Deploy an AutoGen multi-agent system to production.
AutoGen lets a group of agents converse and hand work to each other — in one process, with no identity, authorization, or record on the exchanges between them. a2a cloud hosts the whole multi-agent system and turns those handoffs into A2A signed, authorized calls, then adds an MCP server, an auth gateway, a managed Postgres, and a per-agent receipt trail. The system your agents form, in production, with proof.
signed handoffs · no ambient trust · verifiable run
Multi-agent conversations don't survive contact with production.
An AutoGen system is a set of agents talking in a single process. It works on your machine, but production exposes what the group chat never had: no authenticated entry point, no identity or authorization on the handoffs between agents, no durable transcript, and no verifiable record of which agent did what under whose authority. When agents act on each other's behalf, in-process calls give you none of the proof an incident review needs.
One deploy makes the whole system callable, auditable, and signed.
a2a is framework-agnostic: it deploys the whole agent app around your AutoGen code and turns handoffs into A2A signed exchanges — so a multi-agent conversation becomes a production system with identity, authority, and proof on every step.
Your agents, as written
Keep your AutoGen AssistantAgents, UserProxyAgent, GroupChat, and orchestration. a2a hosts the process your system runs in — it doesn't rebuild your conversation graph in another framework.
A2A signed handoffs
When one agent hands work to another, the exchange is an Agent2Agent call carrying identity, a scoped grant, and an Ed25519 signature. Every handoff is authorized and recorded — no ambient trust between your agents.
MCP server for shared tools
The tools your agents use become a hosted MCP server, so agents inside and outside the system invoke them over a real protocol instead of sharing Python function references.
OpenAPI gateway + auth
The multi-agent system gets one authenticated HTTP entry point through an OpenAPI gateway, with Keycloak identity, TLS, and scoped grants — so the whole system is callable, not just runnable.
Managed Postgres for the transcript
Conversation state, message history, and results land in a managed Postgres provisioned in the same deploy — durable across restarts and scale-to-zero, no DB to run yourself.
Per-agent receipts
Every agent's actions produce a signed, hash-chained receipt: who acted, under what authority, what they did, and what it cost. A verifiable trail across the whole multi-agent run.
Raw AutoGen deploy vs. a2a.
Frequently asked.
How do I deploy an AutoGen multi-agent system to production?
Point a2a cloud at your AutoGen project and run one deploy. It builds your agents into a libkrun microVM, fronts the system with an authenticated OpenAPI gateway and TLS, exposes shared tools as an MCP server, provisions a managed Postgres for the transcript, and signs every agent's actions with an Ed25519 receipt. Your GroupChat and orchestration are unchanged.
What are A2A signed handoffs between agents?
When one AutoGen agent hands work to another, a2a turns that exchange into an Agent2Agent (A2A) call carrying the caller's identity, a scoped grant, and an Ed25519 signature. Instead of an untraceable in-process function call, each handoff is authorized and recorded — no ambient trust between agents in the system.
Is a2a specific to AutoGen?
No. a2a is framework-agnostic and hosts the process your AutoGen system runs in, the same way it hosts LangGraph, CrewAI, the OpenAI Agents SDK, or a custom loop. You keep AutoGen; a2a adds signed handoffs, MCP, a gateway, a database, and receipts around it.
Where does the conversation state live?
In a managed Postgres provisioned in the same deploy. Message history, group-chat transcript, and results are durable across restarts and scale-to-zero, so a long-running multi-agent conversation doesn't evaporate when the process cycles.
Can I audit what each agent in the system did?
Yes. Each agent's actions produce an Ed25519-signed, hash-chained receipt recording who acted, under what scoped authority, what they did, and what it cost. Across a multi-agent run you get a verifiable trail — don't trust the agent, trust the receipt.
Related guides.
All guides live in the guides index.
Sign every handoff.
a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — and ships it with a managed Postgres database, an MCP server, an API, a frontend, and an Ed25519-signed receipt for every run. Scoped grants, no ambient production access. One deploy, the whole agent app, with proof.