Agent Discovery
A2A standardizes how an agent describes itself (AgentCard), while allowing multiple discovery strategies for different deployment environments.
Why discovery matters
- Decision makers need governance, trust boundaries, and operational visibility.
- Beginners need a clear way to find compatible agents.
- Developers need reliable metadata for auth, capabilities, and routing.
- Advanced teams need selective disclosure and policy-driven discovery.
AgentCard essentials
An AgentCard usually includes:
- Identity and provider info
- Service endpoint(s)
- Capabilities like
streaming,pushNotifications, and extensions - Authentication requirements
- Skill metadata (what the agent can do)
Discovery strategies
Well-known endpoint
- Common URL pattern:
https://{agent-domain}/.well-known/agent-card.json - Best for public or domain-controlled discovery.
- Pair with endpoint protection if card content is sensitive.
Curated registry
- A central catalog indexes AgentCards.
- Useful for enterprise governance, policy filtering, and capability search.
- A2A does not require one universal registry API.
Private configuration
- Client learns card URLs or card payloads via internal config, secrets management, or proprietary APIs.
- Simple for fixed topologies, less flexible for dynamic ecosystems.
Security recommendations
- Protect card endpoints with mTLS, OAuth, network policy, or equivalent controls.
- Use identity-aware responses when exposing different capability levels.
- Avoid embedding static credentials in card payloads.
- Use extended card mechanisms when richer details should require authenticated access.