Written by: Mariana Fonseca, Editorial Team, AI Growth Agent
Key Takeaways
- Enterprise agent cards combine A2A metadata for agent discovery with virtual spend cards that enforce programmable payment limits and instant revocation.
- A2A v1.0 agent cards are JSON manifests served at /.well-known/agent-card.json that declare identity, skills, interfaces, and OAuth2 security requirements.
- Virtual spend controls such as per-transaction limits, MCC allowlists, velocity caps, and time-bound expiration are embedded directly in the agent card via the spendPolicy extension.
- Enterprise governance relies on unified catalogs, least-privilege OAuth2 scopes, gateway audit logging, and periodic card reviews to maintain security and compliance.
- AI Growth Agent automates the publishing and maintenance of living agent cards at enterprise scale, and you can see the full workflow in a live demo.
Inside an A2A Agent Card JSON Manifest
A2A reached v1.0 in 2026 and operates under the Linux Foundation with support from Google, Microsoft, and more than 150 other organizations. An agent card is a JSON document served via HTTPS at /.well-known/agent-card.json. The following example shows a production-ready schema that conforms to A2A v1.0.
{ "name": "procurement-agent", "description": "Handles vendor lookup, PO creation, and invoice reconciliation.", "version": "1.0.0", "provider": { "organization": "Acme Corp", "url": "https://acme.example.com" }, "supportedInterfaces": [ { "url": "https://agents.acme.example.com/procurement", "protocolBinding": "HTTP+JSON", "protocolVersion": "1.0" } ], "capabilities": { "streaming": true, "pushNotifications": true, "extendedAgentCard": false }, "defaultInputModes": ["application/json", "text/plain"], "defaultOutputModes": ["application/json"], "skills": [ { "id": "vendor-lookup", "name": "Vendor Lookup", "description": "Searches the approved vendor catalog by category or name.", "tags": ["procurement", "vendor", "catalog"], "examples": ["Find approved office supply vendors in the Northeast region."], "inputModes": ["text/plain"], "outputModes": ["application/json"] }, { "id": "po-creation", "name": "Purchase Order Creation", "description": "Creates a draft PO against an approved vendor and budget code.", "tags": ["procurement", "purchase-order", "finance"], "examples": ["Create a PO for $4,200 against vendor ID V-0042 under cost center CC-1100."], "inputModes": ["application/json"], "outputModes": ["application/json"] } ], "securitySchemes": { "oauth2": { "type": "oauth2", "flows": { "clientCredentials": { "tokenUrl": "https://auth.acme.example.com/oauth2/token", "scopes": { "procurement:read": "Read vendor and PO data", "procurement:write": "Create and update POs" } } } } }, "security": [ { "oauth2": ["procurement:read", "procurement:write"] } ], "signatures": [ { "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6ImFjbWUta2V5LTEifQ", "signature": "BASE64URL_SIGNATURE_VALUE" } ] }
Each field in this schema supports a specific discovery or security function for client agents. The annotations below explain how agents interpret each section when deciding whether to invoke this procurement agent.
Field annotations: name and description provide human- and machine-readable identity. version tracks the agent release. provider establishes organizational ownership for trust and attribution. supportedInterfaces moves transport endpoint declarations from top-level fields into an array where each entry carries url, protocolBinding, and protocolVersion. Elevating a2a.proto to the universal normative source of truth is among the primary structural changes in A2A v1.0. capabilities advertises protocol-level features such as streaming and push notifications. defaultInputModes and defaultOutputModes declare accepted MIME types. skills lists discrete capabilities. The skills array is indexed for keyword search within Google Cloud Agent Registry. securitySchemes follows the OpenAPI 3 shape, and security maps required schemes to the card. Signatures are computed using JSON Web Signature (RFC 7515) over a canonicalized form of the card (RFC 8785) to enable tamper-evident verification.
If your team needs help standing up a production-ready endpoint with correct signing and verification, our implementation consultations walk through the full deployment checklist.
Template for Enterprise Agent Cards With Spend Policy
This template combines A2A metadata fields with spend-card policy references so procurement and platform teams can work from a single artifact. Extend the skills array for each discrete capability and populate spendPolicy with the virtual card parameters issued by your provider.
{ "name": "autonomous-procurement-agent", "description": "Discovers vendors, creates POs, and executes approved payments.", "version": "1.0.0", "provider": { "organization": "Acme Corp", "url": "https://acme.example.com" }, "supportedInterfaces": [ { "url": "https://agents.acme.example.com/procurement", "protocolBinding": "HTTP+JSON", "protocolVersion": "1.0" } ], "capabilities": { "streaming": true, "pushNotifications": true, "extendedAgentCard": false }, "defaultInputModes": ["application/json"], "defaultOutputModes": ["application/json"], "skills": [ { "id": "vendor-lookup", "name": "Vendor Lookup", "description": "Searches the approved vendor catalog.", "tags": ["procurement", "vendor"], "examples": ["Find approved SaaS vendors under $10,000 annual contract value."], "inputModes": ["text/plain"], "outputModes": ["application/json"] } ], "securitySchemes": { "oauth2": { "type": "oauth2", "flows": { "clientCredentials": { "tokenUrl": "https://auth.acme.example.com/oauth2/token", "scopes": { "procurement:read": "Read vendor data", "procurement:write": "Create POs and initiate payments" } } } } }, "security": [{ "oauth2": ["procurement:read", "procurement:write"] }], "spendPolicy": { "cardProvider": "Ramp", "standard": "Visa Intelligent Commerce", "perTransactionLimit": 5000, "currency": "USD", "allowedMCCs": ["5045", "7372", "5065"], "velocityLimit": { "maxTransactions": 10, "windowHours": 24 }, "expiration": "2026-12-31", "revocationEndpoint": "https://api.ramp.com/developer/v1/cards/{card_id}/deactivate" }, "signatures": [ { "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6ImFjbWUta2V5LTEifQ", "signature": "BASE64URL_SIGNATURE_VALUE" } ] }
The following table illustrates how governance responsibilities split between platform teams managing A2A metadata and finance teams controlling spend limits. Understanding this division is critical for assigning ownership during implementation.
| Control Dimension | A2A Metadata Layer | Virtual Spend Card Layer | Governance Owner |
|---|---|---|---|
| Identity declaration | name, version, provider fields in agent-card.json |
Agent ID tied to card issuance record and mandate log | Platform / Security |
| Capability scoping | OAuth2 scopes per skill in securitySchemes |
MCC allowlists and per-transaction spend caps | Architecture / Finance |
| Revocation | Remove or update card at /.well-known/ endpoint, flag stale cards | Instant card deactivation via API, single-use cards auto-close after settlement | Security / Finance |
| Audit trail | Gateway-layer HTTP/JSON-RPC logs mapped to agent identity | Immutable mandate log: card creation, use, and closure tied to agent ID | Compliance / Finance |
If you want to automate how these metadata and spend controls stay in sync, see how AI Growth Agent handles card publishing and policy updates.
Ramp Agent Cards in an A2A Workflow
Ramp Agent Cards are built on the Visa Intelligent Commerce standard and provide tokenized, single-use credentials scoped to a specific agent and transaction. Each card carries per-transaction spend limits, MCC allowlists and blocklists, velocity limits expressed as a maximum number of transactions per time window, time-bound expiration, and instant revocation via API. Visa Intelligent Commerce supports controls for agent-initiated transactions, with tokenization replacing the primary account number with a non-reversible, merchant-scoped token.
Integration patterns include API calls for card issuance, MCP server invocations for standardized tool calls, and connections to ERPs such as NetSuite, QuickBooks, Sage, and Xero, which enables agent-initiated transactions with full metadata for reconciliation. An agent operating under an A2A skill declaration for po-creation can request a Ramp Agent Card via MCP, execute the payment within the declared spend policy, and return enriched transaction metadata including agent ID, cost center, and GL tags to the ERP without human intervention at checkout.
To align these Ramp-style controls with your existing A2A discovery layer, walk through an integration review with our team.
Enterprise Governance Frameworks for Agent Cards
An agent catalog serves as the system of record defining approved agents, their roles, permissions, integrations, and guardrails, which enables orchestration of reusable agents across departments. A central catalog can index A2A Agent Cards to support enterprise governance, policy filtering, and capability search, although the A2A protocol does not require a universal registry API.
Least-privilege enforcement maps directly to the skills array. Each skill carries only the OAuth2 scopes it requires, and the gateway layer evaluates those scopes before task acceptance. Authorization creep risk occurs because authorization checks may happen only after a task is accepted. Gateway-layer policy filtering on declared scopes closes that gap and keeps catalog entries aligned with real access. Industry analysts project significant growth in enterprise applications featuring task-specific AI agents, so catalog governance has become a near-term operational requirement rather than a future consideration.
If you need a concrete operating model for this catalog layer, explore how AI Growth Agent structures governed agent catalogs.
Security Best Practices for A2A Agent Cards
The A2A specification requires HTTPS for all production deployments and recommends TLS 1.3 or later with strong cipher suites for both the JSON-RPC/HTTP and optional gRPC bindings. mTLS is the recommended transport-layer control for internal agent-to-agent traffic where both parties are enterprise-managed. OAuth2 client credentials flow covers machine-to-machine authentication for externally reachable endpoints.
Plaintext secrets must never be included in Agent Cards, and credentials are obtained out-of-band via the authentication schemes declared in securitySchemes. Inaccurate, stale, or overly permissive agent cards can lead to unauthorized agent invocation or tool access beyond intended policy, so cards must be reviewed on a defined cadence and any capability not backed by active policy must be removed. The signature verification process described earlier can be automated using the a2a-utils package, which handles canonicalization and JWS validation without custom cryptographic code. The /.well-known/agent-card.json endpoint should be protected with access controls when the card contains sensitive capability or endpoint details not intended for public exposure.
For a structured hardening plan that fits your environment, review your agent discovery endpoints with our security team.
Compliance and Audit Requirements for Agent Cards
Enterprise AI agent platforms can use the NIST AI Risk Management Framework (AI RMF) to help govern risks across the full AI lifecycle. NIST’s COSAiS project is developing SP 800-53 control overlays for securing AI systems, including use and fine-tuning of predictive AI.
AGT conformance at the Baseline level (covering Policy Engine and Audit & Compliance) is presented as the minimum requirement for platforms asserting AI agent governance. GDPR controls apply at the API gateway layer because every agent-to-agent interaction uses standard HTTP/JSON-RPC that falls under existing data residency and processing policies. Required audit log events include card creation, every invocation tied to a specific agent identity, capability updates, and revocation, mapped to the agent’s declared provider and version fields for attribution.
To understand how these frameworks translate into concrete logging and retention rules, learn how we help teams meet SOC 2 and NIST audit requirements.
Implementation Checklist for Production Agent Cards
- Serve the card at the well-known URI. Configure your web server or API gateway to respond to
GET /.well-known/agent-card.jsonover HTTPS withContent-Type: application/json. Protect the endpoint with access controls if the card is not intended for public discovery. - Populate all required v1.0 fields. Include
name,description,version,provider,supportedInterfaces,capabilities,defaultInputModes,defaultOutputModes,skills,securitySchemes,security, andsignatures. - Declare transport endpoints in
supportedInterfaces. Each entry must includeurl,protocolBinding, andprotocolVersionper the v1.0 specification. - Sign the card. Compute a JWS signature over the canonicalized card body (RFC 8785) and include it in the
signaturesarray. - Register with your agent catalog. Submit the card URL to your internal catalog or to Google Cloud Agent Registry for indexed discovery. Verify the file size does not exceed 10 KB.
- Configure llms.txt and Blog MCP. Publish
llms.txtandllms-full.txtso AI surfaces can read the agent’s context. Enable Blog MCP for direct interoperability with AI search surfaces. - Issue spend-card policy. Define per-transaction limits, MCC allowlists, velocity limits, and expiration in your virtual card provider, such as Ramp Agent Cards on Visa Intelligent Commerce. Reference the
revocationEndpointin the card’sspendPolicyextension. - Enable gateway-layer audit logging. Capture every HTTP/JSON-RPC interaction between agents with agent identity, skill invoked, timestamp, and outcome. These logs must then be mapped to NIST AI RMF and SOC 2 controls to satisfy the audit trail requirements described in the Compliance section, or they will not meet certification standards.
- Schedule periodic card review. Audit
skillsandsecuritySchemeson a defined cadence. Remove any capability not backed by active policy. - Monitor bot traffic and citation signals. Use per-endpoint bot tracking to confirm the card is being discovered and invoked as intended, and cross-reference with spend-card transaction logs for reconciliation.
If you want this checklist tailored to your stack and providers, request a customized implementation plan.
How AI Growth Agent Supports Enterprise-Scale Agent Cards
Publishing and maintaining living agent cards at enterprise scale requires the same infrastructure discipline as any authoritative content program. Teams need structured output, validated claims, reliable endpoint configuration, and continuous self-healing as specifications evolve. AI Growth Agent’s Content Topology maps the full universe of agent discovery queries your buyers and partner agents are running, and Search Intelligence surfaces exactly which domains and endpoints are winning each result week over week.
On the technical side, every site AI Growth Agent stands up ships with Agent Card guidance served via /.well-known/, OpenAI discovery configuration, Blog MCP compatible with Chrome 146+ and other WebMCP-enabled browsers, llms.txt and llms-full.txt, and natural language query parameters at /?s={query} that return personalized, internally linked responses to agents passing queries directly into the URL. These features ship in every package and require no engineering hours from the client’s side.
The content itself behaves as a living surface. When the A2A specification updates, when Ramp Agent Cards add new policy parameters, or when NIST publishes revised SP 800-53 overlays for agentic systems, the articles and schema that describe your agent catalog self-heal rather than going stale. Clients see additional AI citations and mentions in the first twelve weeks, with content indexing in as little as ten days. That compounding authority makes your agent cards discoverable not only to human architects reading documentation but also to the AI surfaces and orchestration layers that route tasks to your agents at scale.
To see this end-to-end system in action, review an enterprise deployment of AI Growth Agent for agent card governance.
Frequently Asked Questions
What is the difference between an A2A agent card and a virtual spend agent card?
An A2A agent card is a machine-readable JSON document served at /.well-known/agent-card.json that describes an agent’s identity, capabilities, transport endpoints, skills, and security requirements. Its purpose is agent-to-agent discovery, where a client agent reads the card to determine whether a remote agent can handle a given task and how to authenticate with it. A virtual spend agent card is a programmable payment credential issued to an autonomous agent with controls such as per-transaction limits, merchant category restrictions, velocity caps, and instant revocation. The two constructs operate at different layers. The A2A card governs how agents find and communicate with each other. The spend card governs what those agents are permitted to purchase and on whose budget. Enterprise governance requires both, because an agent that can be discovered but not financially constrained, or financially constrained but not discoverable, creates gaps in either operational reach or spend control.
How do you set up the /.well-known/agent-card.json endpoint in production?
Configure your web server, API gateway, or CDN to serve a static or dynamically generated JSON file at the path /.well-known/agent-card.json over HTTPS, returning Content-Type: application/json. The file must conform to the A2A v1.0 specification and include all required fields: name, description, version, provider, supportedInterfaces, capabilities, defaultInputModes, defaultOutputModes, skills, securitySchemes, security, and signatures. Keep the file under 10 KB if you intend to register with Google Cloud Agent Registry. Protect the endpoint with access controls when the card contains sensitive capability or endpoint details not intended for public discovery. Compute a JSON Web Signature over the canonicalized card body and include it in the signatures array to enable tamper-evident verification. After deployment, submit the endpoint URL to your internal agent catalog and verify the card is reachable from your gateway’s network policy.
What spend controls should enterprises configure on Ramp Agent Cards?
At minimum, configure a per-transaction spend limit that reflects the maximum value of a single autonomous purchase the agent is authorized to make. Add an MCC allowlist restricted to the merchant categories relevant to the agent’s function, such as software subscriptions or cloud infrastructure, and block all other categories by default. Set a velocity limit expressed as a maximum number of transactions per time window to prevent runaway spend loops. Apply a time-bound expiration date aligned to the agent’s operational lifecycle or the budget period. Enable instant revocation via the provider’s API and store the revocation endpoint in your agent card’s spend policy extension so it is accessible to your incident response workflow. For high-frequency or high-value agents, consider single-use card issuance per transaction, which automatically closes after settlement and eliminates overspending risk entirely. All card actions, including creation, use, and closure, should be tied to the agent’s declared identity and logged to an immutable audit record for finance and compliance reconciliation.
Which compliance frameworks apply to enterprise agent card deployments?
The primary frameworks are the NIST AI Risk Management Framework, which maps and mitigates risks across the full AI lifecycle, and NIST’s developing SP 800-53 control overlays for single-agent and multi-agent use cases that cover least-privilege tool access, agent action containment, and chain-of-custody logging. The OWASP Top 10 for Agentic Applications 2026 classifies agent cards as risk-bearing assets requiring governance controls, and SOC 2 Type 2 is the baseline certification for platforms providing AI agent governance. GDPR and data residency controls apply at the API gateway layer because all A2A traffic uses standard HTTP/JSON-RPC. For organizations handling financial data, PCI-DSS controls apply to spend card issuance and transaction logging. Required audit log events across all frameworks include agent card creation, every skill invocation tied to a specific agent identity, capability updates, and revocation, with attribution to the card’s declared provider and version fields.
How does AI Growth Agent help enterprises publish and maintain agent cards without additional headcount?
AI Growth Agent ships Agent Card guidance via /.well-known/, Blog MCP, llms.txt, llms-full.txt, and OpenAI discovery configuration as part of every package, with no engineering work required from the client. The Content Topology maps the full universe of agent discovery and AI procurement queries relevant to your market, and Search Intelligence refreshes that picture weekly so your team sees exactly which endpoints and domains are winning each result. Content describing your agent catalog, governance framework, and implementation patterns is produced as living, self-healing articles that update automatically when specifications change, which keeps your authoritative surface current without a content team managing it. The result is that enterprise architects and heads of AI platforms can publish, maintain, and compound authority around their agent card infrastructure on autopilot, with incremental visibility reporting that isolates exactly what AI Growth Agent generated week over week.