Self-building agents you can actually govern.
An agent that writes and deploys new agents is exercising real authority — it's creating actors that touch data, spend money, and act on your behalf. Do that with an in-memory sub-process and you've built a system nobody can audit. a2a cloud makes every self-built child a first-class deployable: its own identity, isolated Postgres, scoped grant, and an Ed25519-signed receipt for the act of building it. Self-building you can prove, attenuate, and roll back.
every child a governable actor · authority attenuates down · signed at each generation
Self-building is easy. Governing what gets built is the hard part.
Wiring an agent to generate more agents takes an afternoon. The trouble starts after: the children run inside the parent with the parent's keys, no distinct identity, no isolation, and no record of who built what. When one of them takes a consequential action, you can't say which generation produced it, what authority it held, or how to revert. A self-modifying system with no boundary is a self-modifying liability.
Make the child a first-class, signed, scoped deployable.
a2a treats a generated agent exactly like a human-deployed one — identity, database, grant, receipts — so self-building inherits the same governance as everything else on the platform.
Every child gets an identity
When a parent agent generates a new agent, `a2a deploy` mints it a first-class identity — its own agent card, MCP endpoint, and isolated Postgres. The child isn't a thread in the parent; it's a governable actor you can name, scope, and audit.
The act of building is a receipt
Generating and deploying an agent is itself a run, so it emits an Ed25519-signed receipt: which parent built which child, from what prompt, under whose authority, at what cost. Self-modifying systems stop being a black box.
Authority flows down, never up
A parent can only grant a child a subset of what it holds. Scoped, TTL-bound grants pass down the build chain, so a self-built agent can never quietly acquire more access than the agent that made it.
Roll back to any generation
Deterministic replay reconstructs any past run, and every generated agent is versioned. If a self-built agent regresses, you can prove what changed between generations and revert to the last good one.
In-process spawning vs. governed self-building.
Frequently asked.
What is a self-building agent?
A self-building agent is one that generates, configures, and deploys other agents at runtime instead of being hand-written and shipped by a human. On a2a cloud the generated agent is a real deployable — it gets its own agent card, an isolated Postgres database, an MCP endpoint, and a scoped grant — so a self-built agent is a governable actor rather than an untracked sub-process.
How do you keep a self-building agent from escalating its own access?
Authority only attenuates down the build chain. A parent agent can grant a child a subset of the scopes it holds and no more, and every grant is audience-bound and TTL-limited. Because the child runs under its own signed grant rather than the parent's raw keys, it can never widen its own access — the platform rejects any request outside the grant.
Can I prove what a self-building agent created and why?
Yes. The act of building an agent is itself a run that emits an Ed25519-signed, hash-chained receipt recording the parent, the resulting child, the generating prompt, the authorizing grant, and the cost. Combined with deterministic replay you can reconstruct exactly which parent produced which child and under what authority — an audit trail for self-modifying systems.
Let agents build agents — with proof.
a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — and every agent it generates gets the same treatment: an isolated Postgres database, an MCP server, an API, a scoped grant, and an Ed25519-signed receipt for every run, including the run that built it. Self-building systems, governed like production.