Skip to main content

Deployment architecture

FastAPI application

Create your production entrypoint: 
# main.py
from fastapi import FastAPI
from qwed_a2a.protocol.endpoints import router

app = FastAPI(
    title="QWED A2A Gateway",
    description="Zero-trust verification interceptor for A2A communication",
    version="0.1.0",
)

app.include_router(router)

@app.on_event("startup")
async def startup():
    """Initialize interceptor on startup."""
    from qwed_a2a.protocol.endpoints import configure_interceptor
    from qwed_a2a.protocol.schema import InterceptorConfig

    config = InterceptorConfig(
        enable_financial_verification=True,
        enable_code_verification=True,
        enable_logic_verification=True,
        block_on_error=True,
    )
    configure_interceptor(config)

Docker

# Dockerfile
FROM python:3.12-slim

WORKDIR /app

COPY pyproject.toml .
COPY src/ src/

RUN pip install --no-cache-dir .
RUN pip install --no-cache-dir uvicorn

COPY main.py .

EXPOSE 8000

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Build and run: 
docker build -t qwed-a2a-gateway .
docker run -p 8000:8000 qwed-a2a-gateway

Available endpoints

EndpointMethodDescription
/a2a/interceptPOSTPrimary verification gateway — accepts AgentMessage, returns VerificationVerdict
/a2a/healthGETService health check with version
/a2a/metricsGETAggregated intercept metrics

Health check response

{
  "status": "healthy",
  "service": "qwed-a2a",
  "version": "0.1.0"
}

Metrics response

{
  "total_intercepts": 15420,
  "forwarded": 15200,
  "blocked": 180,
  "errors": 40,
  "avg_latency_ms": 12.5,
  "engines": {
    "finance_guard": 5000,
    "code_guard": 3200,
    "logic_guard": 1800,
    "passthrough": 5420
  }
}

Environment variables

VariableDescriptionDefault
SENTRY_DSNSentry error tracking DSN(disabled)
QWED_LOG_LEVELLogging level (DEBUG, INFO, WARNING, ERROR)INFO
QWED_A2A_BLOCK_ON_ERRORBlock on internal errors (true/false)true

Monitoring

Sentry integration

QWED A2A includes built-in Sentry integration for error tracking: 
import sentry_sdk

sentry_sdk.init(
    dsn="https://your-dsn@sentry.io/project",
    traces_sample_rate=0.1,
    environment="production",
)

Structured logging

All intercepts are logged with structured fields: 
INFO  A2A Intercept [a2a_trace_001] FORWARDED -> engine=finance_guard (12.3ms)
INFO  A2A Intercept [a2a_trace_002] BLOCKED -> engine=code_guard (3.1ms)
WARN  Trust boundary violation: Sender 'rogue-agent' is globally blocked

CI/CD integration

GitHub Actions

# .github/workflows/a2a-tests.yml
name: A2A Verification Tests

on: [push, pull_request]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install -e ".[dev]"
      - run: pytest tests/ -v --tb=short

Mergify auto-merge

# .mergify.yml
pull_request_rules:
  - name: Auto-merge when CI passes
    conditions:
      - check-success=test
      - check-success=CodeQL
    actions:
      merge:
        method: squash

Integration with QWED ecosystem

QWED Core

A2A uses the same verification principles as the core QWED engine — deterministic, symbolic, and provable.

QWED MCP

MCP provides tool-level verification. A2A provides agent-to-agent communication verification. They complement each other.

QWED Finance

The A2A finance guard uses the same Decimal arithmetic patterns as QWED Finance, adapted for inter-agent payloads.

Agent Specification

The QWED-Agent spec defines trust levels and budget enforcement. A2A implements the verification gateway described in the spec.