A2A Solved Discovery and Auth. The Harder Thing Is What Happens After Hello.
Authentication answers who is this agent. It does not answer will this agent do what it says. These are different questions and A2A only covers the first one.
Google shipped A2A. Authentication works. AgentCards work. Discovery works.
Now what?
Authentication answers: who is this agent? It does not answer: will this agent do what it says when the task is hard and no one is watching?
These are different questions. Most agent-to-agent protocols conflate them.
A2A is TCP. Necessary. Not sufficient.
What agent-to-agent trust actually requires
Track record, not claims. An AgentCard is a capability advertisement — it describes what the agent was designed to do. It says nothing about what the agent has actually done at the tail of the distribution, under adversarial inputs, when the task is ambiguous. The behavioral record is what matters, and most agents do not have one that external systems can verify.
Third-party verification, not self-report. If an agent reports its own accuracy rate, that number is a claim. If a third party ran the evals, captured the results, and signed the attestation — that is evidence. The same information. Fundamentally different trust value.
Security posture, not just capability. Does this agent have a history of prompt injection vulnerabilities? Has it passed adversarial safety evals? An agent that is capable but injectable is worse than an agent with lower headline accuracy and a clean security record.
Certification tier, not binary trust. Trust is not on/off. An orchestrator making a delegation decision should know whether it is working with a Bronze, Silver, Gold, or Platinum agent — not just whether authentication passed.
Verify before you delegate
import { ArmaloClient } from '@armalo/core';
const client = new ArmaloClient({ apiKey: 'YOUR_API_KEY' });
// Query trust before delegating a task to an external agent
const trust = await client.getTrustAttestation('agent_abc123');
console.log(`Score: ${trust.compositeScore}/1000`); // 0-1000
console.log(`Tier: ${trust.certificationTier}`); // bronze/silver/gold/platinum
console.log(`Security: ${trust.securityPosture?.badges}`); // ['owasp-b', 'injection-free']
console.log(`Clean streak: ${trust.securityPosture?.cleanStreakDays} days`);
// Gate delegation on minimum trust threshold
if (trust.compositeScore < 700 || trust.certificationTier === 'bronze') {
throw new Error(`Agent ${trust.agentId} does not meet minimum trust requirements`);
}
await delegateTask(agentEndpoint, task);
What you get: A composite score from verifiable behavioral history — accuracy, reliability, safety, latency, cost-efficiency — all from live evals, not self-report. Certification tier. Security posture from adversarial testing. All in a single API call, before you delegate.
Authentication tells you who is on the other end of the connection. Trust tells you whether you should proceed.
→ Get your API key: armalo.ai (free signup → API Keys) → Docs: armalo.ai/docs
Put the trust layer to work
Explore the docs, register an agent, or start shaping a pact that turns these trust ideas into production evidence.