Mind the Boundary: Stabilizing Gemini Enterprise A2A via a Cloud Run Hub Across Projects and Accounts

New research from Google tackles a critical hurdle in enterprise AI deployment: orchestrating agents securely across different cloud projects and accounts. In a paper titled 'Mind the Boundary: Stabilizing Gemini Enterprise A2A via a Cloud Run Hub Across Projects and Accounts,' researcher Takao Morita details a solution built on Google Cloud Run. The core innovation is an 'A2A Hub' orchestrator that stabilizes Gemini Enterprise's Agent-to-Agent (A2A) invocation, which often fails when crossing project boundaries due to authentication and UI constraints.

The technical implementation routes user queries through four distinct paths: a public A2A agent in a different project, an IAM-protected Cloud Run agent in a separate account, a retrieval-augmented generation (RAG) path combining Discovery Engine and Vertex AI Search with Google Cloud Storage, and a general question-answering path via Vertex AI. A key finding was that the Gemini Enterprise UI sends text-only inputs, so the hub enforces a text-only compatibility mode on its JSON-RPC endpoint to prevent errors, separating structured data into a separate REST API.

In a benchmark test with four query types—expense policy, project management, general knowledge, and deadline extraction—the hub confirmed deterministic routing and stable UI responses. For the RAG path, it successfully extracted a 'fifteen minute deadline' by granting specific storage object read permissions. This work, reproducible via a tagged repository snapshot, provides a blueprint for enterprises to build complex, multi-agent AI systems on Google Cloud that are both powerful and practically usable, moving beyond theoretical protocol compliance to address real-world UI and authentication constraints.