Agentic Architectures · MCP & A2A

The protocols beneath the agents

Most enterprise AI conversations argue about model choice. The harder questions are about what the model is allowed to touch, how it talks to other agents, and what that wiring leaves auditable. A field view of MCP and A2A in production.

Most conversations about enterprise AI in 2026 still open with the model. Which provider. Which size. Which benchmark. We sit in those rooms and quietly wait for the part that actually decides whether the program ships, which is almost never about the model.

It is about the wiring.

An agent in production is mostly not a model. It is a piece of software that calls tools, reads from indexes, hands work to other agents, takes input from systems it does not own, and tries not to do anything irreversible while doing it. The model is the easy part. It is a checkpoint sitting on someone's GPUs, and you will swap it twice this year without much drama. What you cannot swap is the wiring that connects it to your enterprise. And the wiring is where the next several years of failed AI programs are going to come from.

Two pieces of that wiring matter more than the rest right now. Model Context Protocol, and Agent-to-Agent. MCP and A2A. Neither is fully stable in the way HTTP is stable. But the patterns underneath them are now load-bearing for how enterprises will compose AI for the next decade, and they are worth understanding before you commit a budget to anything else.

What MCP and A2A are actually for

The simplest framing we use with customers is that MCP is how an agent reaches out, and A2A is how agents talk to each other.

MCP standardizes the way a model talks to tools, data sources, and capabilities outside itself. Before MCP, every integration was custom prompt scaffolding stitched into custom function calls stitched into custom auth glue. Every tool was a snowflake. Every team rebuilt the same plumbing to talk to a database, a ticketing system, or a knowledge index. MCP turns that into a connector model. The agent discovers what tools are available, what they take, what they return, and what they are allowed to do.

A2A standardizes the way agents talk to each other. An investigation agent needs to ask a claims agent a question. A sourcing agent needs to consult a compliance agent before issuing a recommendation. Without a protocol for that conversation, multi-agent systems either dead-end at one agent or get welded together by orchestrators that nobody can debug six months in. A2A names the call, the context, the identity, the authority, and the trace.

Put both together and you have an agent that can reach into the enterprise in a governed way, and reach across other agents in a coordinated way. That is more than half of what an enterprise AI architecture actually has to do. The rest is the model.

Three things we keep seeing in production

We work on these wires every week. Three patterns keep recurring.

The first is that integration sprawl is the silent tax. A program without an MCP-shaped discipline ends up with a tool-call topology that nobody can audit. We have walked into environments with eighteen agentic prototypes, each carrying its own bespoke connection to the same CRM. Every one of those connections is a separate place an auditor will want a story about, and a separate place where authorization can drift. MCP does not eliminate that work. It gives the work somewhere coherent to live.

The second is that multi-agent systems do not gracefully emerge. They have to be designed. A2A is what lets that design exist. Without it, you get one of two failure modes. Either a single megalith agent doing too many things because dividing it required protocol nobody wanted to invent, or a hand-coded orchestrator that becomes the most fragile component in the stack. Neither is the future. Composable, addressable agents that can negotiate and decline are the future, and that future runs on something that looks like A2A.

The third is that the governance question has moved. It used to be "what did the model say?" and the answer fit on a log line. It is now "what was the model allowed to touch, who else did it talk to, in what order, and what did each of those parties contribute to the outcome?" That is not a log line. That is a graph. The graph only exists if the wire protocol made it exist.

Model choice is portable. The wiring is not. That asymmetry is where AI architecture decisions actually carry weight.

Four design tensions we resolve on every project

Once you treat MCP and A2A as architectural decisions instead of integration details, four tensions surface immediately. None have clean answers. All of them have wrong ones.

1. Capability surface vs. blast radius

The more tools an agent can reach, the more useful it is, and the more dangerous a confused agent becomes. The instinct is to register everything and let the model figure it out. The discipline is to register only what a particular agent role actually needs. Capability scoping is the first place A2A and MCP either succeed or quietly leak authority. We default to per-agent tool registries with explicit allowlists, and we resist the urge to share one big registry across roles. The convenience is not worth the blast radius.

2. Latency vs. determinism

A multi-hop agentic call is fundamentally slow. Model decides, calls tool, summarizes, calls another agent, waits for a structured reply, decides again. The temptation is to streamline by collapsing hops, baking decisions into the prompt, or pre-fetching tool results in parallel. Each of those moves trades determinism for speed. Sometimes that is the right trade. Often it is the trade that costs you the ability to explain what happened. Make the trade explicitly, per workflow, and keep the deterministic path available for the workflows where a regulator will eventually want a transcript.

3. Discoverability vs. governance

MCP makes it tempting to expose a long catalog of tools and let the agent pick. That works at small scale and breaks at enterprise scale. A vendor index with a thousand tools, served to an agent through a context window, is not discoverability. It is noise. Worse, it is uncontrolled surface area. The right pattern is curated tool sets per agent role, with the catalog living behind a governance step that says who gets what and why. Discoverability is for the developer. Governance is for the runtime.

4. Open interop vs. enterprise control plane

MCP and A2A are interop standards. Enterprises run control planes. Those two things are in productive tension, not opposition. The standards make agents portable across providers. The control plane makes them defensible to a CISO. A reasonable architecture uses the standards as the wire format and the control plane as the policy layer that decides which wires are allowed to carry what, between whom, with which identity attached. Neither half of that statement is optional.

A useful test

If your agent performs a tool call tomorrow and an auditor asks for the trace a week later, can you produce: which tool was called, by which agent role, under whose identity, with what authority, against which version of the tool definition, and which policy state was in effect? If yes, you have a wire layer. If no, you have integrations.

What good looks like at the wire

We do not publish the inside of our solution designs, and we are not going to here. There are a few things we will say about the shape of a wire layer we trust.

The tool registry is a first-class governance object. It is versioned. It is reviewed. Adding a tool to an agent's reachable set is a deliberate act, not a side effect of a prompt change. Anyone who has shipped a regulated workflow understands why this matters.

Identity and authorization flow with the call. The agent does not call a tool as itself. It calls as a delegated identity carrying the original user's authority, scoped down to what the policy permits. When an A2A handoff occurs, that identity carries forward. The agent on the other side knows who is asking, on whose behalf, with what authority. Without this, every multi-agent system becomes a confused-deputy problem waiting for the wrong day.

The audit chain spans MCP and A2A. A single decision often interleaves model calls, tool calls, and agent handoffs. The audit must read end-to-end, not as three fragmented logs in three separate systems. If a regulator asks why an outcome happened, the answer assembles from one trace, not three.

Versioning treats the wire as primary. The model version matters, but so do the tool definitions, the connector versions, and the policy state at the moment of the call. All of it gets pinned. All of it gets reproducible. The "what was the system at the moment of the decision" question has to be answerable on demand, or the program is not running. It is improvising.

Why we keep returning to this

Because the model conversation is going to keep getting easier, and the wire conversation is going to keep getting harder.

Model performance will continue to converge. Cost will continue to fall. Provider choice will become a fact about your procurement, not your architecture. The differences between agents in 2027 are not mostly going to be about which model is inside them. They will be about which tools the agent can reach, who else it can talk to, what authority it carries, and what trace it leaves.

That is an MCP question. It is an A2A question. It is also a governance question, an identity question, and a control plane question, all wearing protocol clothing. We treat it as the foundation of the architecture because it is, and because nothing further up the stack survives an unprincipled wire layer underneath.

Pick the model later. Get the wires right first.


MTekLabs is a boutique AI firm that designs, deploys, and governs reusable agentic AI services for government and commercial enterprises. We build platforms that are auditable by design and human-in-the-decision-loop where it matters.

Wiring up an agentic system across your enterprise?

We would be glad to walk through where we would put the protocol seams in your environment.

Talk to us →
← All articles MTekLabs · Operationalizing Cognitive Intelligence