Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Mind the Boundary: Stabilizing Gemini Enterprise A2A via a Cloud Run Hub Across Projects and Accounts

Takao Morita

TL;DR

The paper addresses the practical challenge of cross-boundary orchestration for Gemini Enterprise A2A by implementing a Cloud Run-based A2A Hub that standardizes input, enforces a text-only UI path, and deterministically routes requests to four downstream paths. It demonstrates that UI compatibility and boundary-aware authentication are essential for stable user interactions, and that a Hub can contain downstream failures while preserving observability via a REST API. Key contributions include documenting interoperability gaps, proposing a boundary-aware authentication design, and validating deterministic routing and evidence-backed retrieval in a real enterprise-like setting. The approach provides actionable guidance for deploying cross-project and cross-account agent integrations with reproducible routing and robust UI behavior in production environments.

Abstract

Enterprise conversational UIs increasingly need to orchestrate heterogeneous backend agents and tools across project and account boundaries in a secure and reproducible way. Starting from Gemini Enterprise Agent-to-Agent (A2A) invocation, we implement an A2A Hub orchestrator on Cloud Run that routes queries to four paths: a public A2A agent deployed in a different project, an IAM-protected Cloud Run A2A agent in a different account, a retrieval-augmented generation path combining Discovery Engine and Vertex AI Search with direct retrieval of source text from Google Cloud Storage, and a general question answering path via Vertex AI. We show that practical interoperability is governed not only by protocol compliance but also by Gemini Enterprise UI constraints and boundary-dependent authentication. Real UI requests arrive as text-only inputs and include empty accepted output mode lists, so mixing structured data into JSON-RPC responses can trigger UI errors. To address this, we enforce a text-only compatibility mode on the JSON-RPC endpoint while separating structured outputs and debugging signals into a REST tool API. On a four-query benchmark spanning expense policy, project management assistance, general knowledge, and incident response deadline extraction, we confirm deterministic routing and stable UI responses. For the retrieval path, granting storage object read permissions enables evidence-backed extraction of the fifteen minute deadline. All experiments are reproducible using the repository snapshot tagged a2a-hub-gemini-ui-stable-paper.

Mind the Boundary: Stabilizing Gemini Enterprise A2A via a Cloud Run Hub Across Projects and Accounts

TL;DR

The paper addresses the practical challenge of cross-boundary orchestration for Gemini Enterprise A2A by implementing a Cloud Run-based A2A Hub that standardizes input, enforces a text-only UI path, and deterministically routes requests to four downstream paths. It demonstrates that UI compatibility and boundary-aware authentication are essential for stable user interactions, and that a Hub can contain downstream failures while preserving observability via a REST API. Key contributions include documenting interoperability gaps, proposing a boundary-aware authentication design, and validating deterministic routing and evidence-backed retrieval in a real enterprise-like setting. The approach provides actionable guidance for deploying cross-project and cross-account agent integrations with reproducible routing and robust UI behavior in production environments.

Abstract

Enterprise conversational UIs increasingly need to orchestrate heterogeneous backend agents and tools across project and account boundaries in a secure and reproducible way. Starting from Gemini Enterprise Agent-to-Agent (A2A) invocation, we implement an A2A Hub orchestrator on Cloud Run that routes queries to four paths: a public A2A agent deployed in a different project, an IAM-protected Cloud Run A2A agent in a different account, a retrieval-augmented generation path combining Discovery Engine and Vertex AI Search with direct retrieval of source text from Google Cloud Storage, and a general question answering path via Vertex AI. We show that practical interoperability is governed not only by protocol compliance but also by Gemini Enterprise UI constraints and boundary-dependent authentication. Real UI requests arrive as text-only inputs and include empty accepted output mode lists, so mixing structured data into JSON-RPC responses can trigger UI errors. To address this, we enforce a text-only compatibility mode on the JSON-RPC endpoint while separating structured outputs and debugging signals into a REST tool API. On a four-query benchmark spanning expense policy, project management assistance, general knowledge, and incident response deadline extraction, we confirm deterministic routing and stable UI responses. For the retrieval path, granting storage object read permissions enables evidence-backed extraction of the fifteen minute deadline. All experiments are reproducible using the repository snapshot tagged a2a-hub-gemini-ui-stable-paper.
Paper Structure (28 sections)

This paper contains 28 sections.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. A2A protocol and agent cards
  4. Multi-agent orchestration
  5. RAG in enterprise data
  6. System Design
  7. Overall architecture
  8. UI compatibility as a first principle
  9. Input normalization and deterministic routing
  10. Absorbing boundary-dependent authentication
  11. Implementation
  12. Hub structure and endpoints
  13. JSON-RPC handling and input extraction
  14. UI compatibility mode and exception containment
  15. REST tool API for structured inspection
  16. ...and 13 more sections