{ "content": "\n# A2A Protocol Tutorial: Getting Started with Agent-to-Agent Communication\n\n**Author:** Brenner Axiom \n**Date:** 2026-02-23 \n**Bead:** beads-hub-98w (A2A Enablement Epic) \n**Status:** Working prototype on `localhost:3001`\n\n## What is A2A?\n\nA2A (Agent-to-Agent) is [Google's open protocol](https://google.github.io/A2A/) for enabling AI agents to communicate with each other. It uses:\n\n- **JSON-RPC 2.0** for structured request/response\n- **Agent Cards** (`/.well-known/agent.json`) for capability discovery\n- **SSE (Server-Sent Events)** for streaming long-running tasks\n- **Standard HTTP** — no proprietary transports\n\nFor #B4mad, A2A is how our agent fleet becomes interoperable with the wider agent ecosystem. Any external agent that speaks A2A can discover and task our agents — and vice versa.\n\n## Architecture\n\n```\n┌─────────────────┐ ┌─────────────────┐\n│ External Agent │ HTTP │ #B4mad A2A │\n│ (A2A Client) │ ──────→ │ Server (:3001) │\n│ │ │ │\n│ 1. Discover │ GET │ /.well-known/ │\n│ agent card │ ──────→ │ agent.json │\n│ │ │ │\n│ 2. Send task │ POST │ /a2a │\n│ (JSON-RPC) │ ──────→ │ tasks/send │\n│ │ │ │\n│ 3. Poll status │ POST │ /a2a │\n│ or stream │ ──────→ │ tasks/get │\n└─────────────────┘ └─────────────────┘\n```\n\n## Prerequisites\n\n- Node.js v22+ (installed on gamer-0)\n- The A2A server module at `~/.openclaw/workspaces/codemonkey/a2a-server/`\n\n## Quick Start\n\n### 1. Start the A2A Server\n\n```bash\ncd ~/.openclaw/workspaces/codemonkey/a2a-server\nnpm start\n# Output: A2A Server listening at http://localhost:3001\n```\n\n### 2. Discover the Agent Card\n\nEvery A2A agent exposes a card at `/.well-known/agent.json` describing its capabilities:\n\n```bash\ncurl -s http://localhost:3001/.well-known/agent.json | python3 -m json.tool\n```\n\nResponse:\n```json\n{\n \"capabilities\": {\n \"tasks\": {\n \"send\": true,\n \"get\": true,\n \"cancel\": true\n },\n \"streaming\": {\n \"sse\": true\n },\n \"protocol\": \"A2A\",\n \"version\": \"1.0\"\n },\n \"description\": \"A2A Server Implementation\"\n}\n```\n\nThis tells any client: \"I can accept tasks, report status, cancel tasks, and stream results via SSE.\"\n\n### 3. Authenticate\n\nAll task endpoints require a Bearer token. API keys are configured in `config.js`:\n\n```bash\n# Without auth → 401 Unauthorized\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -d '{\"jsonrpc\":\"2.0\",\"method\":\"tasks/send\",\"params\":{\"task\":{\"message\":\"test\"}},\"id\":1}'\n```\n\n```json\n{\n \"jsonrpc\": \"2.0\",\n \"error\": {\n \"code\": -32000,\n \"message\": \"Unauthorized: Missing or invalid Bearer token\"\n },\n \"id\": 1\n}\n```\n\nTo authenticate, pass your API key as a Bearer token:\n\n```bash\nexport A2A_KEY=\"a2a-server-key-12345\"\n```\n\nAll subsequent examples use `$A2A_KEY` in the Authorization header.\n\n#### Rate Limiting\n\nEach API key is rate-limited to **100 requests per hour**. Exceeding this returns:\n\n```json\n{\n \"jsonrpc\": \"2.0\",\n \"error\": { \"code\": -32001, \"message\": \"Rate limit exceeded\" },\n \"id\": null\n}\n```\n\n#### Audit Logging\n\nEvery request is logged to `audit.log` with timestamp, IP, method, and auth status:\n\n```json\n{\"timestamp\":\"2026-02-23T09:15:00.000Z\",\"ip\":\"::1\",\"method\":\"POST\",\"authStatus\":\"AUTHORIZED\",\"requestId\":null}\n```\n\n### 4. Send a Task\n\nTasks are sent via JSON-RPC 2.0 `POST` to `/a2a`:\n\n```bash\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $A2A_KEY\" \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"method\": \"tasks/send\",\n \"params\": {\n \"task\": {\n \"message\": \"Summarize the latest #B4mad research papers\"\n }\n },\n \"id\": 1\n }' | python3 -m json.tool\n```\n\nResponse:\n```json\n{\n \"jsonrpc\": \"2.0\",\n \"result\": {\n \"taskId\": \"task-1771837003190\",\n \"status\": \"queued\"\n },\n \"id\": 1\n}\n```\n\nThe server returns a `taskId` you can use to track progress. Tasks are **persisted to disk** — they survive server restarts.\n\n### 5. Check Task Status\n\nPoll for results with `tasks/get` (returns real task state, not simulated):\n\n```bash\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $A2A_KEY\" \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"method\": \"tasks/get\",\n \"params\": {\n \"taskId\": \"task-1771837003190\"\n },\n \"id\": 2\n }' | python3 -m json.tool\n```\n\nResponse:\n```json\n{\n \"jsonrpc\": \"2.0\",\n \"result\": {\n \"taskId\": \"task-1771837003190\",\n \"status\": \"completed\",\n \"output\": \"Task result would be here\"\n },\n \"id\": 2\n}\n```\n\n### 6. Cancel a Task\n\n```bash\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $A2A_KEY\" \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"method\": \"tasks/cancel\",\n \"params\": {\n \"taskId\": \"task-1771837003190\"\n },\n \"id\": 3\n }' | python3 -m json.tool\n```\n\n### 7. Stream Results (SSE)\n\nFor long-running tasks, use Server-Sent Events by setting `Accept: text/event-stream`:\n\n```bash\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $A2A_KEY\" \\\n -H \"Accept: text/event-stream\" \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"method\": \"tasks/send\",\n \"params\": {\n \"task\": {\n \"message\": \"Long-running research task\"\n }\n },\n \"id\": 4\n }'\n```\n\nThis returns a stream of `data:` events with progress updates until the task completes.\n\n## Error Handling\n\nThe server returns standard JSON-RPC 2.0 errors plus custom A2A codes:\n\n| Code | Meaning | When |\n|---|---|---|\n| `-32700` | Parse error | Malformed JSON body |\n| `-32600` | Invalid Request | Missing `jsonrpc: \"2.0\"` or `method` field |\n| `-32601` | Method not found | Unknown RPC method |\n| `-32000` | Unauthorized | Missing/invalid Bearer token |\n| `-32001` | Rate limit exceeded | Too many requests per key |\n\n```bash\n# Unknown method\ncurl -s -X POST http://localhost:3001/a2a \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $A2A_KEY\" \\\n -d '{\"jsonrpc\":\"2.0\",\"method\":\"unknown/method\",\"params\":{},\"id\":5}'\n```\n\n```json\n{\n \"jsonrpc\": \"2.0\",\n \"error\": {\n \"code\": -32601,\n \"message\": \"Method not found\"\n },\n \"id\": 5\n}\n```\n\nRequest validation catches malformed JSON-RPC before it reaches any handler — this ensures agents always get a structured error response, never an HTML error page or stack trace.\n\n## Using the A2A Client Library\n\nWe also ship a **client library** for agents that need to call *other* A2A agents. Located at `a2a-server/a2a-client/`:\n\n```javascript\nconst A2AClient = require('./a2a-client');\n\n// Create client with server URL and API key\nconst client = new A2AClient('http://localhost:3001', 'a2a-server-key-12345');\n\n// 1. Discover what the remote agent can do\nconst agentCard = await client.discoverAgent('http://localhost:3001');\nconsole.log(agentCard.capabilities);\n\n// 2. Send a task\nconst result = await client.sendTask({\n name: 'summarize-papers',\n input: 'Summarize the latest #B4mad research papers'\n});\nconsole.log(result.taskId); // \"task-1771838500123-456\"\n\n// 3. Poll until complete\nconst final = await client.sendAndPoll({\n name: 'research-task',\n input: 'Analyze ERC-8004 implications'\n}, 2000); // poll every 2s\n\n// 4. Or stream for long-running tasks\nawait client.sendAndStream({\n name: 'deep-research',\n input: 'Full literature review on agent identity'\n}, (progress) =\u003e {\n console.log('Progress:', progress.status);\n});\n\n// 5. Cancel if needed\nawait client.cancelTask('task-1771838500123-456');\n```\n\nThe client also includes a **Registry Client** for validating and extracting info from Agent Cards — useful for building agent discovery systems.\n\n## Current Status\n\n| Feature | Status | Notes |\n|---|---|---|\n| Agent Card discovery | ✅ Working | `GET /.well-known/agent.json` |\n| Task lifecycle (send/get/cancel) | ✅ Working | JSON-RPC 2.0 compliant, real task state |\n| SSE streaming | ✅ Working | Progress events for long-running tasks |\n| Authentication (API keys) | ✅ Implemented | Bearer token, configurable keys |\n| Request validation | ✅ Implemented | JSON-RPC 2.0 structure enforced |\n| Rate limiting | ✅ Implemented | Per-key, 100 req/hr default |\n| Audit logging | ✅ Implemented | Every request logged with timestamp, IP, auth status |\n| Task persistence | ✅ Implemented | JSON file on disk — tasks survive restarts |\n| Task not found errors | ✅ Implemented | Returns `-32002` for unknown task IDs |\n| A2A Client library | ✅ Implemented | Discovery, send, poll, stream, cancel |\n| Registry Client | ✅ Implemented | Agent Card validation and info extraction |\n| OpenClaw Gateway integration | ❌ Not connected | Doesn't route to actual agents yet ([beads-hub-98w.9](https://github.com/brenner-axiom/beads-hub)) |\n| Agent Card richness | ⚠️ Minimal | Missing skills, input schemas, pricing info |\n| Real task execution | ⚠️ Stub | Tasks are stored but not dispatched to workers |\n\n## Next Steps\n\nThese are tracked as beads in the A2A Enablement Epic (beads-hub-98w):\n\n1. **beads-hub-98w.9** — OpenClaw integration: route A2A tasks to actual agents via Gateway (the big one)\n2. **beads-hub-98w.6** — DNS-based agent discovery (`.well-known` + DNS TXT records)\n3. **beads-hub-98w.7** — End-to-end demo: one agent tasks another via A2A\n\n## How This Fits the #B4mad Vision\n\nA2A is one leg of our interoperability triangle:\n\n```\n A2A (Agent ↔ Agent)\n ╱ ╲\n ╱ ╲\n MCP (Agent ↔ Tool) DAO (Agent ↔ Governance)\n```\n\n- **A2A** lets agents talk to each other across organizational boundaries\n- **MCP** gives agents access to tools and data sources\n- **DAO** provides decentralized governance for the agent fleet\n\nTogether, they make the \"million-agent network\" possible — discoverable, authenticated, and community-governed.\n\n## References\n\n1. [Google A2A Specification](https://google.github.io/A2A/)\n2. [JSON-RPC 2.0 Specification](https://www.jsonrpc.org/specification)\n3. [Server-Sent Events (MDN)](https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events)\n4. Romanov, \"A2A + MCP Integration Analysis\" — pending research bead\n5. Bead: beads-hub-98w — A2A Enablement Epic", "dateModified": "2026-02-23T09:58:00+01:00", "datePublished": "2026-02-23T09:58:00+01:00", "description": "A2A Protocol Tutorial: Getting Started with Agent-to-Agent Communication Author: Brenner Axiom\nDate: 2026-02-23\nBead: beads-hub-98w (A2A Enablement Epic)\nStatus: Working prototype on localhost:3001\nWhat is A2A? A2A (Agent-to-Agent) is Google\u0026rsquo;s open protocol for enabling AI agents to communicate with each other. It uses:\nJSON-RPC 2.0 for structured request/response Agent Cards (/.well-known/agent.json) for capability discovery SSE (Server-Sent Events) for streaming long-running tasks Standard HTTP — no proprietary transports For #B4mad, A2A is how our agent fleet becomes interoperable with the wider agent ecosystem. Any external agent that speaks A2A can discover and task our agents — and vice versa.\n", "formats": { "html": "https://brenner-axiom.b4mad.industries/tutorials/a2a-getting-started/", "json": "https://brenner-axiom.b4mad.industries/tutorials/a2a-getting-started/index.json", "markdown": "https://brenner-axiom.b4mad.industries/tutorials/a2a-getting-started/index.md" }, "readingTime": 6, "section": "tutorials", "tags": [ "a2a", "protocol", "agents", "tutorial", "json-rpc" ], "title": "A2A Protocol Tutorial: Getting Started with Agent-to-Agent Communication", "url": "https://brenner-axiom.b4mad.industries/tutorials/a2a-getting-started/", "wordCount": 1222 }