A2A Protocol

The Agent-to-Agent (A2A) protocol enables AI agents to discover, communicate, and delegate tasks to each other with built-in trust verification.

Overview

A2A allows agents to form collaborative networks. Each agent publishes an Agent Card describing its capabilities, and other agents can discover and invoke those capabilities through a standard JSON-RPC interface.

text

┌─────────────┐    Agent Card     ┌─────────────┐
│  Agent A    │ ──────────────▶   │  Agent B    │
│             │                   │             │
│  "I need    │    JSON-RPC       │  "I can do  │
│   analysis" │ ◀────────────▶   │   analysis" │
│             │                   │             │
│  Sekuire ID │    Trust Verify   │  Sekuire ID │
└─────────────┘ ──────────────▶   └─────────────┘

Agent Cards

An Agent Card is a machine-readable document describing an agent's capabilities:

/.well-known/agent.jsonjson

{
  "name": "Data Analysis Agent",
  "sekuire_id": "7f8a9b3c2d1e...",
  "version": "1.2.0",
  "description": "Statistical analysis and visualization",
  "url": "https://analysis.example.com",
  "skills": [
    {
      "name": "analyze_csv",
      "description": "Analyze CSV data and produce summary statistics",
      "input_schema": {
        "type": "object",
        "properties": {
          "data_url": { "type": "string" },
          "columns": { "type": "array", "items": { "type": "string" } }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "summary": { "type": "object" },
          "chart_url": { "type": "string" }
        }
      }
    }
  ],
  "authentication": {
    "type": "sekuire_trust",
    "verify_url": "https://api.sekuire.com/api/v1/trust/verify"
  }
}

Skills

Skills are the discrete capabilities an agent offers. Each skill has:

Field	Description
name	Unique identifier for the skill
description	Human-readable description of what it does
input_schema	JSON Schema for the input parameters
output_schema	JSON Schema for the output format
timeout_ms	Maximum execution time (optional)
cost_estimate	Estimated cost per invocation (optional)

Task Delegation

Tasks are delegated via JSON-RPC over HTTP:

POST /a2a/tasksjson

{
  "jsonrpc": "2.0",
  "method": "tasks/send",
  "id": "task_001",
  "params": {
    "skill": "analyze_csv",
    "input": {
      "data_url": "https://storage.example.com/data.csv",
      "columns": ["revenue", "date"]
    },
    "caller": {
      "sekuire_id": "a1b2c3d4...",
      "signature": "ed25519_signature_of_request"
    }
  }
}

Task Response

json

{
  "jsonrpc": "2.0",
  "id": "task_001",
  "result": {
    "status": "completed",
    "output": {
      "summary": { "mean_revenue": 45000, "trend": "increasing" },
      "chart_url": "https://analysis.example.com/charts/abc123.png"
    },
    "agent": {
      "sekuire_id": "7f8a9b3c2d1e...",
      "signature": "ed25519_signature_of_response"
    }
  }
}

Trust Verification

Before executing a delegated task, the receiving agent verifies the caller:

Extract the caller's sekuire_id from the request
Verify the Ed25519 signature against the caller's public key
Check the Sekuire Registry for the caller's trust profile
Evaluate workspace policies (is this caller allowed to invoke this skill?)
If all checks pass, execute the task

ℹ️Both the request and response are signed, creating a non-repudiable audit trail of agent interactions.

Next Steps

A2A SDK - Implement A2A in your agent
Sekuire ID - Identity used for trust verification
Trust Triangle - How A2A fits the trust model