AegisGate Platform v2.0.0 — A2A Security is Here
Announcing AegisGate v2.0.0 with Agent-to-Agent security guardrails, completing the trifecta of AI API, MCP, and A2A protection.
AegisGate Platform v2.0.0 — A2A Security is Here
We are proud to announce AegisGate Security Platform v2.0.0, the first release that brings Agent-to-Agent (A2A) security guardrails to the open-source world. This major version completes the trifecta: HTTP API security, MCP protocol protection, and A2A agent security — all in a single platform.
🎯 What’s New in v2.0.0
| Feature | Description |
|---|---|
| A2A Guardrails Middleware | mTLS authentication, HMAC-SHA256 integrity verification, per-agent capability enforcement, token-bucket rate limiting, and optional license validation |
| Prometheus Metrics | aegisgate_a2a_license_failures_total, aegisgate_a2a_auth_failures_total, aegisgate_a2a_integrity_failures_total, aegisgate_a2a_capability_denials_total |
| Configuration | configs/a2a.yaml (secret & rate-limit) and configs/a2a_caps.yaml (agent-capability map) |
| Full Test Suite | Unit tests for mTLS auth & integrity, plus integration tests covering all guardrail paths |
| Production Router Integration | A2A middleware wired into the main proxy router with graceful fallback and license-aware enforcement |
| Docker Image | Multi-arch image (ghcr.io/aegisgatesecurity/aegisgate-platform:latest), ready for production |
🛡️ The A2A Guardrails
A2A traffic is the weakest link in AI pipelines — agents exchange tool commands and data without strong guarantees. With A2A v2.0.0 you now have:
Zero-Trust Agent Authentication (mTLS)
Every agent must present a valid client certificate. The Common Name (CN) becomes the agent identity for all downstream enforcement. No certificate = no access.
Cryptographic Integrity (HMAC-SHA256)
Every request body is signed with a shared secret. Tampering is detected immediately — if the signature doesn’t match the body, the request is rejected.
Per-Agent Capability Enforcement
Each agent is assigned a set of capabilities it’s authorized to use. If an agent tries to call a tool it doesn’t have permission for, the request is denied with a clear error. Capability sets are defined in configs/a2a_caps.yaml.
Token-Bucket Rate Limiting
Prevents any single agent from overwhelming the platform. Configurable capacity, refill rate, and interval per deployment.
License-Aware Enforcement
A2A guardrails integrate with the license system. Developer+ tiers can require the A2A-License header for additional validation.
Full Observability
Prometheus metrics track every guardrail event: authentication failures, integrity failures, capability denials, and license failures. Import the Grafana dashboard and start monitoring immediately.
📦 Quick-Start (Docker)
# Pull and run with A2A enabled
docker run -d \
-p 8080:8080 \
-p 8081:8081 \
-p 8443:8443 \
-v $(pwd)/data:/data \
-e AEGISGATE_A2A_ENABLED=true \
ghcr.io/aegisgatesecurity/aegisgate-platform:latest
The Community tier (free forever) is enabled automatically — no license key required.
🧪 Try the A2A Demo
# 1. Enable A2A in your environment
export AEGISGATE_A2A_ENABLED=true
# 2. Generate a self-signed client cert
openssl req -newkey rsa:2048 -nodes -keyout client.key \
-x509 -days 365 -out client.crt \
-subj "/CN=demo-agent"
# 3. Sign a request using the shared secret
SECRET="aegisgate-a2a-default-secret-change-me"
BODY='{"msg":"hello"}'
SIG=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64)
# 4. Call the A2A echo endpoint
curl -v \
--cert client.crt --key client.key \
-H "A2A-Signature: $SIG" \
-H "A2A-Capability: demo-capability" \
-d "$BODY" \
http://localhost:8080/a2a/echo
Check Prometheus metrics at http://localhost:8443/metrics — you’ll see counters increment as you exercise the API.
🔗 A2A → MITRE ATLAS Mapping
A2A guardrails map directly to MITRE ATLAS adversarial techniques:
| A2A Guardrail | ATLAS Technique | Mitigation |
|---|---|---|
| mTLS Authentication | T1.1 — Recon, T5.2 — Credential Theft | Zero-trust identity verification |
| HMAC Integrity | T3.2 — Poison Training Data, T4.1 — Craft Adversarial Input | Cryptographic tamper detection |
| Capability Enforcement | T6.1 — ML Supply Chain, T8.1 — Model Theft | Least-privilege per-agent authorization |
| Rate Limiting | T9.2 — DoS against AI | Token-bucket throttling per agent |
| License Validation | T9.3 — Evade Model | Tier-aware enforcement |
🏆 Why This Matters
AegisGate is the first mover offering a production-ready A2A security stack. While existing AI security tools focus on HTTP APIs or prompt filtering, AegisGate covers the complete attack surface:
- HTTP API traffic → 144+ detection patterns, bidirectional scanning
- MCP protocol → 8 guardrails, session isolation, tool authorization
- A2A multi-agent → mTLS, HMAC, capability enforcement, rate limiting
One platform. Three protocols. Complete AI security.
📣 What’s Next
- A2A capability persistence — move from in-memory YAML to database
- Agent registry & trust scoring — reputation-based agent authorization
- Task ACLs — fine-grained permissions per A2A task type
- Artifact validation — verify data exchanged between agents
- Grafana dashboards — ready-made for your monitoring stack
Thank you to all contributors and early testers — your feedback made this release possible!
Author: AegisGate Security Published: 2026-05-05 Tags: release, a2a, agent-security, mcp, mitre-atlas