on your agent, with typed request and response schemas. You don't hand-write route handlers, and the spec stays in step with your code across deploys.

Is the agent API production-ready or just a demo?

It's a production service: TLS on a stable hostname, a managed Postgres database, authentication on the front door, and a libkrun microVM boundary per agent. Every request also produces a signed receipt, so you have a verifiable audit trail from day one — this is governed agent execution, not a localhost prototype.

Which agent frameworks can I deploy as an API?

LangGraph, CrewAI, the OpenAI Agents SDK, and custom Python or TypeScript agents all deploy as-is. a2a cloud wraps whatever you bring in the REST, MCP, and A2A surfaces, so you don't rewrite the agent to expose it as an API.

keep reading

Related guides.

All guides live in the guides index.

ship the agent, skip the plumbing

Deploy your agent as an API today.

a2a cloud turns any agent — LangGraph, CrewAI, OpenAI Agents SDK, or custom — into a production REST/OpenAPI service with a managed Postgres database, an MCP server, an A2A endpoint, frontend hosting, auth, TLS, and an Ed25519-signed receipt for every request. Scoped grants replace shared keys. One deploy, the whole agent app, with proof.