Agent Discovery
Fleet card (well-known endpoint)
The fleet card is the primary discovery mechanism. It returns all A2A-visible agents for a tenant in a single HMAC-signed response — no authentication required:
# Well-known discovery endpoint (no auth required)
curl https://api.cendriix.ai/.well-known/agent-card.json \
-H "X-Tenant-Id: <your-tenant-id>"The fleet card is also available at the /a2a/agent-card endpoint with HMAC signature verification:
# Tenant fleet card with HMAC signature
curl https://api.cendriix.ai/a2a/agent-card \
-H "X-Tenant-Id: <your-tenant-id>"Cards are cached with Cache-Control: public, max-age=60. Only agents with tenant or external visibility appear in the fleet card.
Listing available agents
curl https://api.cendriix.ai/v1/a2a/agents \
-H "Authorization: DPoP $ACCESS_TOKEN"{
"agents": [
{
"id": "agt_01HZ...",
"slug": "code-reviewer",
"name": "Code Reviewer",
"description": "Performs security and quality code reviews",
"skills": ["code-review", "security-audit", "best-practices"],
"a2aVisibility": "tenant",
"inputModes": ["text/plain"],
"outputModes": ["text/plain", "application/json"]
}
]
}Reading agent cards
Agent cards follow the A2A v1.0 specification:
curl https://api.cendriix.ai/v1/a2a/agents/code-reviewer/card \
-H "Authorization: DPoP $ACCESS_TOKEN"{
"card": {
"name": "Code Reviewer",
"description": "Performs security and quality code reviews",
"url": "https://api.cendriix.ai/v1/a2a",
"version": "1.0.0",
"capabilities": {
"streaming": true,
"pushNotifications": true,
"stateTransitionHistory": true
},
"skills": [
{
"id": "code-review",
"name": "Code Review",
"description": "Reviews code changes for quality, security, and best practices"
}
],
"authentication": { "schemes": ["bearer", "dpop"] }
},
"signature": "eyJ0eXAiOiJKV1Qi...",
"signedAt": "2026-06-21T10:00:00Z",
"keyId": "key_01HZ..."
}Agent cards are cryptographically signed (Ed25519 JWS). Outbound clients should verify the signature before trusting the card contents.
Agent visibility
| Visibility | Who can see | Fleet card |
|---|---|---|
internal | Only the owning tenant (not served via public API) | Not included |
tenant | Only tokens whose tenantId matches | Same-tenant fleet card |
external | Any holder of a valid, scoped token | Public fleet card |
See Visibility & Helix for how to configure agent visibility.
Last updated on