VORIM
We use cookies

We use cookies to analyze site traffic and improve your experience. You can choose to accept all cookies or only essential ones. See our Privacy Policy.

A2AIntegrationTrustOpen Protocol

Introducing @vorim/a2a: The Identity and Trust Layer for Google's A2A Protocol

K
Kwame Nyantakyi
April 15, 2026 · 7 min read
Share

Agents Can Talk. But Can They Trust?

Google's Agent-to-Agent Protocol (A2A) is one of the most important infrastructure developments in the AI agent ecosystem. Backed by the Linux Foundation and supported by Salesforce, SAP, PayPal, LangChain, and 50+ partners, A2A solves a critical problem: how agents built on different frameworks, by different companies, can discover each other and collaborate.

But A2A solves communication. It doesn't solve trust.

When Agent A discovers Agent B's Agent Card and decides to send it a task, there's no way to answer these questions:
  • Is Agent B actually who it claims to be?
  • What's Agent B's track record? Has it behaved reliably in the past?
  • Does Agent B have the right permissions for this interaction?
  • If something goes wrong, is there a tamper-proof record of what happened?

These aren't theoretical concerns. They're the questions every enterprise security team will ask before allowing A2A interactions in production.

Today we're releasing @vorim/a2a, an open-source identity and trust layer for the A2A Protocol. Available on npm and PyPI.

What @vorim/a2a Does

The integration extends A2A Agent Cards with Vorim's cryptographic identity and trust scoring. Three core capabilities:

1. Agent Card Identity Extension

Every A2A Agent Card can now include a vorimIdentity field containing the agent's Ed25519 public key fingerprint, live trust score, granted permission scopes, and verification URLs.

{
  "name": "research-agent",
  "url": "https://my-agent.example.com",
  "skills": [...],
  "vorimIdentity": {
    "agentId": "agid_abc123",
    "publicKeyFingerprint": "a3f2...e91c",
    "trustScore": 82,
    "status": "active",
    "scopes": ["agent:read", "data:read"],
    "verifyUrl": "https://vorim.ai/v1/trust/verify/agid_abc123",
    "badgeUrl": "https://vorim.ai/v1/trust/badge/agid_abc123.svg",
    "verifiedAt": "2026-04-15T12:00:00Z"
  }
}

The verifyUrl is the key design decision. When an agent receives a card with a self-reported trust score of 82, it shouldn't just trust that number. It should call the public Trust API to verify the live score. Self-reported claims are marketing. Independently verifiable claims are security.

2. Live Trust Verification

Before interacting with another agent, query Vorim's public Trust API to verify their actual trust score, not the score they put on their card:

import { createVorimA2A } from '@vorim/a2a';

const a2a = createVorimA2A({ apiKey: 'agid_sk_...' });

const result = await a2a.verifyAgent(incomingAgentCard);
if (result.trusted) {
  console.log('Agent verified with score ' + result.score);
} else {
  console.log('Rejected: ' + result.reason);
}
Verification checks three things:
  • Status: Is the agent active (not suspended or revoked)?
  • Trust score: Does it meet your minimum threshold?
  • Scopes: Does it have the permissions required for this interaction?

3. Middleware for Automatic Verification

Wrap your A2A request handlers with Vorim middleware to automatically verify incoming agents before your code runs:

const handler = a2a.middleware({
  minTrustScore: 70,
  requiredScopes: ['data:read'],
})(async (req) => {
  // Only reached if the sending agent:
  // - Has a trust score >= 70
  // - Has the data:read permission
  // - Is in 'active' status
  return { status: 'ok' };
});

If the agent fails verification, a VorimA2AError is thrown with the specific reason (low trust score, missing scope, suspended status). Every verified interaction is automatically logged as an audit event.

Why This Matters

A2A is going to become the standard for agent interoperability. But interoperability without trust is just a new attack surface.

Consider this scenario: You deploy an A2A agent that handles customer data. Another agent discovers yours via the protocol and sends it a task. Without identity verification, your agent has no way to know if the sender is:
  • A legitimate agent from a partner organization
  • A test agent that accidentally went to production
  • A malicious agent probing for vulnerabilities
  • An agent that was trustworthy last week but has been compromised since

The A2A protocol deliberately doesn't prescribe how agents should handle trust. The spec says agents "interact without needing to share internal memory, tools, or proprietary logic, ensuring security." But that security is at the transport layer (TLS). It doesn't cover identity or behavioral trust.

@vorim/a2a fills that gap.

The Trust Score

Vorim's trust score is a 0-100 number computed from five behavioral factors:
  • Status (20%): Active agents score full marks. Suspended agents get partial credit. Revoked agents score zero.
  • Age (20%): Agents with longer operational history score higher. Logarithmic curve with diminishing returns after 90 days.
  • Success Rate (25%): Ratio of successful actions to total actions. Requires minimum 10 events to activate.
  • Denial Ratio (20%): Inverse of permission denial rate. Agents that frequently attempt unauthorized actions score lower.
  • Scope Breadth (15%): Number of granted scopes normalized against total available. Broader permissions suggest greater organizational trust.

The score is publicly queryable via the Trust API and updates in real time as new events come in. This means an agent's trust score reflects its actual behavior, not a static configuration.

Python Too

The A2A integration ships in both TypeScript and Python:

from vorim.a2a import VorimA2A

a2a = VorimA2A(api_key="agid_sk_...")

# Extend your Agent Card
card = a2a.extend_agent_card(base_card, agent_id="agid_abc123")

# Verify an incoming agent
result = a2a.verify_agent(incoming_card, min_trust_score=60)

# Decorator middleware
@a2a.middleware(min_trust_score=70)
def handle_task(request):
    return {"status": "ok"}

Open Standards, Not Vendor Lock-In

We built this as an open integration, not a proprietary gate. The vorimIdentity extension is an optional field on the Agent Card. Agents without it can still interact normally. Agents with it get the additional trust layer.

This aligns with our broader standardization work. We filed an IETF Internet-Draft (draft-nyantakyi-vaip-agent-identity-01) defining how agent identity, permissions, and trust should work across any platform. We've also submitted to the W3C Credentials Community Group and OpenID Foundation.

A2A solves how agents communicate. VAIP solves how agents trust. Together, they form the foundation for secure, interoperable multi-agent systems.

Get Started

TypeScript: 
npm install @vorim/a2a
Python: 
pip install vorim>=3.1.0

Full documentation: vorim.ai/docs GitHub: github.com/Vorim-AI-Labs/vorim-ai A2A Protocol: a2a-protocol.org

If you're building with the A2A Protocol and thinking about agent trust, we'd love to hear from you. Book a call at vorim.ai/contact or reach out at team@vorim.ai.

Found this useful? Share it.

Share

Ready to build with agent identity?

Free plan: 3 agents, 10K auth events/month, full SDK access. No credit card.