AgentVault on PyPI: Building Blocks for Standardized Agent-to-Agent (A2A) Communication

Raphael Jeziorny — Tue, 15 Apr 2025 04:52:26 +0000

Sharing progress on AgentVault, an open-source ecosystem I've been building for AI Agent-to-Agent (A2A) communication. The core client library (agentvault), CLI (agentvault-cli), and server SDK (agentvault-server-sdk) are now available on PyPI! 🚀

The goal is to provide a standardized and secure foundation for AI agents to discover and interact with each other. The current implementation aligns with emerging A2A concepts (JSON-RPC over HTTP/SSE) and includes:

agentvault Library: An async Python client with secure credential management (KeyManager supporting env, file, OS keyring) and Agent Card parsing.
agentvault-cli: A command-line tool for key config, agent discovery via the registry, and running A2A tasks.
agentvault-registry: A FastAPI/PostgreSQL backend serving as the central discovery hub (API + basic UI).
agentvault-server-sdk: Helpers (like create_a2a_router) to easily build A2A-compliant agent servers using FastAPI and Pydantic.

By enabling standardized interoperability, AgentVault aims to unlock opportunities for more complex multi-agent workflows, specialized agent services, and a more connected AI ecosystem overall.

The foundation is laid, and the focus now shifts to refinement, more examples, and documentation. Developer feedback is highly welcome as the project and A2A standards evolve!

Explore the initial documentation & components:
https://secureagenttools.github.io/AgentVault/

Stop Sharing API Keys! Announcing AgentVault v0.1.0 - Open Source Toolkit for Secure AI Agent Comms (A2A/MCP)

Raphael Jeziorny — Sun, 13 Apr 2025 02:37:13 +0000

Hey Developers!

Anyone else feeling the API key fatigue? Every new AI model, every cool specialized agent seems to want your powerful (and expensive!) OpenAI, Anthropic, or other keys. Stashing them in .env files across projects feels messy, and sharing them with third-party agent services feels... well, risky. On top of that, getting different agents to actually talk to each other consistently is still like the wild west.

That's exactly why I started building AgentVault! It's my attempt to bring some structure, security, and interoperability to this space, and I'm excited to share the first release (v0.1.0) as an open-source project.

GitHub: https://github.com/SecureAgentTools/AgentVault
Core Library on PyPI: pip install agentvault

The Core Idea: Decentralize Keys, Standardize Talk

AgentVault is built on a few key principles:

Your Keys Stay Local: Your primary, high-value API keys never leave your machine. The system is designed so you manage them locally, and they aren't uploaded or exposed to a central service.
Standardized Communication (A2A & MCP): Interactions are based on the concepts emerging in the Agent-to-Agent (A2A) protocol for task lifecycle and messaging, combined with the Model Context Protocol (MCP) for passing structured context between your client and the agent.
Open Discovery (Metadata Only): A central registry allows developers to publish "Agent Cards" (metadata describing their agent's capabilities, endpoint, and its own required auth), but the registry only handles this metadata. No keys, no execution logic.

What's in v0.1.0?

This initial release provides the foundational pieces:

agentvault (Python Library): The heart of the system (pip install agentvault).
- KeyManager: A utility class to securely load API keys from environment variables, .env/.json files, or your OS keyring (via keyring integration - pip install agentvault[os_keyring]). It handles the loading priority so your app code doesn't have to.
- AgentVaultClient: An httpx-based async client implementing the client-side logic for the A2A protocol (based on current drafts/understandings). It handles initiating tasks, sending/receiving messages (including SSE streaming for updates), checking status, and terminating tasks.
- A2A/MCP Models: Pydantic models defining the structure of Agent Cards, A2A messages/events, and basic MCP context embedding.
- agent_card_utils: Helpers for parsing and fetching Agent Card JSON.
agentvault-registry (Backend API):
- A FastAPI application (using AsyncPG, SQLAlchemy, Alembic) that serves as the discovery registry.
- Provides REST endpoints for developers (authenticated via registry-specific keys) to submit/manage Agent Cards and public endpoints for anyone to list/search/retrieve card metadata.
- Live Dev Instance: A free-tier instance is running at https://agentvault-registry-api.onrender.com. Note: It spins down after inactivity and the first request might take ~30-50s to wake it up! Use it for testing discovery.
agentvault-cli (Reference CLI):
- A command-line tool built with Click/Rich that uses the agentvault library.
- Demonstrates key management (config set/get/list), agent discovery via the registry (discover), and running tasks on remote agents (run). (Currently installable from source via the repo).

Enabling Multi-Agent Systems?

While AgentVault doesn't provide agents or orchestration logic itself, it lays the groundwork for building more complex systems securely. Imagine a coding assistant:

The main tool (e.g., an IDE extension) uses agentvault's KeyManager to access the user's local OpenAI key.
It discovers specialized agents (code gen, testing, linting) via the agentvault-registry.
It uses AgentVaultClient to interact with each agent via the standard A2A protocol.
It passes code snippets, file context, or results from one agent to another using MCP embedded in A2A messages.

AgentVault handles the secure key loading and the standardized communication plumbing, letting developers focus on the agent capabilities and orchestration logic.

It's Early Days - Feedback Needed!

This is v0.1.0, so expect rough edges and evolving protocols! I'd be incredibly grateful for feedback from the community:

Does the KeyManager approach solve a real problem for you?
Is the AgentVaultClient API intuitive for A2A interactions?
How well does the implementation align with your understanding or needs for A2A/MCP?
What's missing? What would make this more useful for building or using agents?

Check out the repository, give it a star if it looks interesting, try out the library or CLI (using the live registry or the included mock server example), and please open issues or discussions with your thoughts!

GitHub: https://github.com/SecureAgentTools/AgentVault

Thanks for reading! Let's build a more secure and interoperable AI agent future together.

DEV Community: Raphael Jeziorny

AgentVault on PyPI: Building Blocks for Standardized Agent-to-Agent (A2A) Communication

Stop Sharing API Keys! Announcing AgentVault v0.1.0 - Open Source Toolkit for Secure AI Agent Comms (A2A/MCP)