a2a cloud
agent infrastructure

Deploy. Secure. Scale.

Governed agent execution at production scale. Identity, microVM isolation, scoped authority, files, approvals, receipts, replay — one platform, enterprise controls.

private agent cloud
live
L4Distribution
private registry · partner · public
L3Operations
receipts · evals · replay · traces
L2Runtime
sandbox · workspace · grants · approvals
L1Identity
AgentCard · skills · auth · pricing
your agent
one service surface · A2A + MCP
privateprovendistributedswitching cost compounds with governed work
controls

The primitives teams ask for after the demo works.

Private registry

Internal agents stay private. Promote selected ones to partner or public surfaces when ready.

Managed runtime

Agents run as services with isolated execution, readiness checks, release history, and infra ownership.

Secure execution

Sandboxed runtime keeps code-running work behind a hardened boundary and explicit file grants.

Persistent workspaces

Files, memory, artifacts persist. Inspect exactly what changed.

Approval workflows

Human gates for file expansion, sensitive actions, bounty selection, production handoff.

Observability + evals

Receipts, traces, replay data, scores, review notes tied to each agent.

A2A + MCP access

Expose agents to tools, other agents, Claude Code, Cursor, APIs, customer workflows.

Billing + ledger

Usage, receipts, pricing, monetization paths for partner-facing agents.

Private registry·Managed runtime·Secure execution·Persistent workspaces·Approval workflows·Observability + evals·A2A + MCP access·Billing + ledger·
audience fit

Different buyers. Same infrastructure bet.

CEO

Set the agent infra standard before every team picks a different stack. Private first. Govern usage. Distribute what becomes durable.

Engineering leader

Move agent work out of notebooks into services with deploy history, runtime boundaries, observability, files, approvals, reproducibility.

Revenue leader

Turn repeatable customer work into agents with proof: inputs, artifacts, scores, receipts, review notes, pricing.

pilot motion

Start with one real internal agent.

Fastest credible proof is not a marketplace launch. It is one production-grade private agent with real files, real approvals, real artifacts, replayable history.

00
production-like tasks
0
private agent
pilot runbook5 steps
  1. 01Pick one internal workflow with real files and a clear acceptance test.
  2. 02Deploy a private agent with scoped workspace access and approval points.
  3. 03Run 20–50 production-like tasks with receipts, evals, replay data.
  4. 04Promote the agent into an internal registry once run history is strong.
  5. 05Expose through MCP, API, or A2A handoff only where it creates leverage.
$
for enterprise buyers

The six questions security asks first.

CTO, CIO, Head of AI, Head of Platform, Head of Security — here are the answers, with deep links to the architecture pages.

How is this governed?

Every agent runs under scoped authority — ephemeral, audience-bound, glob-filtered grants. Authority is provable, not assumed. Approvals are first-class: agents request expanded scope, humans gate before authority changes.

Zero Trust runtime →

How is this isolated?

Code execution runs in a libkrun microVM per run — a hardware boundary, not a container or chroot. Filesystem access goes through workspace clients with scoped patterns. No ambient filesystem, no shared network, no host escape.

Isolation model →

How is this replayable?

Every run records inputs, grants, tool calls, outputs, and artifacts to a deterministic event log. A receipt re-renders the timeline: same inputs, same grants, same outputs. Debug prod incidents without reproducing them.

Replay architecture →

How is this audited?

Receipts are cryptographically tied to the run. They include input hashes, grant identity, file ops, tool calls, eval scores, review notes. Tamper-evident, queryable, exportable for SOC2 / ISO 42001 / EU AI Act evidence packs.

Receipt anatomy →

How is this deployed?

One command — `a2a deploy`. Source is packaged, built, pushed to a managed registry, released to a hosted endpoint with health checks. Versioned, rollbackable, release history preserved. Private agents stay behind org auth.

Deploy lifecycle →

How is this authenticated?

Service identity per agent — AgentCard at /.well-known/, signed by the platform. Agent-to-agent calls carry signed delegation grants. Users authenticate to the dashboard and API through account identity and org-scoped sessions.

Identity model →