ossa mcp a2a
Agent Interoperability Standards
Last Updated: January 7, 2026
Overview
Modern AI agent platforms require standardized protocols for interoperability. This guide covers the four key standards that enable GitLab Duo agents to communicate with external agents, tools, and platforms:
- OSSA (Open Standard Agents) - Vendor-neutral agent specification
- MCP (Model Context Protocol) - Agent-to-tool integration
- A2A (Agent-to-Agent Protocol) - Inter-agent communication
- kagent - Kubernetes-native agent orchestration
OSSA (Open Standard Agents)
Current Version: v0.3.2 Repository: https://github.com/OpenStandardAgents/ossa Maintained by: blueflyio (Thomas Scola and community contributors)
What is OSSA?
OSSA is a vendor-neutral specification for defining AI agents in a portable format. It enables agents to be:
- Platform-agnostic: Run on any OSSA-compliant platform
- Interoperable: Convert between different agent formats
- Discoverable: Published to agent registries
- Version-controlled: Tracked like code in Git repositories
OSSA Specification
Agent Manifest Format:
# ossa-agent.yml apiVersion: ossa/v1 kind: Agent metadata: name: code-reviewer version: 1.2.0 description: Performs automated code reviews with security analysis author: blueflyio license: Apache-2.0 spec: # Model configuration model: provider: anthropic name: claude-sonnet-4.5 parameters: temperature: 0.2 max_tokens: 8192 # System prompt system_prompt: | You are an expert code reviewer. Analyze code for: - Security vulnerabilities - Code quality and maintainability - Best practices adherence - Performance optimization opportunities # Tools the agent can use tools: - name: read_file type: filesystem - name: git_diff type: git - name: sast_scan type: security - name: comment_on_mr type: gitlab_api # Input schema inputs: - name: merge_request_iid type: integer required: true - name: project_id type: integer required: true - name: focus_areas type: array items: type: string enum: [security, quality, performance, documentation] default: [security, quality] # Output schema outputs: - name: review_summary type: string - name: issues_found type: array items: type: object properties: severity: {type: string, enum: [critical, high, medium, low]} category: {type: string} file: {type: string} line: {type: integer} description: {type: string} recommendation: {type: string} - name: approval_status type: string enum: [approved, changes_requested, blocked] # Resource requirements resources: token_limit: 100000 timeout: 300 memory: 512Mi # Deployment configuration deployment: trigger: merge_request.opened environment: variables: - GITLAB_TOKEN - SAST_ENABLED
GitLab Duo OSSA Conversion
The platform-agents repository (https://gitlab.com/blueflyio/platform-agents) provides bi-directional conversion between GitLab Duo agents and OSSA format.
Convert GitLab Duo to OSSA:
# Install the converter npm install -g @gitlab/agent-converter # Convert GitLab Duo agent to OSSA format gitlab-agent-to-ossa \ --input .gitlab/agents/security-analyst.yml \ --output ossa-security-analyst.yml # Validate OSSA specification ossa validate ossa-security-analyst.yml # Publish to OSSA registry ossa publish ossa-security-analyst.yml --registry https://registry.ossa.dev
Convert OSSA to GitLab Duo:
# Convert OSSA agent to GitLab format ossa-to-gitlab-agent \ --input ossa-security-analyst.yml \ --output .gitlab/agents/security-analyst.yml # Deploy to GitLab project glab duo agent deploy security-analyst
Conversion Example:
GitLab Duo Format:
# .gitlab/agents/code-reviewer.yml agent: name: code_reviewer version: "1.0" model: claude-sonnet-4.5 prompts: - role: system content: "You are a code reviewer..." actions: - name: review_mr gitlab_api: merge_requests
OSSA Format (converted):
# ossa-code-reviewer.yml apiVersion: ossa/v1 kind: Agent metadata: name: code-reviewer version: 1.0.0 platform: source: gitlab-duo converted_at: "2026-01-07T10:30:00Z" spec: model: provider: anthropic name: claude-sonnet-4.5 system_prompt: "You are a code reviewer..." tools: - name: merge_requests type: gitlab_api methods: [read, comment]
OSSA Agent Registry
Public Registry: https://registry.ossa.dev
Search for Agents:
# Search registry ossa search "code review" # Show agent details ossa show blueflyio/code-reviewer # Install agent ossa install blueflyio/code-reviewer@1.2.0
Publish Your Agent:
# Login to registry ossa login --username your-username # Publish agent ossa publish ossa-agent.yml # Publish with specific version ossa publish ossa-agent.yml --version 1.3.0 --tag latest
GitLab Integration:
# .gitlab-ci.yml publish_agent: stage: deploy script: - ossa validate ossa-agent.yml - ossa publish ossa-agent.yml --version $CI_COMMIT_TAG only: - tags
OSSA Benefits for GitLab Users
- Agent Portability: Export GitLab Duo agents for use in other platforms
- Ecosystem Access: Use community agents from OSSA registry
- Vendor Independence: No lock-in to specific AI providers
- Version Control: Track agent evolution with standard tooling
- Testing: Validate agents against specification
MCP (Model Context Protocol)
Version: 1.0 Repository: https://github.com/modelcontextprotocol/specification Maintained by: Anthropic
What is MCP?
MCP is a protocol for connecting AI agents to external tools and data sources. It enables:
- Tool Integration: Agents call external tools via standardized interface
- Context Sharing: Pass data between agents and tools
- Server Discovery: Dynamic discovery of available tools
- Bi-directional: Both server (provides tools) and client (uses tools) modes
GitLab as MCP Server
GitLab can act as an MCP server, exposing APIs as tools for external agents.
Configuration:
# .gitlab/mcp-server/config.yml mcp_server: enabled: true version: "1.0" # Exposed tools tools: - name: gitlab_get_issue description: "Retrieve issue details" parameters: project_id: {type: integer} issue_iid: {type: integer} endpoint: GET /projects/:project_id/issues/:issue_iid - name: gitlab_create_mr description: "Create merge request" parameters: project_id: {type: integer} source_branch: {type: string} target_branch: {type: string} title: {type: string} endpoint: POST /projects/:project_id/merge_requests - name: gitlab_run_pipeline description: "Trigger CI/CD pipeline" parameters: project_id: {type: integer} ref: {type: string} variables: {type: object} endpoint: POST /projects/:project_id/pipeline # Authentication auth: method: oidc issuer: https://gitlab.com # Discovery endpoint discovery: endpoint: https://gitlab.com/.well-known/mcp-tools
Start MCP Server:
# Enable MCP server for your GitLab instance glab mcp server start \ --port 3000 \ --tools "issues,merge_requests,pipelines" # Server available at: http://localhost:3000/mcp
MCP Server Discovery:
External agents can discover available tools:
# Query MCP server capabilities curl https://gitlab.com/.well-known/mcp-tools # Response: { "protocol": "mcp", "version": "1.0", "tools": [ { "name": "gitlab_get_issue", "description": "Retrieve issue details", "input_schema": {...} }, ... ] }
GitLab as MCP Client
GitLab Duo agents can use external MCP servers as tool providers.
Configure External MCP Server:
# .gitlab/agents/mcp-config.yml mcp_clients: - name: jira server_url: https://mcp.jira.com auth: method: api_key key: $JIRA_API_KEY tools: - jira_create_issue - jira_update_issue - jira_search_issues - name: slack server_url: https://mcp.slack.com auth: method: oauth token: $SLACK_OAUTH_TOKEN tools: - slack_post_message - slack_create_channel - slack_get_user - name: sentry server_url: https://mcp.sentry.io auth: method: bearer token: $SENTRY_AUTH_TOKEN tools: - sentry_get_errors - sentry_resolve_issue
Use MCP Tools in Agent:
# .gitlab/agents/integration-agent.yml agent: name: integration_agent version: "1.0" mcp_clients: - jira - slack system_prompt: | You can create Jira tickets and post to Slack using MCP tools. tools: # GitLab native tools - gitlab_issues - gitlab_merge_requests # External MCP tools - jira_create_issue - slack_post_message
Example Flow:
# Agent workflow using MCP tools from gitlab_duo import Agent agent = Agent.load("integration_agent") # 1. Get GitLab issue (native tool) issue = await agent.tools.gitlab_get_issue( project_id=12345, issue_iid=67 ) # 2. Create Jira ticket (MCP tool - external) jira_ticket = await agent.tools.jira_create_issue( project="PROJ", summary=f"GitLab Issue: {issue.title}", description=issue.description ) # 3. Post to Slack (MCP tool - external) await agent.tools.slack_post_message( channel="#integrations", text=f"Created Jira ticket {jira_ticket.key} for GitLab issue #{issue.iid}" )
Building MCP Servers for GitLab
MCP Server SDK (TypeScript):
// mcp-server.ts import { MCPServer } from '@modelcontextprotocol/sdk'; import { Gitlab } from '@gitbeaker/node'; const server = new MCPServer({ name: 'gitlab-mcp-server', version: '1.0.0' }); const gitlab = new Gitlab({ token: process.env.GITLAB_TOKEN }); // Define tool: Get issue server.addTool({ name: 'gitlab_get_issue', description: 'Retrieve issue details from GitLab', inputSchema: { type: 'object', properties: { project_id: { type: 'number' }, issue_iid: { type: 'number' } }, required: ['project_id', 'issue_iid'] }, async execute({ project_id, issue_iid }) { const issue = await gitlab.Issues.show(project_id, issue_iid); return { title: issue.title, description: issue.description, state: issue.state, labels: issue.labels, assignees: issue.assignees }; } }); // Define tool: Create MR server.addTool({ name: 'gitlab_create_mr', description: 'Create a merge request', inputSchema: { type: 'object', properties: { project_id: { type: 'number' }, source_branch: { type: 'string' }, target_branch: { type: 'string' }, title: { type: 'string' }, description: { type: 'string' } }, required: ['project_id', 'source_branch', 'target_branch', 'title'] }, async execute(params) { const mr = await gitlab.MergeRequests.create( params.project_id, params.source_branch, params.target_branch, params.title, { description: params.description } ); return { iid: mr.iid, web_url: mr.web_url, state: mr.state }; } }); // Start server server.listen(3000); console.log('GitLab MCP Server listening on http://localhost:3000');
Run MCP Server:
# Install dependencies npm install @modelcontextprotocol/sdk @gitbeaker/node # Start server GITLAB_TOKEN=glpat-xxx node mcp-server.ts # Server available at http://localhost:3000
Deploy MCP Server to GitLab:
# .gitlab-ci.yml deploy_mcp_server: stage: deploy image: node:18 script: - npm ci - npm run build - | cat > Dockerfile <<EOF FROM node:18-alpine WORKDIR /app COPY . . RUN npm ci --production EXPOSE 3000 CMD ["node", "dist/mcp-server.js"] EOF - docker build -t $CI_REGISTRY_IMAGE/mcp-server:$CI_COMMIT_TAG . - docker push $CI_REGISTRY_IMAGE/mcp-server:$CI_COMMIT_TAG only: - tags
MCP Best Practices
- Tool Naming: Use
<service>_<action>_<resource>convention (e.g.,gitlab_create_issue) - Error Handling: Return structured error objects, not exceptions
- Authentication: Use OIDC tokens for short-lived credentials
- Rate Limiting: Implement rate limits to prevent abuse
- Caching: Cache tool responses when appropriate
- Versioning: Version your MCP server API
- Documentation: Provide clear tool descriptions and examples
A2A (Agent-to-Agent Protocol)
Version: 1.0 Repository: https://github.com/linux-foundation/agent-to-agent Maintained by: Linux Foundation
What is A2A?
A2A is a protocol for direct communication between autonomous agents. It enables:
- Agent Discovery: Find and connect to other agents
- Message Passing: Exchange structured messages
- Task Delegation: Agents can delegate subtasks to specialized agents
- Result Aggregation: Combine results from multiple agents
A2A in GitLab Duo
Agent Communication Example:
# .gitlab/agents/orchestrator.yml agent: name: orchestrator version: "1.0" # A2A configuration a2a: enabled: true discovery: method: registry registry_url: https://agents.gitlab.com # Agents this agent can communicate with peers: - name: planner endpoint: https://agents.gitlab.com/planner protocol: a2a - name: security_analyst endpoint: https://agents.gitlab.com/security_analyst protocol: a2a - name: code_generator endpoint: https://agents.gitlab.com/code_generator protocol: a2a system_prompt: | You orchestrate multi-agent workflows. You can delegate tasks to: - Planner: Break down requirements - Security Analyst: Security review - Code Generator: Generate code
A2A Message Format:
{ "protocol": "a2a", "version": "1.0", "message_id": "abc123", "conversation_id": "conv-456", "sender": { "agent_id": "orchestrator-789", "agent_type": "orchestrator", "endpoint": "https://agents.gitlab.com/orchestrator-789" }, "recipient": { "agent_id": "planner-001", "agent_type": "planner", "endpoint": "https://agents.gitlab.com/planner" }, "message_type": "request", "payload": { "task": "create_implementation_plan", "parameters": { "feature_description": "OAuth2 authentication system", "constraints": ["backward_compatible", "secure"] } }, "context": { "project_id": 12345, "user_id": 678, "gitlab_token": "oidc-token-here" } }
Orchestrator Agent Example:
# orchestrator_agent.py from gitlab_duo import Agent, A2AClient class OrchestratorAgent(Agent): def __init__(self): super().__init__("orchestrator") self.a2a = A2AClient() async def execute(self, request): """Orchestrate multi-agent workflow""" # 1. Delegate planning to Planner Agent plan_response = await self.a2a.send_message( recipient="planner", message_type="request", payload={ "task": "create_plan", "requirements": request.requirements } ) plan = plan_response.payload["plan"] # 2. Generate code using Code Generator Agent code_response = await self.a2a.send_message( recipient="code_generator", message_type="request", payload={ "task": "generate_code", "plan": plan } ) code = code_response.payload["code"] # 3. Security review using Security Analyst Agent security_response = await self.a2a.send_message( recipient="security_analyst", message_type="request", payload={ "task": "analyze_security", "code": code } ) security_report = security_response.payload["report"] # 4. Aggregate results return { "plan": plan, "code": code, "security_report": security_report, "status": "complete" }
A2A Agent Registry
Register Agent:
# Register agent with A2A registry a2a register \ --name orchestrator \ --endpoint https://agents.gitlab.com/orchestrator-789 \ --capabilities "orchestration,planning,delegation" \ --auth-method oidc # List available agents a2a list # Discover agents by capability a2a discover --capability "security_analysis"
Agent Discovery in Code:
// Discover agents dynamically import { A2ARegistry } from '@a2a/client'; const registry = new A2ARegistry({ url: 'https://registry.a2a.dev' }); // Find security analysis agents const securityAgents = await registry.discover({ capability: 'security_analysis', tier: 'ultimate', available: true }); // Use discovered agent const securityAgent = securityAgents[0]; const response = await a2a.sendMessage({ recipient: securityAgent.endpoint, payload: { task: 'analyze_vulnerabilities', code: sourceCode } });
A2A Best Practices
- Use Conversation IDs: Track multi-turn interactions
- Handle Timeouts: Set reasonable timeout values
- Retry Logic: Implement exponential backoff for failures
- Authentication: Pass OIDC tokens in context
- Error Handling: Gracefully handle agent unavailability
- Monitoring: Log all A2A messages for debugging
kagent (Kubernetes Native Agents)
Status: CNCF Sandbox Project Repository: https://github.com/cncf/kagent Maintained by: CNCF
What is kagent?
kagent is a Kubernetes-native framework for deploying and orchestrating AI agents as Kubernetes resources.
Key Features:
- Agents deployed as Kubernetes Custom Resources (CRDs)
- Kubernetes-native scaling and orchestration
- Integration with Kubernetes RBAC
- Service mesh integration (Istio, Linkerd)
- GitOps-ready (Argo CD, Flux)
kagent Custom Resources
Agent CRD:
# agent-deployment.yaml apiVersion: kagent.io/v1 kind: Agent metadata: name: gitlab-code-reviewer namespace: gitlab-agents spec: # Agent configuration type: code-reviewer version: "1.2.0" # Model configuration model: provider: anthropic name: claude-sonnet-4.5 apiKeySecret: name: anthropic-api-key key: api-key # System prompt systemPrompt: | You are a code reviewer for GitLab merge requests. # Tools/integrations tools: - name: gitlab-api type: http configMapRef: name: gitlab-api-config # Resource limits resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "2Gi" cpu: "1000m" # Scaling replicas: 3 autoscaling: enabled: true minReplicas: 2 maxReplicas: 10 targetCPUUtilization: 70 # Networking service: type: ClusterIP port: 8080
AgentFlow CRD:
# agent-flow.yaml apiVersion: kagent.io/v1 kind: AgentFlow metadata: name: code-review-flow namespace: gitlab-agents spec: trigger: type: webhook path: /webhook/gitlab-mr stages: - name: security-scan agent: gitlab-security-analyst timeout: 300s - name: code-review agent: gitlab-code-reviewer dependsOn: [security-scan] timeout: 600s - name: post-results agent: gitlab-commentor dependsOn: [security-scan, code-review] timeout: 60s
Deploying GitLab Agents with kagent
Install kagent Operator:
# Add kagent Helm repo helm repo add kagent https://kagent.io/charts helm repo update # Install kagent operator helm install kagent-operator kagent/operator \ --namespace kagent-system \ --create-namespace # Verify installation kubectl get pods -n kagent-system
Deploy GitLab Agent:
# Create namespace kubectl create namespace gitlab-agents # Create secrets kubectl create secret generic anthropic-api-key \ --from-literal=api-key=$ANTHROPIC_API_KEY \ -n gitlab-agents kubectl create secret generic gitlab-token \ --from-literal=token=$GITLAB_TOKEN \ -n gitlab-agents # Deploy agent kubectl apply -f agent-deployment.yaml # Check agent status kubectl get agents -n gitlab-agents
GitLab CI/CD Integration:
# .gitlab-ci.yml deploy_agent_to_kubernetes: stage: deploy image: bitnami/kubectl:latest script: # Update agent image - kubectl set image deployment/gitlab-code-reviewer \ agent=$CI_REGISTRY_IMAGE/agent:$CI_COMMIT_TAG \ -n gitlab-agents # Wait for rollout - kubectl rollout status deployment/gitlab-code-reviewer \ -n gitlab-agents # Verify deployment - kubectl get agents -n gitlab-agents environment: name: production kubernetes: namespace: gitlab-agents only: - tags
kagent Monitoring
Prometheus Integration:
# agent-servicemonitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: gitlab-agents namespace: gitlab-agents spec: selector: matchLabels: app: gitlab-agent endpoints: - port: metrics interval: 30s path: /metrics
Grafana Dashboard:
# grafana-dashboard.json { "dashboard": { "title": "GitLab Agents", "panels": [ { "title": "Agent Request Rate", "targets": [{ "expr": "rate(agent_requests_total[5m])" }] }, { "title": "Agent Error Rate", "targets": [{ "expr": "rate(agent_errors_total[5m])" }] }, { "title": "Token Usage", "targets": [{ "expr": "sum(agent_tokens_used)" }] } ] } }
kagent Best Practices
- Resource Limits: Set appropriate CPU/memory limits
- Autoscaling: Enable HPA for production workloads
- Health Checks: Implement liveness and readiness probes
- Secrets Management: Use external secret stores (Vault, AWS Secrets Manager)
- Network Policies: Restrict agent-to-agent communication
- GitOps: Manage agent deployments with Argo CD or Flux
- Monitoring: Integrate with Prometheus and Grafana
Interoperability Comparison
| Feature | OSSA | MCP | A2A | kagent |
|---|---|---|---|---|
| Purpose | Agent specification | Tool integration | Agent communication | K8s orchestration |
| Scope | Agent definition | Agent Tool | Agent Agent | Agent deployment |
| Format | YAML manifest | JSON-RPC | JSON messages | K8s CRDs |
| Discovery | Registry | Server discovery | Agent registry | K8s API |
| Authentication | Platform-specific | OIDC/OAuth | OIDC | K8s RBAC |
| Versioning | Semantic | API version | Protocol version | CRD version |
| GitLab Support | Full | Full | Full | Full |
Integration Architecture
GitLab Agent Interoperability Stack:
GitLab Duo Agent Platform
Planner Security Data
Agent Analyst Analyst
Interoperability Layer
OSSA MCP A2A kagent
External Integrations
Jira Slack Sentry ...
Claude OpenAI Custom
Agents Agents Agents
Complete Integration Example
Scenario: Integrate GitLab Duo with external Jira and deploy on Kubernetes
Step 1: Define Agent in OSSA Format
# ossa-jira-integrator.yml apiVersion: ossa/v1 kind: Agent metadata: name: jira-integrator version: 1.0.0 spec: model: provider: anthropic name: claude-sonnet-4.5 system_prompt: | You create and update Jira tickets based on GitLab issues. tools: - name: gitlab_get_issue type: gitlab_api - name: jira_create_issue type: mcp server: https://mcp.jira.com
Step 2: Convert to GitLab Duo Format
ossa-to-gitlab-agent \ --input ossa-jira-integrator.yml \ --output .gitlab/agents/jira-integrator.yml
Step 3: Add MCP Client Configuration
# .gitlab/agents/mcp-config.yml mcp_clients: - name: jira server_url: https://mcp.jira.com auth: method: api_key secret: jira-api-key
Step 4: Deploy to Kubernetes with kagent
# kagent-deployment.yaml apiVersion: kagent.io/v1 kind: Agent metadata: name: jira-integrator spec: type: integration version: "1.0.0" source: type: gitlab repository: https://gitlab.com/blueflyio/agents path: .gitlab/agents/jira-integrator.yml tools: - name: gitlab-api configMapRef: name: gitlab-config - name: jira-mcp configMapRef: name: jira-mcp-config resources: limits: memory: "1Gi" cpu: "500m"
# Deploy kubectl apply -f kagent-deployment.yaml
Step 5: Configure A2A Communication
# .gitlab/agents/jira-integrator.yml (updated) agent: name: jira_integrator a2a: enabled: true discovery: method: kubernetes namespace: gitlab-agents peers: - name: planner discover_by: label selector: "agent-type=planner"
Step 6: Test Integration
# Create test issue glab issue create \ --title "Test Jira Integration" \ --label "sync-to-jira" # Agent automatically: # 1. Detects new issue (webhook trigger) # 2. Reads issue via GitLab API # 3. Creates Jira ticket via MCP # 4. Updates GitLab issue with Jira link # 5. Logs execution to observability platform
Resources
Documentation
- OSSA: https://docs.ossa.dev
- MCP: https://spec.modelcontextprotocol.io
- A2A: https://agent-to-agent.org/docs
- kagent: https://kagent.io/docs
Registries
- OSSA Registry: https://registry.ossa.dev
- MCP Server Registry: https://mcp-servers.dev
- A2A Agent Registry: https://registry.a2a.dev
SDKs & Tools
- OSSA CLI:
npm install -g @ossa/cli - MCP SDK:
npm install @modelcontextprotocol/sdk - A2A Client:
npm install @a2a/client - kagent CLI:
brew install kagent
Community
- OSSA GitHub: https://github.com/OpenStandardAgents
- MCP Discussions: https://github.com/modelcontextprotocol/specification/discussions
- A2A Slack: https://a2a-protocol.slack.com
- kagent CNCF: https://slack.cncf.io #kagent
Next Steps
- Export GitLab Duo Agent to OSSA: Start with Planner Agent
- Setup MCP Server: Expose GitLab APIs as MCP tools
- Enable A2A: Configure agent-to-agent communication
- Deploy with kagent: Move agents to Kubernetes for production
Related Documentation: