Google’s A2A Protocol: The Complete Guide for 2026
April 20, 2026·18 min read
A2A just hit its first birthday. One year ago Google shipped a protocol that let agents from any framework talk to each other — and 150+ organisations now run it in production. This a2a protocol guide covers what it is, how it compares to MCP, the architecture, a working Python implementation, and how Rapid Claw hosts A2A-compatible agents.
TL;DR
A2A is to agents what HTTP is to web services: a thin, framework-agnostic protocol so an agent built on any framework can delegate work to an agent built on any other framework. It complements MCP — MCP connects agents to tools, A2A connects agents to agents. At its one-year mark, v1.2 is stable, 150+ orgs run it in production (Salesforce, SAP, ServiceNow, Deutsche Bank), and native support ships in Google ADK, LangGraph, CrewAI, LlamaIndex, and Semantic Kernel. Rapid Claw deploys every hosted agent with A2A enabled by default.
Want A2A endpoints on every agent from day one?
Try Rapid ClawWhat Is the A2A Protocol?
The A2A (Agent-to-Agent) protocol is an open specification, originally published by Google in April 2025, that standardises how one AI agent asks another AI agent to do work on its behalf. It defines three things: a way for agents to advertise what they can do, a shape for the tasks they exchange, and a transport for sending those tasks over the wire.
That is deliberately a small surface area. A2A does not tell you which LLM to use, which agent framework to build on, which vector database to query, or how to authenticate your users. Those are left to you. The only thing A2A cares about is the contract between agent A and agent B — so that a LangGraph agent in your finance team can delegate a compliance check to a CrewAI agent in the legal team without a bespoke integration.
The analogy most people reach for is HTTP. HTTP does not care whether your backend is Rails, Django, or Go — it just defines the shape of requests and responses. A2A plays the same role for agents. You get cross-framework interoperability without having to normalise every team onto the same stack.
The three primitives
- Agent Card — a JSON document served at
/.well-known/agent.jsondescribing skills, inputs, outputs, auth, and SLAs. - Task — the unit of work. Contains a goal, a thread of messages, and typed artifacts produced by the responding agent.
- Transport — JSON-RPC 2.0 over HTTPS with Server-Sent Events for streaming updates.
One Year In: Adoption and Production Footprint
When Google announced A2A at Cloud Next 2025 it had roughly 50 launch partners. That number has now tripled. The most cited figure in the April 2026 Agentic AI Foundation status report is 150+ organisations with A2A in production — not in pilot, not on a roadmap, but routing real tasks between agents today.
Concrete examples:
Agentforce exposes every custom agent as an A2A endpoint; partner agents can be invoked directly from Flow.
Joule orchestrator delegates subtasks (legal review, finance checks) to partner A2A agents across S/4HANA.
Now Assist registers A2A agents as skills; incident triage fans out to specialised agents.
Internal platform of 40+ A2A agents for trade reconciliation, KYC, and regulatory reporting.
Box AI publishes a document-analysis A2A agent used by Google ADK and LangGraph clients.
Client-facing agents call internal tax, audit, and supply-chain A2A agents via a unified gateway.
Governance moved under the Linux Foundation’s Agentic AI Foundation in mid-2025, alongside MCP. That transition mattered: it signalled to large enterprises that A2A was not a Google-only spec they could be locked into, and removed the last procurement objection for conservative buyers. Spec changes now go through a public RFC process, and v1.2 (landed in March 2026) is the current stable release.
Framework support is equally broad. Native A2A is in Google ADK, LangGraph, CrewAI, LlamaIndex Agents, Semantic Kernel, and AutoGen. Python and TypeScript reference SDKs are actively maintained. For a broader landscape view, see our AI agent framework comparison and our Google ADK vs LangChain vs CrewAI breakdown.
A2A vs MCP: Two Layers, Not Two Choices
Almost every question I get about A2A is some version of “do I use A2A or MCP?” The answer is both, because they solve different problems at different layers.
| Question | MCP | A2A |
|---|---|---|
| Who talks to whom? | Agent → tool / data source | Agent → agent |
| Unit of work | Tool call / resource read | Task (multi-turn, streaming) |
| Discovery | Tool list from MCP server | Agent Card |
| Transport | stdio / HTTP+SSE / WebSocket | HTTP+SSE (JSON-RPC 2.0) |
| State | Usually stateless per call | Stateful tasks with history |
| Governance | Agentic AI Foundation | Agentic AI Foundation |
A realistic production agent is both at once. It is an MCP client when it reaches for Postgres, GitHub, or a bespoke internal API. It is an A2A server when another agent calls it with a task. It is an A2A client when it delegates a sub-task to a specialist agent. Mentally separating these two axes is the fastest way to stop the framework-vs-framework debates.
A useful rule of thumb
If the thing on the other end is deterministic and takes <1 second to answer, reach for MCP. If it involves reasoning, may take seconds to minutes, and streams partial output, reach for A2A.
Architecture Deep Dive
The Agent Card
An Agent Card is a JSON document that lives at a well-known URL. A client fetches it once, caches it, and uses it to decide whether this agent can help with the task at hand. Here is a trimmed real example:
{
"name": "contract-reviewer",
"description": "Reviews commercial contracts, flags risky clauses, suggests redlines.",
"version": "1.4.2",
"url": "https://agents.rapidclaw.dev/contract-reviewer",
"provider": { "organization": "Acme Legal", "url": "https://acme.example" },
"authentication": {
"schemes": ["bearer", "mtls"],
"scopes": ["contracts:read", "contracts:write"]
},
"skills": [
{
"id": "review-msa",
"name": "Review a Master Service Agreement",
"description": "Flag risky clauses and propose redlines for an MSA.",
"inputModes": ["text/plain", "application/pdf"],
"outputModes": ["text/markdown", "application/json"],
"examples": ["Review the attached MSA for an SMB vendor."]
}
],
"defaultModalities": {
"input": ["text/plain", "application/pdf"],
"output": ["text/markdown"]
},
"supportsStreaming": true,
"supportsPushNotifications": true
}A good Agent Card is the most important document you’ll write. It is what other teams read to decide whether to integrate with you. Treat it like an OpenAPI spec: version it, publish it, and do not break existing callers without a deprecation window.
Tasks and the task lifecycle
A Task is the unit of work. It has an ID, a state machine (submitted → working → input-required → completed/failed/canceled), a message history, and a list of typed artifacts produced by the server.
Two things to keep in mind about tasks:
- They can be long-running. An A2A agent might take minutes to come back. Clients should use SSE for streaming updates or register a push-notification URL for fire-and-forget flows.
- They can be multi-turn. The agent can return
input-requiredto ask for clarification. This is how human-in-the-loop patterns survive the hand-off between agents.
Transport: JSON-RPC over HTTP + SSE
The transport is intentionally boring. Requests are JSON-RPC 2.0. The server responds with either a single JSON envelope or an text/event-stream for streaming tasks. The methods you care about 90% of the time are:
tasks/send— create a task (non-streaming)tasks/sendSubscribe— create a task and stream eventstasks/get— poll task statetasks/cancel— cancel a running task
Because the transport is HTTP, every existing piece of infrastructure — load balancers, WAFs, mTLS, OIDC, OpenTelemetry — works without modification. This is a large part of why A2A landed in the enterprise so fast.
Building an A2A Agent in Python
Let’s build a minimal A2A server using the reference Python SDK. The agent exposes a single skill — summarising a chunk of text — and supports streaming responses.
from a2a.server import A2AServer, AgentCard, Skill, TaskContext
from a2a.types import Message, TextPart, TaskState
from anthropic import Anthropic
card = AgentCard(
name="summariser",
description="Summarises long documents into short briefs.",
version="1.0.0",
url="https://agents.example.com/summariser",
skills=[
Skill(
id="summarise",
name="Summarise a document",
description="Produce a 5-bullet brief from any text input.",
input_modes=["text/plain"],
output_modes=["text/markdown"],
examples=["Summarise this article: ..."],
)
],
supports_streaming=True,
authentication={"schemes": ["bearer"]},
)
client = Anthropic()
async def handle_task(ctx: TaskContext):
user_text = ctx.latest_user_text()
# Tell the client we're working
await ctx.update_status(TaskState.WORKING)
# Stream tokens from the model back to the A2A client
with client.messages.stream(
model="claude-opus-4-7",
max_tokens=1024,
system="You produce tight, 5-bullet briefs. Markdown only.",
messages=[{"role": "user", "content": user_text}],
) as stream:
for chunk in stream.text_stream:
await ctx.stream_message(
Message(role="agent", parts=[TextPart(text=chunk)])
)
await ctx.complete()
server = A2AServer(agent_card=card, task_handler=handle_task)
if __name__ == "__main__":
server.run(host="0.0.0.0", port=8080)That’s a complete A2A agent in under 40 lines. The SDK handles the JSON-RPC envelopes, SSE framing, and the task state machine. You plug in whatever reasoning you want — a Claude call, a LangGraph graph, a CrewAI crew — behind handle_task.
Calling an A2A agent from a client
From the other side, a client agent fetches the Agent Card, decides the remote agent is a good fit, and submits a task:
import asyncio
from a2a.client import A2AClient
async def main():
client = A2AClient.from_url(
"https://agents.example.com/summariser",
auth={"bearer": "$SUMMARISER_TOKEN"},
)
# Fetch and inspect the Agent Card
card = await client.get_agent_card()
assert any(s.id == "summarise" for s in card.skills)
# Send a task and stream the response
async for event in client.send_task_streaming(
skill_id="summarise",
message="Summarise this quarterly report: ...",
):
if event.type == "message":
print(event.text, end="", flush=True)
elif event.type == "task_status":
print(f"\n[status] {event.state}")
asyncio.run(main())Notice there is zero coupling to the remote agent’s framework. The caller does not know (or care) whether the summariser is Claude, GPT-5, a LangGraph state machine, or a hand-rolled finite-state agent. That is the point.
Production Concerns
Authentication and authorisation
A2A declares auth schemes in the Agent Card but delegates enforcement to you. In practice: mTLS between agents inside the same trust boundary, OAuth 2.1 with scoped tokens across boundaries. Never share a root key — scope credentials per caller per skill.
Network isolation and firewalls
Treat A2A endpoints like any other HTTP service: default-deny egress, allowlist specific peer agents, and rate-limit per caller. The four-layer approach from our AI agent firewall guide works unchanged for A2A.
Observability
A2A tasks have stable IDs and a clear state machine — perfect for tracing. Propagate a W3C traceparent header across the HTTP hop and you get end-to-end spans that cross framework boundaries.
Cost control
Delegating to another agent means handing off token spend. Set per-skill budgets in the Agent Card, enforce them on the server side, and log token usage on every task. Otherwise a chatty caller can quietly drain your LLM budget.
For deeper treatments of each of these, see our posts on AI agent firewalls, AI agent observability, runaway token costs, and testing agents in production.
How Rapid Claw Hosts A2A-Compatible Agents
Rapid Claw is managed hosting for AI agents — OpenClaw, Hermes, Google ADK, and custom Python agents. Every agent you deploy on Rapid Claw is A2A-compatible the moment it boots. You do not write the JSON-RPC wiring, the SSE handler, or the Agent Card — we generate those from your agent definition.
What you get out of the box:
Skills, modalities, auth schemes, and streaming support populated from your agent config and published at /.well-known/agent.json.
A private A2A registry so agents in the same tenant can discover each other without leaking to the public internet.
Intra-tenant traffic uses automatically rotated certificates — no manual PKI, no shared bearer tokens.
tasks/sendSubscribe works on every agent with no extra setup. Backpressure and heartbeat handling included.
Issue per-caller, per-skill tokens with budget limits. Revoke instantly from the dashboard.
Expose a curated subset of your internal agents to partners via a signed-card gateway with its own rate limits.
If you are already running agents on your own infrastructure and just want the A2A layer, that works too — Rapid Claw can front existing agents as a protocol gateway without requiring a full migration. For the background on managed hosting tradeoffs, see our AI agent hosting complete guide and the enterprise deployment guide.
The boring advantage of A2A
Every hour your team spends gluing LangGraph to CrewAI to your homegrown agent is an hour not spent on the actual product. A2A makes that glue disappear. The teams that adopt it early stop having framework debates and start having capability debates — which is the conversation that actually moves the business.
Common Pitfalls (and How to Avoid Them)
1. Treating A2A like a REST API
The temptation is to write request/response handlers and call it done. But A2A tasks are stateful and potentially long-running. If your agent returns a single JSON blob and exits, you lose the streaming and human-in-the-loop patterns that make A2A worth adopting. Use the task state machine — emit working updates, stream partial artifacts, and ask for clarification with input-required.
2. Vague Agent Cards
A skill description of “does data stuff” is useless to another agent. Write descriptions a planning agent can route on: what it does, what it does not do, typical latency, and which modalities it accepts. The Agent Card is the API contract — invest in it.
3. Forgetting budgets
The first time a caller fan-outs 200 tasks per minute into your agent, you will wish you had set a per-caller budget. Do it up-front. Related reading: why AI agents fail in production.
4. Running A2A without observability
Debugging a chain of three agents across three frameworks without distributed tracing is miserable. Propagate traceparent, log task IDs everywhere, and keep a dead-letter store for failed tasks. If this is new territory, start with our step-by-step debugging guide.
Frequently Asked Questions
Ship A2A-compatible agents in minutes
Rapid Claw deploys your agent with an auto-generated Agent Card, streaming tasks, mTLS between agents, and scoped OAuth for external callers — no JSON-RPC plumbing required.
Deploy with A2A enabled