Discovery
Every AAP-compliant dealer agent publishes an A2A v1.0 agent card at the well-known URL on its own domain:
GET https://{dealer-domain}/.well-known/agent-card.json
The card MUST declare the AAP extension and list the seven required skills. The buyer agent uses the card to confirm AAP compliance, select a protocol binding, and (if auth_type is bearer) negotiate credentials before calling any skill.
Required AAP additions to the A2A agent card
A2A leaves discovery flexible; AAP narrows it. An AAP-compliant agent card MUST satisfy all of:
-
capabilities.extensions[]contains an entry whoseuriequals:https://autoagentprotocol.org/extensions/a2a-automotive-retail/v0.1 -
That extension entry SHOULD set
params.manifest_urlto the absolute URL of the agent's contract manifest (/.well-known/auto-agent-contract.json). -
That extension entry SHOULD set
params.required_skillsto the literal AAP v0.1 list:["dealer.information","inventory.facets","inventory.search","inventory.vehicle","lead.general","lead.vehicle","lead.appointment"] -
skills[]contains entries for all seven required skill ids. -
supported_interfaces[]lists at least one entry whoseprotocol_bindingisJSONRPCorHTTP+JSON.
A buyer agent that does not find a matching extension URI MUST treat the agent as a generic A2A agent, not as an AAP dealer agent.
Authentication declaration
Two modes are supported in v0.1:
security_requirements | security_schemes.bearer | Meaning |
|---|---|---|
| absent or empty | absent | Public agent. Anyone may call the agent over the listed bindings. |
present and references bearer | present | Bearer token required. Clients MUST send Authorization: Bearer <token> with every call. |
The contract manifest's auth_type field MUST agree with this declaration: null for public, "bearer" for bearer. See Contract manifest.
Full example agent card
This is a complete, valid AAP v0.1 agent card for a public dealer agent that exposes both bindings.
{
"name": "Demo Toyota Dealer Agent",
"description": "Dealer agent for Demo Toyota of San Francisco. Implements the Auto Agent Protocol v0.1 (A2A Automotive Retail Profile).",
"version": "1.0.0",
"provider": {
"organization": "Demo Toyota of San Francisco, LLC",
"url": "https://demo-toyota.example.com"
},
"documentation_url": "https://autoagentprotocol.org/docs/v0.1/intro",
"supported_interfaces": [
{
"url": "https://demo-toyota.example.com/a2a/jsonrpc",
"protocol_binding": "JSONRPC",
"protocol_version": "1.0"
},
{
"url": "https://demo-toyota.example.com/a2a",
"protocol_binding": "HTTP+JSON",
"protocol_version": "1.0"
}
],
"capabilities": {
"streaming": false,
"push_notifications": false,
"extended_agent_card": false,
"extensions": [
{
"uri": "https://autoagentprotocol.org/extensions/a2a-automotive-retail/v0.1",
"description": "Auto Agent Protocol v0.1 — A2A Automotive Retail Profile.",
"required": true,
"params": {
"manifest_url": "https://demo-toyota.example.com/.well-known/auto-agent-contract.json",
"required_skills": [
"dealer.information",
"inventory.facets",
"inventory.search",
"inventory.vehicle",
"lead.general",
"lead.vehicle",
"lead.appointment"
]
}
}
]
},
"default_input_modes": ["application/json"],
"default_output_modes": ["application/json"],
"skills": [
{
"id": "dealer.information",
"name": "Dealer Information",
"description": "Return dealership profile, locations, brands, business hours, contact policies, and supported services.",
"tags": ["dealer", "profile"],
"input_modes": ["application/json"],
"output_modes": ["application/json"]
},
{
"id": "inventory.facets",
"name": "Inventory Facets",
"description": "Return aggregated facets (makes, models, years, conditions, price/mileage ranges) over the dealer's inventory.",
"tags": ["inventory", "facets"]
},
{
"id": "inventory.search",
"name": "Inventory Search",
"description": "Search vehicle inventory by make, model, trim, year, condition, price, mileage, and other filters.",
"tags": ["inventory", "search"]
},
{
"id": "inventory.vehicle",
"name": "Vehicle Detail",
"description": "Return the detail view for a specific vehicle by VIN, stock, or vehicle_id.",
"tags": ["inventory", "vehicle"]
},
{
"id": "lead.general",
"name": "General Dealership Lead",
"description": "Submit a consented general dealership inquiry (financing question, trade-in interest, callback request).",
"tags": ["lead", "general"]
},
{
"id": "lead.vehicle",
"name": "Vehicle Lead",
"description": "Submit a consented vehicle-specific inquiry (ADF/XML-mappable).",
"tags": ["lead", "vehicle", "adf"]
},
{
"id": "lead.appointment",
"name": "Appointment Lead",
"description": "Submit a consented appointment request (test drive, showroom visit, handover, phone/video call, trade-in appraisal).",
"tags": ["lead", "appointment"]
}
],
"security_schemes": {},
"security_requirements": []
}
Bearer-protected example (auth declaration only)
For a dealer agent that requires a bearer token, the security blocks change as follows. Skills, extensions, and supported_interfaces look identical.
{
"security_schemes": {
"bearer": {
"type": "http",
"scheme": "bearer",
"bearer_format": "JWT"
}
},
"security_requirements": [
{ "bearer": [] }
]
}
The contract manifest for this agent MUST set auth_type: "bearer".
What a buyer agent does next
Once the card is fetched and validated:
- Read
capabilities.extensions[].params.manifest_urland fetch the contract manifest. The manifest gives the buyer agent per-skill schema URLs and per-skill consent/anonymous flags. - Pick a binding from
supported_interfaces[]. BothJSONRPCandHTTP+JSONaccept the same AAPDataParts; choose whichever the buyer agent already speaks. - If
security_requirementsis non-empty, obtain a bearer token out of band before calling any skill. - Invoke skills via standard A2A
SendMessage(JSON-RPC binding or REST binding).