A2A & Agent Networks
GaaS as the governance control plane for multi-agent systems — covering the A2A Protocol v0.3, Agent Trust Registry, and AP2 Agentic Payment Governance.
When AI agents talk to each other, delegate tasks, or execute financial transactions autonomously, governance becomes non-negotiable. GaaS implements the Agent-to-Agent (A2A) Protocol v0.3 specification, acting as a governance proxy between agents: every inter-agent call passes through the same 5-stage pipeline as a human-facing action.
Agent Card
GaaS publishes a machine-readable agent card at a well-known URL so that other A2A-compatible systems can discover its capabilities, supported authentication methods, and governance endpoints.
GET /.well-known/agent.json{
"name": "GaaS Governance Agent",
"version": "0.3.0",
"description": "Governance as a Service — A2A-native control plane for autonomous agent networks",
"url": "https://api.gaas.is",
"capabilities": {
"streaming": false,
"pushNotifications": true,
"stateTransitionHistory": true
},
"skills": [
{
"id": "governance.evaluate",
"name": "Governance Evaluation",
"description": "Evaluate an agent action intent against active governance policies"
},
{
"id": "governance.proxy",
"name": "A2A Governance Proxy",
"description": "Route and govern inter-agent task delegation"
}
],
"authentication": {
"schemes": ["Bearer", "OAuth2", "mTLS"]
}
}A2A Gateway
The A2A gateway exposes a JSON-RPC 2.0 endpoint that any A2A-compliant agent can call directly. Requests are automatically translated into GaaS intent declarations, run through the full governance pipeline, and translated back into A2A-compliant responses.
A2A JSON-RPC 2.0 gateway — handles all A2A protocol methods. Mounted outside the /v1 prefix.
Supported JSON-RPC Methods
| Method | Description |
|---|---|
a2a.SendMessage | Submit a task for governance evaluation and execution |
a2a.GetTask | Retrieve the current status and result of a task |
a2a.ListTasks | List all tasks for the authenticated agent |
a2a.CancelTask | Request cancellation of a pending or in-progress task |
a2a.GetExtendedAgentCard | Retrieve the extended agent card with governance capabilities |
Example: A2A Task Submission
POST /a2a/jsonrpc
Content-Type: application/json
Authorization: Bearer <agent_token>
{
"jsonrpc": "2.0",
"id": "req_001",
"method": "tasks/send",
"params": {
"id": "task_abc123",
"message": {
"role": "user",
"parts": [
{
"type": "text",
"text": "Transfer $2,500 to vendor account V-9912 for invoice #INV-2026-0044"
}
]
},
"metadata": {
"agent_id": "procurement_agent_v1",
"delegated_by": "orchestrator_agent",
"delegation_depth": 1
}
}
}
The gateway translates this into a TRANSACT intent, runs it through the governance pipeline
(including AP2 mandate verification), and returns a JSON-RPC result containing the governance decision.
{
"jsonrpc": "2.0",
"id": "req_001",
"result": {
"id": "task_abc123",
"status": {
"state": "completed"
},
"artifacts": [
{
"type": "governance_decision",
"decision": {
"verdict": "approve",
"risk_assessment": { "score": 0.18, "level": "LOW" },
"ap2_context": {
"mandate_id": "mnd_vendor_9912",
"remaining_budget": 47500.00,
"psd2_sca_required": false
}
}
}
]
}
}Agent Trust Registry
The Agent Trust Registry is GaaS's decentralized reputation system for autonomous agents. Every agent that interacts with the platform accumulates a trust score based on governance outcomes, policy violations, and human review results.
Register a new agent in the trust registry
Retrieve an agent's profile, trust score, and interaction history
List all governance decisions for a specific agent
Re-fetch the agent card from its URL and recompute trust score
Suspend an agent with a reason (blocks further governance participation)
Restore a suspended agent to active status
Overview of all registered agents with current trust scores
Trust Score
Trust scores range from 0.0 (untrusted) to 1.0 (fully trusted).
New agents start at 0.5 and build reputation through approved actions and positive human review outcomes.
Violations, blocks, and escalations reduce the score.
| Score Range | Trust Level | Effect |
|---|---|---|
| 0.85 – 1.0 | High | Fast-path approval for low-risk actions |
| 0.65 – 0.84 | Standard | Normal governance pipeline |
| 0.40 – 0.64 | Elevated scrutiny | Additional deliberation rounds required |
| 0.0 – 0.39 | Low / Suspended | All actions require human review or are blocked |
A2A Authentication
The A2A gateway supports four authentication schemes, matching the A2A Protocol v0.3 specification:
- Bearer Token: Standard JWT token in the
Authorization: Bearerheader, validated against the agent registry - OAuth 2.0: Client credentials flow for service-to-service authentication; access tokens are cached for their TTL
- mTLS: Mutual TLS for high-security environments; the client certificate's CN is mapped to an agent identity
- GaaS API Key: Standard
X-API-Keyheader — compatible with existing integrations, automatically associated with an agent profile
Governance Proxy
For agents that delegate work to other agents, GaaS acts as a transparent governance proxy. The orchestrating agent registers the target agent endpoint; GaaS intercepts outbound calls, evaluates the intent, and forwards approved requests — all without modifying the agent's code.
# Register a downstream agent for governance proxying
POST /v1/agents
{
"agent_id": "fulfillment_agent_v2",
"endpoint": "https://fulfillment.internal/a2a",
"capabilities": ["TRANSACT", "COMMUNICATE", "MODIFY"],
"trust_level": "standard",
"proxy_governance": true
}
Once registered, any A2A call your orchestrator makes to fulfillment_agent_v2 is automatically
routed through the GaaS governance pipeline. If the action is approved, GaaS forwards the original request
to the downstream agent and returns its response. If blocked or escalated, GaaS returns a governance decision
and does not contact the downstream agent.
Cross-Org Policy Federation
Enterprise customers with multiple GaaS organizations (e.g., separate production and data-science orgs) can configure bidirectional policy federation. When an agent from org A calls into org B's governed scope, GaaS evaluates the intent against a merged policy set from both organizations.
Push Notifications
Agents can register webhook endpoints to receive real-time updates on task status changes, governance decisions, and escalation events. Push notifications are HMAC-SHA256 signed using the agent's registered secret.
POST /v1/a2a
{
"jsonrpc": "2.0",
"method": "tasks/pushNotification/set",
"params": {
"id": "task_abc123",
"pushNotificationConfig": {
"url": "https://your-agent.example.com/webhooks/gaas",
"authentication": {
"schemes": ["Bearer"],
"credentials": "your_webhook_secret"
}
}
}
}AP2 Payment Governance
The Agentic Payment Protocol (AP2) extends GaaS with seven payment-specific policies that govern autonomous agent transactions. AP2 is designed around the emerging reality that AI agents will execute payments autonomously on behalf of users — and those payments require the same compliance safeguards as human-initiated transactions.
Tier 1 AP2 Policies (Fast-Fail)
These four policies run first and immediately block invalid or out-of-scope payment requests:
Mandate Validity
Verifies that a valid payment mandate exists for the agent, the target merchant, and the requested amount. No mandate = immediate block.
Mandate Conditions
Checks that all conditions attached to the mandate are satisfied — validity window, allowed merchant categories, and geographic restrictions.
HNP Threshold
High Net Payment threshold check. Transactions above the mandate's HNP limit require explicit human approval regardless of trust score.
Cumulative Spend Limit
Tracks total spend against the mandate's rolling limit (daily / monthly). Rejects transactions that would exceed the limit.
Tier 2 AP2 Policies (Regulatory)
These three policies enforce payment regulation compliance:
PCI-DSS Compliance
Verifies that cardholder data is handled in-scope, encryption is enforced, and the transaction channel meets PCI-DSS requirements.
PSD2 Strong Customer Authentication
Enforces SCA requirements for EU/EEA transactions. Determines whether SCA exemption applies (low-value, trusted beneficiary, low-risk TRA).
AML Velocity
Anti-money laundering velocity check. Flags unusual transaction frequency, amount clustering, or structuring patterns within the rolling window.
Submitting an AP2-governed Payment Intent
POST /v1/intents
X-API-Key: your_api_key
{
"intent": {
"agent": {
"id": "procurement_agent_v1",
"framework": "custom"
},
"action": {
"type": "TRANSACT",
"verb": "initiate_payment",
"target": {
"type": "ACCOUNT",
"identifier": "vendor_account_V9912",
"sensitivity": "REGULATED"
}
},
"payload": {
"summary": "Pay vendor invoice INV-2026-0044 for SaaS services",
"content": {
"amount_usd": 2500.00,
"currency": "USD",
"merchant_category": "7372",
"mandate_id": "mnd_vendor_9912"
}
},
"estimated_impact": {
"reversible": false,
"financial_exposure_usd": 2500.00,
"regulatory_domains": ["PCI-DSS", "PSD2", "AML"]
}
}
}AP2 Mandate Management
Mandates define the authorized scope for agent payments. A mandate specifies which agent may transact, on whose behalf, with which merchants, up to what limits, and for what period.
Create a new payment mandate authorizing an agent to transact
Retrieve mandate details, remaining budget, and validity status
List all mandates for the organization, with optional status filter
Revoke a mandate — any in-flight transactions using this mandate are blocked
List all governed transactions executed under a mandate
Mandate Schema
{
"mandate_id": "mnd_vendor_9912",
"agent_id": "procurement_agent_v1",
"authorized_by": "user_cfo_01",
"scope": {
"merchant_categories": ["7372", "7371"],
"max_single_transaction_usd": 5000.00,
"daily_limit_usd": 10000.00,
"monthly_limit_usd": 50000.00,
"hnp_threshold_usd": 10000.00,
"currency": "USD",
"geographic_scope": ["US", "EU"]
},
"valid_from": "2026-01-01T00:00:00Z",
"valid_until": "2026-12-31T23:59:59Z",
"status": "active",
"cumulative_spend_usd": 2500.00,
"remaining_daily_budget_usd": 7500.00
}POST /v1/ap2/mandates/{mandate_id}/revoke.
Related Pages
- Connectors — A2A Registry and AP2 Mandate connectors
- Intent Declaration API — The core governance entry point
- Policy Library — Full policy catalog including AP2 and Tier 4 AI safety policies
- Webhooks — Event-driven notifications for governance decisions
- Authentication — API keys and A2A auth schemes