a2a cloud
autogen, in production

Deploy an AutoGen multi-agent system to production.

AutoGen lets a group of agents converse and hand work to each other — in one process, with no identity, authorization, or record on the exchanges between them. a2a cloud hosts the whole multi-agent system and turns those handoffs into A2A signed, authorized calls, then adds an MCP server, an auth gateway, a managed Postgres, and a per-agent receipt trail. The system your agents form, in production, with proof.

signed handoffs · no ambient trust · verifiable run

0%
handoffs signed
0
ambient trust
0$
idle cost
the problem

Multi-agent conversations don't survive contact with production.

An AutoGen system is a set of agents talking in a single process. It works on your machine, but production exposes what the group chat never had: no authenticated entry point, no identity or authorization on the handoffs between agents, no durable transcript, and no verifiable record of which agent did what under whose authority. When agents act on each other's behalf, in-process calls give you none of the proof an incident review needs.

Handoffs are in-process calls — untraceable, unauthorized, ambiently trusted.
There's no authenticated entry point to the system for other services to call.
The conversation transcript lives in memory and dies with the process.
You can't prove which agent took which action, or under what authority.
the a2a way

One deploy makes the whole system callable, auditable, and signed.

a2a is framework-agnostic: it deploys the whole agent app around your AutoGen code and turns handoffs into A2A signed exchanges — so a multi-agent conversation becomes a production system with identity, authority, and proof on every step.

Your agents, as writtenA2A signed handoffsMCP server for shared toolsOpenAPI gateway + authManaged Postgres for the transcriptPer-agent receipts

Your agents, as written

Keep your AutoGen AssistantAgents, UserProxyAgent, GroupChat, and orchestration. a2a hosts the process your system runs in — it doesn't rebuild your conversation graph in another framework.

A2A signed handoffs

When one agent hands work to another, the exchange is an Agent2Agent call carrying identity, a scoped grant, and an Ed25519 signature. Every handoff is authorized and recorded — no ambient trust between your agents.

MCP server for shared tools

The tools your agents use become a hosted MCP server, so agents inside and outside the system invoke them over a real protocol instead of sharing Python function references.

OpenAPI gateway + auth

The multi-agent system gets one authenticated HTTP entry point through an OpenAPI gateway, with Keycloak identity, TLS, and scoped grants — so the whole system is callable, not just runnable.

Managed Postgres for the transcript

Conversation state, message history, and results land in a managed Postgres provisioned in the same deploy — durable across restarts and scale-to-zero, no DB to run yourself.

Per-agent receipts

Every agent's actions produce a signed, hash-chained receipt: who acted, under what authority, what they did, and what it cost. A verifiable trail across the whole multi-agent run.

side-by-side

Raw AutoGen deploy vs. a2a.

dimension
in-process group chat
a2a cloud
handoffs
Agents pass work as in-process calls — no identity, no authorization, no record.
A2A signed handoffs: each exchange carries identity, a scoped grant, and a signature.
entry point
You run the group chat from a script; there's no authenticated way in.
One OpenAPI gateway with Keycloak identity and TLS fronts the whole system.
tools
Tools are shared Python references only agents in the same process can use.
Hosted MCP server — agents inside and outside the system call tools over a protocol.
transcript
Message history lives in memory and is gone when the process exits.
Managed Postgres keeps the transcript and results durable across restarts.
proof
A verbose console log of the conversation — mutable and unverifiable.
Per-agent Ed25519-signed, hash-chained receipts across the whole run.
questions

Frequently asked.

How do I deploy an AutoGen multi-agent system to production?

Point a2a cloud at your AutoGen project and run one deploy. It builds your agents into a libkrun microVM, fronts the system with an authenticated OpenAPI gateway and TLS, exposes shared tools as an MCP server, provisions a managed Postgres for the transcript, and signs every agent's actions with an Ed25519 receipt. Your GroupChat and orchestration are unchanged.

What are A2A signed handoffs between agents?

When one AutoGen agent hands work to another, a2a turns that exchange into an Agent2Agent (A2A) call carrying the caller's identity, a scoped grant, and an Ed25519 signature. Instead of an untraceable in-process function call, each handoff is authorized and recorded — no ambient trust between agents in the system.

Is a2a specific to AutoGen?

No. a2a is framework-agnostic and hosts the process your AutoGen system runs in, the same way it hosts LangGraph, CrewAI, the OpenAI Agents SDK, or a custom loop. You keep AutoGen; a2a adds signed handoffs, MCP, a gateway, a database, and receipts around it.

Where does the conversation state live?

In a managed Postgres provisioned in the same deploy. Message history, group-chat transcript, and results are durable across restarts and scale-to-zero, so a long-running multi-agent conversation doesn't evaporate when the process cycles.

Can I audit what each agent in the system did?

Yes. Each agent's actions produce an Ed25519-signed, hash-chained receipt recording who acted, under what scoped authority, what they did, and what it cost. Across a multi-agent run you get a verifiable trail — don't trust the agent, trust the receipt.

keep reading

Related guides.

All guides live in the guides index.

no ambient trust

Sign every handoff.

a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — and ships it with a managed Postgres database, an MCP server, an API, a frontend, and an Ed25519-signed receipt for every run. Scoped grants, no ambient production access. One deploy, the whole agent app, with proof.