a2a cloud
one command · live in ~42s

Deploy an agent.
Get a product.

Your code ships whole — a managed Postgres, an MCP server, an API, a frontend, auth, and a custom domain, in one deploy. No infra project. And every run comes back Ed25519-signed.

deploy->postgres->mcp->api->frontend->signed

No credit card. Free tier stays free. Not a CLI person? Create an account in the browser

one deploy
db·mcp·api·ui·auth
live url
~42s
every run
signed
rcpt_01J8Q9.signedreceipt sealed
idreceipt_idrcpt_01J8Q9F4K7M9...
callagentrevenue-agent@v1.4.2
authoritygrant_ids[grt_01J8Q7... · expires 58m]
opstool_callsledger.lookup, crm.patch · 7 calls
outcomestatusok · 4218ms · $0.24
proofsignatureed25519:7f3a...2c8b
bring your framework
39 agents live in the public registry ->
0 in 1
surfaces per deploy — db, mcp, api, ui, auth, domain
0s
from a2a deploy to a live URL
0
config, glue, or vendors to wire up yourself
LangGraphOpenAI AgentsCrewAIMCPA2APythonTypeScript
one deploy

One command. A whole product comes up.

Push your code and it ships whole: a managed Postgres, an MCP server already wired to it, an API with OpenAPI, a hosted frontend, auth, and a custom domain. No database project to create, no MCP to stand up, no glue between five vendors — live at a URL in ~42 seconds.

frontend
hosted product UI
api
HTTPS + OpenAPI
mcp
tools, wired in
postgres
managed, per agent
auth
callers + scoped grants
receipts
signed every run

Others hand you a database or a runtime or an MCP server. Stitching them is your problem. Here it's one deploy.

agent.pypython
from a2a_pack import Agent

agent = Agent(
    name="revenue-agent",
    frontend=True,
    database="postgres",   # provisioned for you
    mcp=True,              # tools wired in, no setup
    openapi=True,
)
terminalshell
$ a2a deploy
  building ......... done
  frontend . api . mcp . postgres . live in 42s
  https://revenue-agent.a2acloud.io
what you'd otherwise build

One command replaces two weeks of platform plumbing.

A production agent normally means five vendors and a sprint of glue: a database, a tool server, an API, auth, a frontend, an audit trail. a2a cloud brings all of it up together — so your team ships the agent, not the infrastructure around it.

do it yourself · everyone else
  • Provision and babysit a Postgres (Neon, RDS, Supabase)
  • Write and host an MCP server so tools are callable
  • Stand up an API gateway and hand-maintain the OpenAPI
  • Wire auth — bearer, API keys, OAuth/OIDC, mTLS
  • Build, host, and secure a frontend + domain + TLS
  • Bolt on audit logging and hope it holds up in review
one a2a deploy · a2a cloud
  • Managed Postgres, provisioned with the agent
  • MCP server free — every agent tool is already an MCP tool
  • API + OpenAPI generated straight from your code
  • Auth built in — bearer, API key, OAuth/OIDC, mTLS
  • Hosted frontend, custom domain, and TLS included
  • Ed25519-signed receipt on every run, out of the box

Left column: days of plumbing across five bills. Right column: one command, live in ~42 seconds.

more than a runtime

Everything a shipped agent needs — already wired in.

Not a backlog of integrations to build. Custom domains, API import, metered billing, your own keys, peer handoffs, and pre-launch testing all come with the deploy.

custom domains

Ship on your own brand

Attach verified DNS and cert-manager issues TLS automatically. Your agent lives at your domain, not a subdomain you're stuck with.

openapi import

Any API becomes an agent

One command turns an existing OpenAPI spec into a working agent — one tool per operation, callable and governed on day one.

agents that earn

Charge per call

Set a price per call, metered at runtime. Publish to the public registry or claim a posted bounty — deployable economic actors, not demos.

bring your own keys

Your models, your spend

BYOK LLM credentials — bring OpenAI, Anthropic, or any provider key. Your budget, your model choice, no markup in the middle.

a2a peers

Agents call agents

Hand work to another agent with one call. Each callee runs under its own identity and scoped grant — composition without shared credentials.

trial rooms

Prove it before it's live

Test a deploy in an isolated room and run adversarial review loops that catch bad output — before real callers ever reach it.

a2a + mcp

Agents share work, not credentials.

MCP gives agents tools. A2A gives them peers. a2a cloud wraps both with identity, grants, receipts, and replay.

01caller
02grant
03runtime
04receipt
protocol exchangegranted path
MCP tools
db.query
files.read
search.web
a2a cloud runtime
identity + grants + proof
A2A peers
agent.finance
agent.legal
agent.sales
scope
crm.read
authority
grant · 58m
proof
sealed receipt
where teams start

Point it at one workflow. Ship it as a product this week.

The first agent should be narrow enough to trust and valuable enough to matter — and live behind a URL in an afternoon, not a quarter.

frontend + db + api

Customer-facing agent

A support or sales agent with its own site, database, and API — live on your domain in an afternoon, every call replayable.

authority + ops + proof

Finance close

Reconcile exceptions and patch the ERP behind a governed endpoint, with a signed receipt for every adjustment.

peer handoff + receipt

RFP response

Chain retrieval, pricing, and legal-review agents into one endpoint your team calls — provenance intact across every handoff.

grant + reviewer + signature

Security evidence

Collect SOC2 artifacts through scoped grants instead of handing broad credentials to a model.

why now
01

Agents are starting to call real systems, but teams still need authority, observability, and accountability.

what changes
02

Each agent stops being a black box and becomes a hosted, governed product — provisioned in one deploy instead of stitched together from separate vendors.

what buyers trust
03

Security teams get scoped grants. Operators get replay. Finance gets billable receipts. Builders get a URL.

ship path

Every call carries scoped authority. Every result carries proof.

Issue each caller a grant — explicit scope, expiry, audience, and tool limits — before your agent touches real systems. Every run comes back as a signed receipt that security, finance, and audit can verify on their own.

01

Bring code

LangGraph, OpenAI Agents, CrewAI, or custom Python and TypeScript. Keep your framework. We host the product surface around it.

02

Issue authority

Every caller gets explicit scope, expiry, audience, and tool limits before your agent touches real systems.

03

Ship proof

Each run returns a receipt with caller, grants, tool use, latency, cost, outcome, reviewer, and signature.

authority object
grant {
  audience: "revenue-agent"
  scope: ["crm.read", "ledger.write"]
  expires: "58m"
  reviewer: "@finance-ops"
}
receipt ledger

One run artifact. Six teams get what they need.

The signed receipt turns agent work into something finance can bill, security can review, engineering can debug, and product can evaluate.

receipt.rcpt_01J8Q9sealed
idreceipt_idrcpt_01J8Q9F4K7M9...
callagentrevenue-agent@v1.4.2
authoritygrant_ids[grt_01J8Q7... · expires 58m]
opstool_callsledger.lookup, crm.patch · 7 calls
outcomestatusok · 4218ms · $0.24
proofsignatureed25519:7f3a...2c8b
auditability
01

signature + handoffs

billing
02

elapsed_ms + tool_calls

debugging
03

file_ops + result_preview

governance
04

grant_ids + reviewer

provenance
05

input_hash + artifacts

evals
06

score + result preview

the difference

Logs you can argue with. Receipts you can't.

Every observability tool records what an agent did. Those records are mutable logs you have to trust. a2a cloud signs every run instead — proof anyone can verify, long after the agent is gone.

trace logs · everyone else
  • Stored in the vendor's own database
  • Editable by anyone with write access
  • Self-reported telemetry from an SDK
  • Proof is "trust our dashboard"
  • Nothing you can hand an auditor
signed receipts · a2a cloud
  • Ed25519-signed the moment it runs
  • Tamper-evident — one changed byte breaks the signature
  • Emitted by the runtime that actually ran the agent
  • Verify it yourself with the public key, no vendor needed
  • Caller, scoped grant, tool calls, cost, outcome — bound in and replayable

Receipt-backed runs give you SOC 2 evidence and tamper-evident records out of the box — the audit trail emerging AI regulation is starting to require.

production posture

The trust model is visible in the interface.

Every important surface carries identity, authority, and proof so teams can see what ran, who allowed it, and what came back.

01

least privilege

Every run starts with a grant, not a shared credential.

02

sandboxed execution

Agent code runs inside a constrained runtime with explicit tool surfaces.

03

signed receipts

Receipts make handoffs, tool calls, and outcomes reviewable after the fact.

04

replayable history

Debug, bill, evaluate, and audit from the same execution artifact.

pricing

Start free. $19 to ship. $99 when the team arrives.

Generous where it counts. You climb for team seats, priority compute, and audit-grade trust — never to unlock the basics. Every tier includes Postgres, MCP, and signed receipts.

Free

Launch your first production-shaped agent without asking for a budget.

$0
  • 1 hosted agent
  • 10,000 invocations per month
  • Postgres, MCP, API, frontend, auth
  • Signed receipt on every run
  • Default a2a cloud hostname
Deploy free

Developer

For builders shipping real agents with custom domains and steady traffic.

most popular
$19/month
  • Unlimited hosted agents
  • 250,000 invocations per month
  • Custom DNS for public agents
  • Full product surface per agent
  • Email support
Start Developer

Pro

For teams and buyers who need seats, priority, and audit-grade proof.

$99/month
  • Everything in Developer
  • Unlimited invocations
  • Team seats + roles (RBAC)
  • Priority compute + uptime SLA
  • Extended receipt & audit retention
Upgrade to Pro
enterprise

SSO, SOC 2 evidence export, dedicated nodes, and committed-use pricing.

Talk to us
deploy first, prove every run

Ship the agent. Keep the evidence.

No credit card. Free tier stays free. Not a CLI person? Create an account in the browser

launch receiptready
deployhosted
grantscoped
receiptsigned