Skip to main content
A2A Proxy · governed agent-to-agent hops

Governance for every agent-to-agent hop.

When one agent delegates to another, that hop is usually invisible — no caller identity, no policy on what may be delegated, no scan of the data crossing, no record it happened. DVARA governs it: caller identity, a registry of allowed peers, per-hop policy, PII scanning, human approval, and a tamper-evident signed audit chain — on its own independent plane.

The A2A plane ships with every DVARA install — see pricing.

Agents don't just call models and tools. They call each other.

An agent asking another agent to act on a user's behalf is a delegation — and left ungoverned it is invisible: no identity on the caller, no policy on what may be delegated, no scan of the data that crosses, no record that it happened. DVARA's A2A Proxy puts the same class of controls on agent-to-agent hops that it puts on model and tool calls — governing exactly one hop, returning the peer's reply, and making no onward call of its own.

Full governance on the delegation path

Peer-agent registry & per-tenant rules

Register every peer agent once — endpoint, auth scheme, credentials — then scope which agents and skills each tenant may reach.

Policy on every hop

Allow or deny a hop by caller, target agent, or requested skill — an A2A-native Policy-as-Code engine with dry-run, versioning, and rollback.

PII scanning on the message

Scan the outbound message — and streamed events — for PII, then block or redact before anything crosses to the peer.

Human approval gates

Require human sign-off on sensitive hops by skill or target agent, enforced before execution and resolvable across pods from the console or portal.

Delegation-loop detection

Detect runaway delegation chains between agents and kill the session before it spirals.

Governed discovery

Serve each peer’s Agent Card through the proxy with a per-tenant skills allow-list, so agents advertise only the skills you intend.

Full protocol coverage

message/send, streaming message/stream, the task lifecycle, and push-notification config — every A2A operation governed, with SSRF-validated webhook URLs.

Credential centralization

Hold peer-agent credentials centrally — stored, or forwarded on-behalf-of — so calling agents never see raw secrets.

Own tamper-evident audit chain

Every hop is HMAC-signed and hash-chained into its own append-only trail, separate from the LLM/MCP chain, and unioned into SIEM and compliance reports.

A separate, independent plane

Its own proxy on :8075 with its own governance engines. Turn it on when your agents start delegating — the LLM and MCP planes are unaffected.

Every hop passes through the proxy

  1. 1

    Agent issues a hop

    Your agent sends an A2A message to a peer through the DVARA A2A Proxy on :8075 instead of calling the peer directly.

  2. 2

    Identity & registry

    The proxy authenticates the caller — API key to tenant — and resolves the target agent from the per-tenant registry.

  3. 3

    Policy, PII & approval

    The hop is checked against A2A policy, the message is scanned for PII, and sensitive hops pause for human approval — with loop detection guarding the delegation chain.

  4. 4

    Forward & audit

    The message reaches the peer agent, the reply is returned unchanged, and every step is signed into the A2A audit chain and metered per hop.

Govern your agents' delegations today.

The A2A plane ships with every DVARA install — enable it when your agents start delegating. Start a free 30-day trial, or read how it works.