Five planes. One agent surface.
a2a cloud is a closed loop: callers hit a protocol edge, the runtime executes against scoped grants, the control plane mints + verifies + records, durable stores keep the proof. Same primitives across every agent.
Every call returns a receipt anchored to a control-plane record.
The same service identity carries through callers, runtime, and ledger.
Receipts + audit log persist independent of the agent image.
Vercel-shaped DX. Production-shaped ops.
Developer gets one command. Platform team gets a reproducible release path, service identity, runtime boundary, protocol surface, health trail.
- 01a2a deploy packages source and metadata.
- 02Control plane builds and releases the agent service.
- 03Packed frontend (if present) is built and mounted at /app.
- 04Identity, permissions, docs, protocol endpoints generated.
- 05Managed runtime exposes the agent through A2A, MCP, HTTPS.
- 06Receipts, evals, artifacts, distribution metadata accrue.
Six subsystems. One backend.
The control plane is what makes the runtime trustworthy. Each subsystem owns a narrow slice and emits a structured event trail. No subsystem talks to agent code directly — they talk to the runtime.
What's inside the agent process.
Each deployed agent runs a small set of runtime components wrapping user code. The shape is the same for every agent — so security guarantees don't depend on what the developer remembered to wire up.
Per-agent service account. Signs all platform RPCs. Carries through to receipts.
HMAC + audience + expiry + path glob. Runs on every workspace op, not just task start.
Filesystem jail, network egress allowlist, seccomp profile, no host secrets in env.
Only path agents reach files. Glob-filtered. Writes pinned to output prefix.
@skill decorator → REST endpoint + MCP tool + AgentCard entry. One source of truth.
Streams progress · artifacts · question-required · status. Buffered for replay.
Every URL the runtime exposes.
One agent. Many speakers. Each endpoint is the same logical surface in a different protocol. The runtime owns routing, auth, and grant verification at every entry point.
| path | speaker | returns | auth |
|---|---|---|---|
| /.well-known/agent-card.json | discovery · registries · MCP gateways | AgentCard JSON | public |
| /tasks | A2A peer · planner agent | task id · 202 · SSE link | bearer · service |
| /tasks/{id} | A2A peer | task state · artifacts | bearer · service |
| /sse/{task} | A2A peer · /app | stream: events · artifacts | bearer · service |
| /mcp | Claude Code · Cursor · MCP clients | MCP server (tools/list, call) | bearer · user |
| /invoke/{skill} | curl · webhook · scripts | skill result JSON | bearer · API key |
| /app | browser | packed React app | session · inherit |
| /app/config.json | browser · /app | endpoints · schemas | session |
| /auth/session | browser | user · org · scopes | session |
| /runs/{id}/receipt | dashboard · auditor | receipt JSON | owner · approver |
What every run emits.
You don't add observability — the runtime emits it. Receipts, audit events, SSE streams, OTel traces, billing rows: each triggered by a known state transition, each consumed by a known surface.
| trigger | emits | consumed by |
|---|---|---|
| task accepted | audit event · run_id · grant_id | audit log · dashboard |
| file read | workspace op · path · bytes · hash | receipt · replay |
| file written | workspace op · path · bytes · prefix-check | receipt · replay |
| skill progress | SSE event · stage · % · message | /app · A2A peer · MCP |
| scope request | approval event · requested paths · reason | approver inbox · audit |
| scope granted | rotated grant · prior_id · new_id | receipt · audit |
| task complete | result · artifact paths · elapsed · status | receipt · billing · eval |
| eval scored | rubric · score · failures | receipt · registry stats |
| review signed | approver id · ts · notes | receipt · compliance pack |
| receipt sealed | content hash · signer · GL anchor | ledger · auditor · ledger row |
Built on protocols, not lock-in.
Every callable surface is an open standard. Agents that work here work on other A2A and MCP runtimes — and other A2A and MCP services work here.
Open protocol for agent ↔ agent calls. We implement the full surface.
Every skill is also an MCP tool. Use any deployed agent from any MCP client.
Agents ship as standard OCI images. Compatible with any conformant registry.
Skill signatures become JSON Schema; clients can codegen.
Standard token model. No bespoke session formats.
Runtime emits OTel; pipe into Datadog, Honeycomb, Grafana, or self-host.
If you know these, you know this.
a2a cloud borrows shape from infra you already trust — and points it at agents instead of containers, payments, or web workers.
Want to see the rest of the surface?
Architecture pages describe the runtime. Workflows pages describe what teams ship on it. Security explains the trust model. Pick the lens that matches your question.