fix: Add A2a for flow agents too

Author: achetronic

frontend/admin-ui/src/views/flows/FlowDialog.vue

@@ -11,6 +11,15 @@
           <FormInput v-model="form.description" placeholder="What this flow does..." />
         </div>
       </div>
+      <div class="border border-piedra-700/40 rounded-xl px-4 py-3">
+        <div class="flex items-center justify-between">
+          <div>
+            <span class="text-xs font-medium text-arena-400">A2A Protocol</span>
+            <p class="text-[10px] text-arena-500 mt-0.5">Expose this flow via the Agent-to-Agent protocol for external discovery and invocation</p>
+          </div>
+          <FormToggle v-model="form.a2aEnabled" />
+        </div>
+      </div>
       <FlowCanvas
         v-model="form.root"
         :agents="store.agents"
@@ -46,6 +55,7 @@ import { flowsApi } from '../../lib/api/index.js'
 import AppDialog from '../../components/AppDialog.vue'
 import FormInput from '../../components/FormInput.vue'
 import FormLabel from '../../components/FormLabel.vue'
+import FormToggle from '../../components/FormToggle.vue'
 import FlowCanvas from './FlowCanvas.vue'
 
 const emit = defineEmits(['saved'])
@@ -59,6 +69,7 @@ const form = reactive({
   name: '',
   description: '',
   root: null,
+  a2aEnabled: false,
 })
 
 function open(flow = null) {
@@ -67,6 +78,7 @@ function open(flow = null) {
   form.name = flow?.name || ''
   form.description = flow?.description || ''
   form.root = flow ? JSON.parse(JSON.stringify(flow.root)) : null
+  form.a2aEnabled = flow?.a2a?.enabled || false
   dialogRef.value?.open()
 }
 
@@ -75,6 +87,7 @@ async function save() {
     name: form.name.trim(),
     description: form.description.trim(),
     root: cleanStep(form.root),
+    a2a: form.a2aEnabled ? { enabled: true } : undefined,
   }
   try {
     if (isEdit.value) {

server/a2a/handler.go

@@ -37,25 +37,38 @@ func NewHandler(publicURL string) *Handler {
 	}
 }
 
-func (h *Handler) Rebuild(agents []store.AgentDefinition, adkAgents map[string]agent.Agent, sessionSvc session.Service, memorySvc memory.Service) {
+func (h *Handler) Rebuild(agents []store.AgentDefinition, flows []store.FlowDefinition, adkAgents map[string]agent.Agent, sessionSvc session.Service, memorySvc memory.Service) {
 	handlers := make(map[string]http.Handler)
 	cards := make(map[string]*a2a.AgentCard)
 
-	for _, agentDef := range agents {
-		if agentDef.A2A == nil || !agentDef.A2A.Enabled {
+	type a2aEntry struct {
+		id, name, description string
+		a2aCfg                *store.A2AConfig
+	}
+
+	var entries []a2aEntry
+	for _, ag := range agents {
+		entries = append(entries, a2aEntry{ag.ID, ag.Name, ag.Description, ag.A2A})
+	}
+	for _, fl := range flows {
+		entries = append(entries, a2aEntry{fl.ID, fl.Name, fl.Description, fl.A2A})
+	}
+
+	for _, entry := range entries {
+		if entry.a2aCfg == nil || !entry.a2aCfg.Enabled {
 			continue
 		}
-		adkAgent, ok := adkAgents[agentDef.ID]
+		adkAgent, ok := adkAgents[entry.id]
 		if !ok {
-			slog.Warn("A2A: agent not found in ADK map", "agent", agentDef.ID)
+			slog.Warn("A2A: agent not found in ADK map", "agent", entry.id)
 			continue
 		}
 
-		invokeURL := fmt.Sprintf("%s/api/v1/a2a/%s", h.publicURL, agentDef.ID)
+		invokeURL := fmt.Sprintf("%s/api/v1/a2a/%s", h.publicURL, entry.id)
 
 		card := &a2a.AgentCard{
-			Name:               agentDef.Name,
-			Description:        agentDef.Description,
+			Name:               entry.name,
+			Description:        entry.description,
 			URL:                invokeURL,
 			Version:            "1.0.0",
 			ProtocolVersion:    protocolVersion,
@@ -76,21 +89,21 @@ func (h *Handler) Rebuild(agents []store.AgentDefinition, adkAgents map[string]a
 				{"bearer": a2a.SecuritySchemeScopes{}},
 			},
 		}
-		cards[agentDef.ID] = card
+		cards[entry.id] = card
 
 		execCfg := adka2a.ExecutorConfig{
 			RunnerConfig: runner.Config{
-				AppName:        agentDef.ID,
+				AppName:        entry.id,
 				Agent:          adkAgent,
 				SessionService: sessionSvc,
 				MemoryService:  memorySvc,
 			},
 		}
 		executor := adka2a.NewExecutor(execCfg)
 		reqHandler := a2asrv.NewHandler(executor, a2asrv.WithLogger(slog.Default()))
-		handlers[agentDef.ID] = a2asrv.NewJSONRPCHandler(reqHandler)
+		handlers[entry.id] = a2asrv.NewJSONRPCHandler(reqHandler)
 
-		slog.Info("A2A endpoint enabled", "agent", agentDef.ID, "name", agentDef.Name)
+		slog.Info("A2A endpoint enabled", "agent", entry.id, "name", entry.name)
 	}
 
 	h.mu.Lock()

server/agent/agent.go

@@ -185,6 +185,7 @@ func New(ctx context.Context, agents []store.AgentDefinition, backends []store.B
 			continue
 		}
 		otherAgents = append(otherAgents, flowAgent)
+		adkAgentMap[flow.ID] = flowAgent
 		slog.Info("Flow initialized", "id", flow.ID, "name", flow.Name)
 	}
 

server/api/admin/docs/docs.go

@@ -3087,6 +3087,9 @@ const docTemplate = `{
         "store.FlowDefinition": {
             "type": "object",
             "properties": {
+                "a2a": {
+                    "$ref": "#/definitions/store.A2AConfig"
+                },
                 "description": {
                     "type": "string"
                 },

server/api/admin/docs/swagger.json

@@ -3084,6 +3084,9 @@
         "store.FlowDefinition": {
             "type": "object",
             "properties": {
+                "a2a": {
+                    "$ref": "#/definitions/store.A2AConfig"
+                },
                 "description": {
                     "type": "string"
                 },

server/api/admin/docs/swagger.yaml

@@ -288,6 +288,8 @@ definitions:
     type: object
   store.FlowDefinition:
     properties:
+      a2a:
+        $ref: '#/definitions/store.A2AConfig'
       description:
         type: string
       id:

server/main.go

@@ -581,7 +581,7 @@ func (h *agentRouterHandler) rebuild(ctx context.Context, dataStore *store.Store
 				h.adminHandler.SetSessionService(svc.SessionService())
 			}
 			if h.a2aHandler != nil {
-				h.a2aHandler.Rebuild(storeData.Agents, svc.ADKAgents(), svc.SessionService(), svc.MemoryService())
+				h.a2aHandler.Rebuild(storeData.Agents, storeData.Flows, svc.ADKAgents(), svc.SessionService(), svc.MemoryService())
 			}
 		}
 	} else {

server/store/types.go

@@ -257,10 +257,11 @@ func collectAgentIDs(step *FlowStep, seen map[string]bool, ids *[]string) {
 // FlowDefinition represents a multi-agent workflow stored as a recursive tree
 // of steps that maps directly to ADK workflow agents.
 type FlowDefinition struct {
-	ID          string   `json:"id" yaml:"id"`
-	Name        string   `json:"name" yaml:"name"`
-	Description string   `json:"description,omitempty" yaml:"description,omitempty"`
-	Root        FlowStep `json:"root" yaml:"root"`
+	ID          string     `json:"id" yaml:"id"`
+	Name        string     `json:"name" yaml:"name"`
+	Description string     `json:"description,omitempty" yaml:"description,omitempty"`
+	Root        FlowStep   `json:"root" yaml:"root"`
+	A2A         *A2AConfig `json:"a2a,omitempty" yaml:"a2a,omitempty"`
 }
 
 // Settings holds global configuration that applies to the launcher/runtime

website/content/docs/a2a.md

@@ -0,0 +1,89 @@
+---
+title: "A2A Protocol"
+---
+
+A2A (Agent-to-Agent) lets your Magec agents talk to external AI systems — and lets external systems talk to yours. When you enable A2A on an agent, it becomes discoverable and callable by any application that speaks the [A2A protocol](https://a2a-protocol.org/latest/specification/).
+
+In practice: you flip a toggle, and your agent gets a URL that other tools can connect to. They discover what the agent can do, authenticate, and send it messages — all without you writing any code.
+
+## Why would I use this?
+
+Think of A2A as giving your agent a phone number that other AI systems can call.
+
+- **Connect agents across platforms.** An agent running in another tool (Claude Desktop, a custom app, another Magec instance) can discover and invoke your agent directly.
+- **Build multi-agent systems.** A coordinator agent somewhere else can delegate tasks to your specialized agents — your "database expert" handles queries, your "email writer" drafts responses, each on their own Magec instance.
+- **Expose agents as services.** Instead of building a custom API for each agent, A2A gives you a standard protocol that any compatible client already knows how to use.
+
+If you're running Magec for personal use or within a single app, you probably don't need A2A. It becomes useful when you want agents to collaborate across different systems.
+
+## How it works
+
+When you enable A2A on an agent, Magec does three things:
+
+1. **Publishes an agent card** — a JSON document describing the agent's name, capabilities, skills, and how to authenticate. This is the discovery mechanism.
+2. **Exposes a JSON-RPC endpoint** — the URL where clients send messages to the agent. Supports both synchronous and streaming responses.
+3. **Auto-generates skills from the agent's tools** — MCP servers, built-in tools, and the agent's instructions are all reflected in the card so clients know what the agent can do.
+
+You don't configure any of this manually. The card and skills are derived from the agent's existing setup.
+
+## Enabling A2A
+
+1. Open an agent in the Admin UI
+2. Toggle **A2A Protocol** on
+3. Save
+
+That's it. The agent is now discoverable and invocable via A2A.
+
+## Endpoints
+
+| Endpoint | Auth | Description |
+|----------|------|-------------|
+| `/.well-known/agent-card.json` | No | Lists all A2A-enabled agents |
+| `/api/v1/a2a/{agentId}/.well-known/agent-card.json` | No | Agent card for a specific agent |
+| `/api/v1/a2a/{agentId}` | Bearer token | JSON-RPC invocation endpoint |
+
+Discovery endpoints are public so that external clients can find your agents. The invocation endpoint requires a **Bearer token** — this is a regular Magec client token, the same ones you create in the Admin UI under Clients.
+
+## Connecting a client
+
+Give the external A2A client this URL:
+
+```
+https://your-server/api/v1/a2a/{agentId}
+```
+
+The client will automatically fetch the agent card from the `.well-known` path relative to that URL, read the security requirements, and use the Bearer token you provide to send messages.
+
+## Public URL
+
+By default, agent cards reference `http://localhost:{port}` as the agent's URL. This works for local development but not when your server is behind a reverse proxy or exposed to the internet.
+
+Set `publicURL` in your config so that agent cards contain the correct address:
+
+```yaml
+server:
+  publicURL: https://magec.example.com
+```
+
+{{< callout type="info" >}}
+If you don't set `publicURL`, everything still works locally. You only need it when external systems need to reach your server from outside.
+{{< /callout >}}
+
+## What's in an agent card?
+
+The agent card is what clients read to understand your agent. Here's what it contains:
+
+| Field | Description |
+|-------|-------------|
+| `name` | Agent's display name |
+| `description` | What the agent does |
+| `url` | JSON-RPC endpoint for invocation |
+| `skills` | Auto-generated list of capabilities (from system prompt + tools) |
+| `securitySchemes` | How to authenticate (Bearer token) |
+| `capabilities` | Protocol features supported (streaming) |
+
+Skills are generated automatically from the agent's configuration. Each MCP tool the agent has access to appears as a separate skill. The agent's system prompt is reflected in the primary skill description, so external clients can understand what the agent is good at without any manual setup.
+
+## Hot-reload
+
+Like everything in Magec, A2A configuration reloads automatically. Enable or disable A2A on an agent, save, and the change is live — no restart needed.

website/hugo.toml

@@ -112,16 +112,21 @@ theme = 'magec'
     parent = 'core'
     url = '/docs/skills/'
     weight = 6
+  [[menu.docs]]
+    name = 'A2A Protocol'
+    parent = 'core'
+    url = '/docs/a2a/'
+    weight = 7
   [[menu.docs]]
     name = 'Secrets'
     parent = 'core'
     url = '/docs/secrets/'
-    weight = 7
+    weight = 8
   [[menu.docs]]
     name = 'Commands'
     parent = 'core'
     url = '/docs/commands/'
-    weight = 8
+    weight = 9
 
   [[menu.docs]]
     identifier = 'clients'