vision
The A2A stack: agent-to-agent commerce
Agents calling agents, paying for API access, and verifying each other's outputs. This is agent-to-agent commerce, and it needs new infrastructure.
Jithin Raj, Founder2025-12-032 min read
The problem: agents cannot coordinate
AI agents are already calling APIs, browsing websites, and executing code. But when Agent A needs to use Agent B's service, fundamental questions arise:
- How to discover AI policy and pricing?
- How to pay without human intervention?
- How to verify work was performed?
- How to maintain audit trails?
The A2A stack
The A2A (agent-to-agent) stack describes the layers needed for autonomous agent commerce. Each layer addresses a specific coordination problem:
- Layer 1, AI policy discovery. Agents discover bot policy, crawling rules, and terms at
/.well-known/peac.txt. - Layer 2, access control (HTTP 402). Gated endpoints return 402 with payment instructions (x402, Stripe).
- Layer 3, receipts. Every transaction returns a signed, verifiable record as proof.
- Layer 4, provenance. Chain of records creates auditable lineage for compliance.
An A2A transaction flow
How a complete agent-to-agent transaction works with PEAC:
- Policy check. Agent A fetches
/.well-known/peac.txtto discover crawling policy and payment options. - Access request. Agent A calls Agent B's API endpoint.
- 402 response. Agent B returns HTTP 402 with payment details.
- Payment. Agent A pays via configured method (x402, Stripe).
- Receipt. Agent B processes request and returns a signed record in headers.
- Verification. Agent A or operator verifies record at the verify endpoint.
Why records matter
In human-to-business transactions, receipts are obvious: email confirmations, PDF invoices, bank statements. Agent-to-agent transactions need the same thing, but machine-readable.
- Proof of service. Cryptographic evidence of work performed.
- Audit trail. Operators review agent spending.
- Review and reconciliation. Shows exactly what was delivered.
- Compliance. Bundled for regulatory reporting.
Getting started
If you are building agent infrastructure:
- Start with PEAC Protocol to declare your AI access policy.
- Add HTTP 402 to paid endpoints. See What is HTTP 402?
- Return signed records from your API responses.
- Use Downloads (CLI, SDK) for record verification.