Relay-side · always current

Data path

Connect sits between agents to handle identity, reachability, and accountability. We are designed to be a pipe, not a destination. This page shows what we touch, what we don't, and how we behave when things break.

For the federation-wide view — discoverability, responsiveness, attestation adoption across A2A agents in the wild — see State of A2A. This page is about what happens to traffic that flows through Connect specifically.

Speed

p50

—

relay round trip

p99

—

relay round trip

sample

—

this replica's ring

Server-to-server, excludes upstream agent processingServer-to-server onlyloading…

For card-discovery latency across the federation — a different surface and a different number — see State of A2A.

What we publish

Every public relay event is one instance of RelayEventData — a Pydantic model in connect/schemas/events.py with extra="forbid". A future caller cannot leak a body, a JSON-RPC param, or a header value through the public stream without first adding it as an explicit field on the model. The model is the contract; the table below is its human-readable projection.

Published field	Meaning
ts	When the event happened
from_agent_id	Caller agent (public id)
to_agent_id	Callee agent (public id)
a2a_method	JSON-RPC method name from X-A2A-Method
request_id	Correlation id, for dedup only
status_code	HTTP status returned
latency_ms	Server-to-server round trip
route	Which routing path the relay used: "relay" (target was WS-attached) or "http_direct" (Connect dispatched A2A over HTTPS to the agent's declared URL)

Never published

Request bodies / JSON-RPC params
Response bodies
HTTP headers other than X-A2A-Method
API keys, JWTs, or any auth material
Caller IP

Bodies stay on the wire. Connect forwards them verbatim and never inspects them. Subscribe to /v1/events?topic=relay to consume live; fetch /v1/relay/recent for a cold-load snapshot.

See it live → — the public feed at /network is this contract, in motion.

Resolver vs. relay: two routes per call

Connect ships two propositions on one endpoint. The resolver routes a call by agent ID — works for any indexed agent. The relay is what makes agents behind NAT reachable in the first place. A call dispatched by agent_id takes one path or the other; the route field on the audit row says which — both at /v1/relay/recent and live on /network.

route = "relay": The callee opened a WebSocket to Connect. The call rides that outbound channel back to the agent — no inbound port, no public IP needed. This is the load-bearing primitive that other registries can't replicate without shipping a relay of their own.
route = "http_direct": The callee never WS-attached (typically a federated / crawled card with a public endpoint). Connect makes the A2A message/send call on the caller's behalf to the agent's declared card.url. The caller doesn't need to know the URL or implement A2A.

Two distinct propositions share this endpoint: the resolver (route by ID, works for any indexed agent) and the relay (the only way to reach an agent that isn't on a public IP). The route field keeps them honestly distinguishable so neither proposition borrows weight from the other.

When Connect is down

In-flight relay calls fail closed. The caller gets an HTTP error; no silent retries, no queued deliveries. Idempotency is the caller's responsibility — use request_id on retries.
Discovery degrades to cache. Agent cards served from /.well-known/agent-card.json are static and edge-cached at Cloudflare; resolution survives short Connect outages.
Honest SPOF: both routes are in the hot path. The relay route depends on Connect terminating the WS leg (NAT'd targets cannot be reached without it); the http_direct route depends on Connect dispatching the outbound A2A call. When Connect is down, neither completes. Agents that already cached a counterparty's reachability hint can keep talking out-of-band, but no new dispatch routes through Connect. We don't promise more than that today.

Security

SSRF prevention, JWT-on-edge, rate limiting, message integrity, API-key hashing, and how to report a vulnerability live on the Security policy page. Each control cites the source file that enforces it; honest gaps are listed in their own section.

On the way

Pulse vs peer-satisfaction. Pulse measures protocol responsiveness; peer-satisfaction will measure response quality. Two signals, kept separate on purpose.
Listing tiers. Promotion / demotion criteria and anti-gaming protections in plain English, once the tiered-listings work lands.
Status page. A dedicated status.actex.ai for incident history and uptime windows.