Skip to content
vollko
Main
Homepage Engineering Transformation Whitepaper OSS catalog
The trace · deep dives
01 · sense
sensing-ingestion
02 · substrate · memory & identity
knowledge-graphs agent-memory agent-identity observability
03 · cognition · the firm thinks
agent-frameworks orchestration eval-harness protocols
04 · trust + learning
governance feedback-loops
05 · synthesis · one trace
end-to-endStart a conversation
AI-native · wiring

The protocols.

MCP for tools, A2A for agents, CloudEvents on the wire. The standards layer settled in 2026. Follow one request — ticket #88241 — as it crosses all three.

Start the tour
AGENTthe thing that wants to do something A2A · agent-to-agent task delegationv1.0 · LF · 150+ orgs · OAuth 2.0 modernized Mar 2026 MCP · agent-to-tool/context binding2025-11-25 stable · RC 2026-07-28 · ~14,000 servers · Agentic AI Foundation governed CLOUDEVENTS · the wire envelopeCNCF v1.0.2 · agent-specific payload in data TRANSPORT · HTTP / SSE / gRPC / WebSocket
Section 01 · Agentic AI Foundation - one foundation, many specs

All the protocols under one roof.

Agentic AI Foundation (Linux Foundation) · ~170 members
AGENTIC AI FOUNDATION · Linux Foundation umbrella (Dec 2025) MCPtools + contextAnthropic, 2024 A2Aagent ↔ agentGoogle, Mar 2026 AGENTS.mdrepo instructionsOpenAI, Aug 2025 AGNTCYdiscovery + identityCisco, 2025 ACPREST agentIBM BeeAI all of these are stacked, not competitive - Agentic AI Foundation governs the seams Backers: Anthropic, OpenAI, Block, Google, Microsoft, AWS, Salesforce, SAP, ServiceNow
The 2025-26 protocol wars ended in consolidation. Pick MCP + A2A. Compose, don't choose.
Section 02 · MCP · the tool/context protocol

MCP - agents discover tools.

Model Context Protocol · stateless HTTP core (RC 2026-07-28)
MCP CLIENTyour agentClaude / GPT / Cursor tools/list"what can you do?" tools/call"do this thing" resources/read"give me that context" MCP SERVERe.g. Playwrightbrowser actions+ signed by mcp-provenance stateless HTTP · any request to any server instance · horizontal scaling
#88241's agent reaches for a tool - request out, context back. ~14,000 servers tracked; the Oct 2026 RC drops session state, so you load-balance anywhere.
Section 03 · MCP 2026 · the production roadmap

Tasks + Server Cards.

David Soria Parra · MCP lead maintainer · 2026 roadmap
1 · TASKS submit now, fetch later NEW CLIENT SERVER tasks/create task-id · returns instantly server works: seconds → hours the agent is free to do other work tasks/get(id) result, when ready old tools/call blocked · retry + expiry built in 2 · SERVER CARDS discovery without a session AGENT reads no session SERVER CARD published at a well-known URL IDENTITYplaywright-mcp SKILLSbrowse · click · screenshot HOW TO AUTHstandard sign-in old: open a session, then list · new: read the card
Two new primitives. Tasks turn MCP into submit-now-fetch-later. Server Cards make discovery sessionless.
Section 04 · the production seam

Gateway + sheath.

Bloomberg · Kong · Arcade · vollko / shack-gateway · enterprise wraps around vanilla MCP
THE GATEWAY HOURGLASS agentagentagentagentagentagent GATEWAY identity policy federation audit tooltooltooltooltooltool THE MCP SHEATH MCP core AUDIT GUARDRAILS METERING AUTHN/AUTHZ
Gateway: the seam. Sheath: the wrap. Every call #88241 makes passes five rings before it touches data.
PROGRESSIVE DISCOVERY · 4 meta-tools
shack-gateway (vollko OSS)
instead of dumping every downstream tool schema into the client (~5 k tok each), the gateway exposes four meta-tools:
· shack_list_tools   -   compact {name, server, summary}
· shack_describe_tool   -   full schema on demand
· shack_call_tool   -   routed via security pipeline
· shack_list_servers   -   tool counts per server
scales past 50 servers without busting the context budget
SECURITY PIPELINE · per call
declarative · auditable
every call passes through the same four gates before it leaves the gateway:
· workspace sandbox   -   path containment
· allow / deny rules   -   bash(rm -rf:*)
· pre / post hooks   -   modify or reject
· log redaction   -   tokens / keys / secrets
JSON-RPC 2.0 over stdio · rs / ts / py · Apache-2.0
Section 05 · MCP-UI · UI as tool output

Three render modes.

Ido Salomon + Liad Yosef · MCP-UI · ui:// scheme · intent postMessage loop
MODE 1
Inline HTML
Approve
lightweight widget · same trust domain as host
MODE 2
External URL
iframe · sandboxed
full web app · sandboxed iframe · vendor app
MODE 3
Remote DOM
host theme · JS tree
host renders native components · brand-consistent
AGENT UIResource (ui://…) RENDER user click INTENT postMessage · typed NEXT CALL
Agent emits UI · host sandboxes it · user clicks fire typed intents back. Tool output becomes interactive.
Section 05b · MCP provenance

Trust the tools your agent reaches for.

vollko / mcp-provenance · May 2026: OX Security disclosed tool poisoning across 150M+ MCP downloads
THE 2026 INCIDENT ~ 200,000 vulnerable MCP server instances supply chain · 150M+ downloads · OX Security disclosure TOOL POISONING attackers hide instructions inside tool metadata the agent reads, the user does not + 32% INDIRECT PROMPT INJECTION malicious payloads in web content Nov 2025 → Feb 2026 · Google FIVE-PIECE STACK 1 · PACKAGE MANIFEST mcp-package.json · identity, tools, capabilities, egress, file scopes, env requirements 2 · SIGNING FORMAT Sigstore-style detached · Ed25519 default optional keyless mode 3 · mcp-prov CLI keygen · init · sign · verify · inspect 4 · CLIENT LIBRARY agents verify a server before launching it 5 · REFERENCE REGISTRY Express + SQLite · publishers, signed publishes, search
npm provenance attests the build. Sigstore attests the artifact. Nobody attested the capability - until this.
Section 06 · A2A · agent-to-agent task delegation

A2A - agents hire agents.

v1.0 · Linux Foundation · 150+ orgs (Mar 2026)
1 · task envelope → 2 · ← result + audit trail COORDINATOR your agent #88241 RESEARCH AGENTalso available FINANCE AGENTruns in a different org LEGAL AGENTalso available reads FINANCE-AGENT'S CARD NAMEfinance-agent WHAT IT DOESinvoices · cash flow HOW TO REACH ITsigned handshake
#88241 needs finance data - the coordinator delegates to an agent in another org. Each agent publishes a card; the spec is the contract, no SDK lock-in.
Section 07 · the envelope on the wire

CloudEvents wraps everything.

every event answers five questions · that's it
THE ENVELOPE WHO customer-triage WHAT proposed a reply WHEN 14:32 · 25 May ABOUT ticket #88241 THE MESSAGE draft + 'needs human' same shape for every event · same shape across every tool
However it travels, #88241 rides inside the same envelope - sealed, then on the wire. Fields stay constant; the payload carries the protocol-specific message.
Section 08 · discovery

The registry.

~14,000 MCP servers tracked · ~2,000 in the official index
AGENTdiscovers REGISTRYregistry.modelcontextprotocol.io+ Apicurio for agent artifacts+ self-hosted .well-known Playwright MCP · ~30k stars Adobe Marketo MCP · Apr 2026 your-firm-mcp · private
Public registry, private mirror. Apicurio (Apache 2.0) stores agent artifacts alongside Avro / Protobuf.
Section 09 · not vs - with

MCP + A2A. Stacked.

vertical · horizontal · the two axes of agent infrastructure
agent ↔ agent agent ↔ tool MCP tool / context binding ~14k servers · stable A2A agent-to-agent delegation 150+ orgs · v1.0 your agent calls MCP servers AND publishes itself via A2A - both at once
Two families - context plane (MCP) and inter-agent plane (A2A). The "war" is a press cycle. Engineering uses both.
Section 10 · vollko OSS · this layer

The primitives.

typed-event-bus
type-safe bus · the primitive everything subscribes to
agent-phone
Noise-XK encrypted RPC · DID-bound WebSocket
agent-ask
federated public Q&A protocol
parley
signed bounded turn-taking rooms
tiny-validator
Zod-like schema validator
mcp-provenance
signed MCP capability declarations
· · ·
Build the AI-native firm
Directory · pick a face
knowledge-graphs
eval-harness
agent-memory
protocols
agent-identity
observability
orchestration
sensing-ingestion
governance
agent-frameworks
feedback-loops
end-to-end
← back to the AI-native organization whitepaper