Skip to content

A2A compliance: the full funnel

Every directory shows you a count. We show you what happens at every step from "candidate URL discovered" to "agent actually responds." This is the data nobody else publishes.

The funnel

4242
Candidates discovered
From 9 public sources
1341
HTTP 200
Server returned something
2799
Valid AgentCard
Schema-validated A2A v1.0
242
Live JSON-RPC
Actually operational

Real agents, but un-probeable by us

95 of the 4242 candidates returned 401/403 on the agent-card URL. Some of these are stale URLs in our discovery feed that happen to point at credentialed endpoints (CDN paths, admin pages, etc.); others are real agents whose card requires authentication. Both count as "agent exists," but we can't anonymously probe them.

Auth-gated (401/403) 68 1.6%

Real agent — but the card requires credentials we don't have. Counts as 'agent exists' but un-anonymously-probeable.

Auth-gated (401/403) 27 0.6%

Real agent — but the card requires credentials we don't have. Counts as 'agent exists' but un-anonymously-probeable.

Why most candidates didn't return a valid agent card

2806 of the 4242 candidates failed at the card-fetch step (404, server error, network failure, or returned 200 but with invalid card body). Almost none of this is our bug; it's stale URLs in upstream discovery feeds.

HTTP 404 1494 35.2%

URL has no agent card. These are mostly repos/sites that talk about A2A but don't actually serve /.well-known/agent-card.json.

Network failure 1128 26.6%

DNS failed, connect refused, hard timeout, or blocked by safety policy. The host is dead or our crawler couldn't reach it.

Server error (503) 37 0.9%

Their server is currently broken. Could recover; we re-probe in cold tier.

HTTP 400 22 0.5%

Non-2xx response on the agent-card URL.

Server error (530) 21 0.5%

Their server is currently broken. Could recover; we re-probe in cold tier.

HTTP 410 19 0.4%

Non-2xx response on the agent-card URL.

Server error (502) 17 0.4%

Their server is currently broken. Could recover; we re-probe in cold tier.

HTTP 402 17 0.4%

Non-2xx response on the agent-card URL.

Rate-limited (429) 13 0.3%

Provider throttled our crawler — we'll back off and retry.

HTTP 421 12 0.3%

Non-2xx response on the agent-card URL.

Server error (500) 9 0.2%

Their server is currently broken. Could recover; we re-probe in cold tier.

HTTP 405 8 0.2%

Non-2xx response on the agent-card URL.

Server error (525) 3 0.1%

Their server is currently broken. Could recover; we re-probe in cold tier.

Server error (520) 2 0.0%

Their server is currently broken. Could recover; we re-probe in cold tier.

Server error (526) 1 0.0%

Their server is currently broken. Could recover; we re-probe in cold tier.

Server error (522) 1 0.0%

Their server is currently broken. Could recover; we re-probe in cold tier.

Server error (521) 1 0.0%

Their server is currently broken. Could recover; we re-probe in cold tier.

HTTP 406 1 0.0%

Non-2xx response on the agent-card URL.

Of the 2799 valid cards: who actually responds?

Not yet probed: 1655 cards · 59.1%: Indexed but live-probe hasn't run yet (e.g. recently added).

Not yet probed 1655 59.1%

Indexed but live-probe hasn't run yet (e.g. recently added).

Examples
Non-compliant response 397 14.2%

Endpoint returned HTTP 200 but the body isn't a valid JSON-RPC 2.0 A2A response.

Examples
Responds to JSON-RPC 242 8.6%

Agent endpoint accepts message/send and returns a valid A2A response.

Examples
Unreachable 202 7.2%

DNS failed, connection refused, or hard timeout — host might be down.

Examples
Endpoint missing 199 7.1%

Card declares a URL, but that URL returns HTTP 404. Card claim mismatch.

Examples
Auth required 85 3.0%

Agent exists and responds, but requires credentials (401/403). Real but non-anonymous.

Examples
Server error 12 0.4%

Endpoint exists but currently returns 5xx errors — likely unhealthy.

Examples
No URL declared 6 0.2%

Agent card is valid but has no .url field — can't be called directly.

Examples
Not yet probed 1 0.0%

Indexed but live-probe hasn't run yet (e.g. recently added).

Examples

Are there really this few agents?

Short answer: publicly, yes. For now. A2A v1.0 only hit Linux Foundation in March 2026. The publicly-discoverable surface of the agent web in May 2026 is genuinely in the low hundreds. The rest of the iceberg sits in places our crawler can't reach:

  • Enterprise / auth-gated deployments: agents at Salesforce, ServiceNow, SAP, Workday, etc. Real, but listed in their own private directories. Our crawler sees their 401/403 buckets above.
  • Agents without .well-known/agent-card.json: A2A 1.0 allows discovery via the spec's authenticated extended card flow or direct config-handoff between agents. Those are invisible to anonymous probes.
  • Closed-net deployments: agents running inside corporate VPNs / private VPCs / Cloudflare Access. They use A2A internally but aren't on the public internet.
  • Vendor-locked PaaS: Cloud Run / Vercel / Lambda deployments without a discoverability advertisement.

What we DO capture: essentially every public A2A agent listed in registries, awesome-lists, GitHub topics, Certificate Transparency for A2A subdomains, and the official a2aregistry.org. The crawler runs every 6 hours and tiered recrawls keep the working set fresh within 15 minutes for high-quality agents.

Trust is our wedge. Other directories list agents without testing them and end up with 0–4% of "listed" agents actually working (community study). We publish the funnel transparently so you know exactly what you're looking at.