$HEADLESS SYSTEMS
$ cat /blog/agent-protocol-stack

The agent protocol stack is the new headless interface

Petr Pátek··10 min·systems
The agent protocol stack is the new headless interface

For most of 2025 the industry asked the wrong question: MCP or A2A, which protocol wins? The answer arrived in 2026, and it is that both won, because they were never competing for the same slot. The Model Context Protocol and the Agent2Agent protocol solve different problems at different layers, and the two of them stacked together now form the wiring of machine-consumed software.

That stack is a headless interface. When an agent accesses a tool through MCP and delegates a task to another agent through A2A, software gets consumed end to end with no human in the loop and no dashboard involved. The interface is the protocol, not the screen.

This piece takes a position: the agent protocol stack, not the model, is the durable product surface. Models are getting swapped every six months. The tool layer and the coordination layer are where design decisions, lock-in, and value actually live. Build for the stack, not the model.

What is the agent protocol stack?

The agent protocol stack is a two-layer arrangement of open protocols that lets AI agents consume software autonomously. MCP is the vertical layer: it connects a model to tools and data. A2A is the horizontal layer: it connects agents to each other for delegation and coordination. One handles depth, the other handles breadth, and enterprise deployments in 2026 increasingly run both.

The clean split is the whole point. MCP answers “how does this agent reach a database, an API, or a file system?” A2A answers “how does this agent hand a subtask to a specialized agent it does not own?” Neither protocol tries to do the other’s job, which is exactly why the “which one wins” framing was a category error.

Both protocols now sit under the Linux Foundation’s Agentic AI Foundation. Anthropic donated MCP to the foundation in December 2025, co-founded with Block and OpenAI. Google Cloud donated A2A to the Linux Foundation as well. Two competing vendors handed their agent protocols to the same neutral steward inside twelve months. That is not a standards war. That is a stack forming.

MCP: the vertical tool layer

MCP standardizes how a model reaches the outside world. Instead of every agent framework inventing its own way to call a database or an API, MCP defines a single client-server contract: the model is the client, the tool or data source runs behind an MCP server, and the calls look the same regardless of what sits on the other end. It is the USB-C of tool access, and the adoption numbers show it landed.

MCP now runs at scale. As of 2026 it sees 97 million SDK downloads per month, more than 9,400 public servers, and native support from Anthropic, OpenAI, Google DeepMind, and Microsoft. Every major model provider speaks it. That is the definition of a protocol that stopped being optional.

The mental model is an employee reaching for internal tools. An agent equipped with MCP servers can query a warehouse, read a document store, and hit a payments API, each through the same interface shape.

// An MCP tool call: the model asks a server to run a named tool
{
  "method": "tools/call",
  "params": {
    "name": "search_orders",
    "arguments": { "customer_id": "cus_4192", "status": "open" }
  }
}

The server returns structured results the model can act on. No UI, no rendering, no human clicking through a dashboard. This is machine-consumed software at the tool level, and it is the layer where “build for machines first” stops being a slogan and becomes a wire format.

A2A: the horizontal coordination layer

A2A standardizes how agents talk to each other. Where MCP connects a model down to tools, A2A connects an agent sideways to other agents, including agents built by different teams on different frameworks. It defines Agent Cards (a machine-readable description of what an agent can do and how to reach it) and a task lifecycle for delegating, tracking, and completing work across those boundaries.

A2A moved into production fast. By April 2026 the project had more than 150 supporting organizations, reached version 1.2, and landed native integrations in Azure AI Foundry, Amazon Bedrock AgentCore, and Google Cloud. Microsoft, AWS, Salesforce, SAP, and ServiceNow are running A2A in production across supply chain, financial services, insurance, and IT operations. The horizontal layer is not a whiteboard diagram anymore.

The mental model is an org chart. A research agent receives a task, delegates data gathering to a data agent, hands the draft to a writing agent, and routes the result to a review agent, each a separate service that trusts the others through signed Agent Cards. Version 1.2 added cryptographic signatures on Agent Cards for domain verification, which is the trust primitive that makes cross-vendor delegation safe. An agent can now prove which domain published it before another agent hands over a task.

MCP vs A2A: why it was never a competition

The MCP vs A2A debate assumed a zero-sum slot. There was never one slot. MCP is vertical, model-to-tools; A2A is horizontal, agent-to-agent. Put side by side, the division of labor is obvious.

DimensionMCPA2A
DirectionVertical (model to tools/data)Horizontal (agent to agent)
Unit of workTool callDelegated task
AnalogyEmployee using internal toolsOrg chart delegating projects
Primary concernAccess to data and functionsCoordination and delegation
Trust primitiveServer auth and scoped tokensSigned Agent Cards
StewardLinux Foundation (AAIF)Linux Foundation (AAIF)

The two-layer stack is now the expected baseline. Over 100 enterprises had formally adopted both protocols by February 2026, wiring MCP for tool access underneath and A2A for cross-boundary delegation on top. As one analysis of the protocol convergence put it, MCP won the tool layer while A2A won the coordination layer, and ACP, the third contender, largely folded into the same governance umbrella rather than carving out a rival stack. The war ended because the map had two territories.

The stack is a headless interface

Here is the part the vendor explainers miss. When both layers are wired, software is consumed with no human interface in the loop. An agent authenticates, calls tools through MCP, delegates across A2A, and returns a result. The dashboard never renders because no human is watching. The protocols are the interface.

This is the headless thesis made concrete. For years “headless” meant separating the backend from the frontend so the UI became one optional consumer among many. The agent protocol stack is what “one optional consumer” looks like when the primary consumer is a machine. The API surface is no longer decorated with a UI as the main event; the UI is the vestigial layer and the protocol contract is the product.

That reframes the design work. If your system exposes an MCP server and an A2A Agent Card, an agent can use it without a single screen ever being built. If it only exposes a UI, an agent has to scrape, automate a browser, or wait for you to ship an API. Designing the tool surface and the delegation surface first is the headless move, and the protocol stack is now the standard way to express it. UI, if you build it, becomes the thin adapter on top.

The governance gap nobody is pricing in

Running both layers doubles the governance surface, and most teams have not budgeted for it. If the MCP layer and the A2A layer each carry their own authentication, monitoring, and access control, you double the operational overhead and open gaps where neither system has full visibility. An agent misbehaves at the tool layer, and the coordination layer never sees it. A delegation goes wrong at the coordination layer, and the tool layer logs look clean.

The fix is architectural, not procedural. The better pattern is a single observability and governance layer that sits above both protocols and treats them as complementary data sources, so one control plane sees every tool call and every delegated task. That is where per-agent rate limiting, anomaly detection, and forensics actually become possible. Without it, you are stitching two audit trails together after an incident instead of reading one.

Identity is the thread that ties the two layers together. A2A’s signed Agent Cards answer which agent published a task, and MCP’s scoped tokens answer what that agent is allowed to touch. As I argued in agent identity is the missing primitive, the agent economy is being built on shared API keys that cannot tell you which of forty agents did the thing your auditors are asking about. The protocol stack gives you the hooks to fix that, but only if the governance layer above it is designed to use them.

The reality check: why 40% of these projects will die

None of this means the stack guarantees success. Gartner projects that over 40% of agentic AI projects could be canceled by 2027, citing unclear value, rising costs, and weak governance. The gap is not the protocols. The gap is between adoption intent and production readiness.

Adopting MCP and A2A is the easy part now that the wire formats are stable and the cloud platforms ship native support. The hard part is the same as it has always been: a clear job for the agents to do, a cost model that survives contact with real traffic, and governance that an auditor accepts. The teams that treat the protocol stack as the finish line will be in that 40%. The teams that treat it as the interface, and then do the unglamorous work of scoping, costing, and governing what flows through it, are the ones that ship.

This is why grounding matters more than enthusiasm. The two-layer stack is real, dated, and in production at the largest software vendors on the planet. It is also not a substitute for knowing why you are deploying an agent in the first place.

Build for the stack, not the model

The model is becoming a commodity. Providers leapfrog each other on benchmarks every quarter, and swapping one for another is increasingly a config change. The agent protocol stack is the part that does not swap out cheaply. Your MCP servers, your Agent Cards, your delegation graph, and the governance layer above them are where the real architecture lives, and where the lock-in and the value accumulate.

Three takeaways for architects. First, the MCP vs A2A question is settled: use MCP for tool access and A2A for agent coordination, and expect to run both. Second, design the governance and observability layer above the stack from the start, because retrofitting one audit trail out of two after an incident is the expensive path. Third, treat the protocol stack as your headless interface, expose your systems through it first, and let any UI be the thin adapter that follows.

The interface to your software is no longer a screen. It is a tool contract and a delegation contract that machines read directly. That is what headless has been pointing at all along, and in 2026 it finally has a wire format. The publications, vendors, and architects who internalize that the stack is the product will define how machine-consumed software gets built for the rest of the decade.

For more analysis of how machines are becoming the primary consumers of software, subscribe to the newsletter or see how we score vendors on their agent readiness in the Headless Index.