/pattern/a2a/

04 · ProductionTool IntegrationAgent2Agent ProtocolInter-Agent ProtocolInter-Agent Communication

A2A Protocol.
Agents address other agents.

Open standard for interoperable agent-to-agent communication across system and network boundaries. Remote agents can be invoked as tools, inside graphs, or within swarms as if they were local.

In practiceA scheduling agent built on Google ADK invokes a travel-booking agent built on Microsoft Agent Framework via A2A, with neither system requiring custom connector code.

When to reach for it

  • Agents from different frameworks must interoperate.
  • Internal logic must remain private.
  • Distributed scaling or vendor-neutral interfaces are required.

When it backfires

  • All agents live in one framework and process.
  • Ecosystem maturity is insufficient for production reliance.
  • A simpler in-process call is enough.

The tradeoff

Vendor independence and isolation are gained against early-stage tooling and additional protocol overhead.

The mental model

A shape you can draw on a napkin.

Picture other agents as services on a shared network. One agent — the client — orchestrates a job; it calls out to remote agents, each callable like a tool, whatever machine, vendor, or framework it runs on.

The catch that makes it a protocol and not just an API: each remote agent is opaque. The caller sees a capability and a result — never the remote's prompts, memory, tools, or reasoning. Agents collaborate as peers without merging into one another's codebase.

A2AA2AA2AA2A CLIENTOrchestratorplans, delegates, mergesFlight AgentREMOTE · ADKPVTHotel AgentREMOTE · LANGGRAPHPVTCurrency AgentREMOTE · CREWAIPVT
The effect

What it actually does.

Two agents interoperate over a shared protocol.

agent AA2Aagent B
How it works

Two roles, talking over the open web.

A2A deliberately reuses the web stack: HTTP, JSON-RPC 2.0, and Server-Sent Events for streaming. A client agent discovers a remote agent through its Agent Card, authenticates, then sends messages that the remote turns into a Task with a defined lifecycle.

CLIENT AGENTThe orchestratorA2A ClientDISCOVERS · DELEGATESHTTP · JSON-RPCstream over server-sent eventsREMOTE AGENTAgent CardDISCOVERYTasksLIFECYCLEArtifactsRESULTSPRIVATELOGIC

discover → authenticate → message/send → stream task & artifacts

Role 01

Client Agent

The agent that initiates. It discovers remotes, decides what to delegate, sends messages, and merges the artifacts that come back into its own answer.

Role 02

Remote Agent

An A2A server that advertises an Agent Card and fulfils tasks. It is opaque: callers see capabilities and results, never its tools, memory, or reasoning.

Role 03

Agent Card

JSON metadata served at /.well-known/agent-card.json — the remote's business card: skills, endpoint URL, version, and the security schemes a caller must satisfy.

What crosses the boundary

Three core objects.

Object · 01

Agent Card

Discovery

Advertises who the agent is and what it can do, so a caller can decide whether and how to invoke it — without reading any code.

name · description · url skills[] · securitySchemes
Object · 02

Task

The unit of contract

An ID-based unit of work with a defined lifecycle. The shared object between caller and callee — what was asked, what's in progress, what finished or failed.

submitted → working → completed | failed | canceled
Object · 03

Message & Artifact

The payload

Messages carry turns between agents; Artifacts are the results returned against a task — documents, data, images. Internal state never rides along.

message.parts[] (text/file/data) artifact: flight-options

Built for the enterprise, and for the long haul. A2A assumes work is asynchronous: tasks can run for minutes or hours, streaming progress over SSE or firing push notifications when they finish. It is modality-independent (text, files, audio, video) and leans on standard HTTPS auth — the same controls you already run for any web API.

Walk it through

A real run, message by message.

TaskPlan a 4-day trip to Tokyo in June — flights, hotel, and a budget.
6 / 6
DiscoverThe orchestrator fetches the Flight Agent's card from /.well-known/agent-card.json — learning its skill search_flights, its endpoint, and that it requires a bearer token.
AuthenticateFollowing the card's security scheme, the client obtains a JWT and attaches it to every request. The remote treats the caller as untrusted until it does.
message/sendmessage/send → "Find flights NYC → Tokyo, Jun 10". The remote creates a Task in state submitted and returns its id.
working (SSE)The task moves to working; status updates stream back over Server-Sent Events. How the remote searches — its tools, prompts, memory — stays entirely private.
ArtifactThe remote streams a flight-options artifact, then marks the task completed. The orchestrator runs the Hotel and Currency agents the same way, in parallel.
AnswerJL005 outbound · 4 nights at the Shinjuku Granbell · est. budget ¥285,000 (~$1,820).
The point of the protocol: the Flight, Hotel, and Currency agents were built by three different teams on three different frameworks. The orchestrator never imported any of them — it spoke A2A, and they answered as opaque peers.
In code

The protocol in practice.

Server · Pythonpython
# flight_agent.py — expose an agent over A2A
from a2a.types import AgentCard, AgentSkill, AgentCapabilities
from a2a.server.apps import A2AStarletteApplication
from a2a.server.request_handlers import DefaultRequestHandler

card = AgentCard(
    name="Flight Booking Agent",
    description="Searches and books flights between cities.",
    url="https://flights.example.com/a2a",
    version="1.0.0",
    capabilities=AgentCapabilities(streaming=True),
    skills=[AgentSkill(
        id="search_flights",
        name="Search flights",
        description="Find flights between two cities on a date.",
    )],
)

handler = DefaultRequestHandler(agent_executor=FlightExecutor())
# served at /.well-known/agent-card.json + the A2A endpoint
app = A2AStarletteApplication(agent_card=card, http_handler=handler)
Where it sits

A2A and MCP are complementary, not rivals.

Two open protocols cross the boundary out of any single framework. MCP standardizes how an agent talks to a tool; A2A standardizes how an agent talks to another agent. You will often run both.

Dimension
A2A
MCP
Scope
Agent ↔ agent
Agent ↔ tool / data
Standardizes
Agent discovery, task lifecycle, artifact exchange
Tool discovery, invocation, structured I/O
Core artifacts
Agent Cards, Tasks, Artifacts
Resources, Tools, Prompts
Initiator
Either agent can initiate; tasks have a defined lifecycle
Agent (client) calls MCP server
Governing body
Linux Foundation (initiated by Google, April 2025)
Anthropic (open spec)
Privacy model
Agents are opaque to each other; internal state stays private
Tool exposes capability surface; agent owns reasoning
Pitfalls

Three ways this pattern will hurt you.

A2A used where a tool call would suffice

A local agent calls a remote agent via A2A for a simple lookup that could be a direct function call. Latency and cost multiply.

Fix · Reserve A2A for cross-boundary or cross-framework calls. Use in-process tools for same-runtime operations.

Trust-boundary confusion

An internal agent accepts an A2A message from an external agent without verifying the sender's identity or permissions.

Fix · Mutual TLS and signed claims for every A2A interaction. Treat external agents as untrusted by default.

Treating tasks as synchronous

The client blocks on message/send for a long-running job, ignores streaming, and times out before the task completes.

Fix · Handle the Task lifecycle. Stream over SSE, or register a push notification for jobs that outlive the request.

Framework support

Where A2A Protocol is native.

Google ADKCo-creator; first-class A2A supportNative
Microsoft Agent FrameworkA2A co-sponsor; documented supportNative
A2A Python SDKreferenceAdaptable
LangGraphexperimentalAdaptable
CrewAIexperimentalAdaptable

Search

Search patterns, frameworks, and pages.