After successfully deploying your A2A agent to Cloud Run, thoroughly test its functionality. Establish strong monitoring practices to ensure continuous performance and reliability.
A2A inspector: Validate agent compliance
Use the a2a-inspector tool to inspect, debug, and validate your deployed Google A2A agent. This tool ensures that your agent fully complies with the A2A specification and functions correctly.
After a successful connection, the inspector performs the following actions:
- Displays the agent card: Automatically shows your agent's card.
- Validates compliance: Checks that the card meets A2A specifications.
- Enables live chat: Lets you send and receive messages with the agent.
- Shows raw data: Displays raw JSON-RPC 2.0 messages in a console for debugging.
CLI interaction with a deployed A2A agent
Use the command-line interface (CLI) tools from the A2A samples repository to interact with your deployed service. This CLI supports bearer token-based authentication.
If your service uses IAM-based authentication, export the
gcloud token for successful interaction:
export A2A_CLI_BEARER_TOKEN=$(gcloud auth print-identity-token)
# From CLI directory
uv run . --agent CLOUD_RUN_SERVICE_URL
Replace CLOUD_RUN_SERVICE_URL with the URL of your deployed Cloud Run service.
Local testing of deployed A2A services
You can test your deployed Cloud Run service locally. This is particularly useful when implementing IAM-based authentication.
Test IAM-based authentication for Cloud Run agents
Clients interacting with your Identity and Access Management (IAM)-secured Cloud Run service must
possess the roles/run.invoker IAM role.
Locally test your deployed service
authentication flow using the gcloud auth print-identity-token command:
curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" CLOUD_RUN_SERVICE_URL/.well-known/agent.json
Replace CLOUD_RUN_SERVICE_URL with the URL of your deployed Cloud Run service.