info:
label: Employee Onboarding Workflow
description: >-
A multi-agent network for employee onboarding. Orchestrates HR system setup,
Salesforce profile creation, laptop and badge requests, and Slack notifications
for new hires.
version: 1.0.0
tags:
- employee-onboarding
- multi-agent
- hr
- production
Agent Network (2.0) YAML Reference
The agent-network.yaml file details the required structure and properties that define your project’s assets, connections, and policies.
Agent Network Section
This is the root section of the agent network. Must include at least one of registry, context, or brokers.
This section has these properties.
| Parameter | Description | Type | Required |
|---|---|---|---|
info |
Provides metadata about the graphs. |
No |
|
agentNetwork |
This string must be the version number of the agent network specification used by the agent network document. This is not related to the document’s |
String |
Yes |
registry |
Definitions of agents, MCPs, and LLMs. |
registry Object |
No |
context |
Reusable entities scoped to the graphs defined in this file (for example, connections and policies). |
Object |
No |
brokers |
A mapping of runtime Agent Script definitions that can be executed by the platform. |
No |
Info Section
This section contains basic metadata about the agent network document itself.
Example
The section has these properties.
| Parameter | Description | Type | Required |
|---|---|---|---|
label |
The human-readable name of the agent network. |
String |
Yes |
version |
The version number of the |
String |
Yes |
description |
A human readable summary of what the agent network does. Accepts CommonMark syntax. |
String |
No |
tags |
Categorization tags for this agent network document. |
Array of Strings |
No |
|
A short summary of the purpose of the agent network. |
String |
No |
|
A URI for the Terms of Service for the API. This must be in the form of a URI. |
String |
No |
|
The contact information for the agent network. |
Object |
No |
|
The identifying name of the contact person/organization. |
String |
No |
|
The URI for the contact information. This must be in the form of a URI. |
String |
No |
|
The email address of the contact person/organization. This must be in the form of an email address. |
String |
No |
|
The license information for the agent network. |
Object |
No |
|
The license name used for the agent network. |
String |
Yes (if license present) |
|
An SPDX license expression. Mutually exclusive with |
String |
No |
|
A URI for the license. This must be in the form of a URI. Mutually exclusive with |
String |
No |
Registry Section
Use this section to organize and reference reusable agents, LLMs, and MCP tools. The registry section defined in the file is considered the "local registry". Assets defined in the registry are published to Exchange.
Example
registry:
agents:
hr-system-agent:
info:
label: HR System Agent
description: Agent that creates new-hire records and manages HR system setup.
metadata:
platform: AgentForce
interfaces:
a2a:
card:
name: hr-system-agent
description: Creates and manages employee records in the HR system.
url: https://hr-agent.example.com/a2a
version: "1.0.0"
protocolVersion: "1.0"
capabilities: {}
defaultInputModes: [application/json, text/plain]
defaultOutputModes: [application/json, text/plain]
skills: []
tools:
- mcp:
ref:
name: slack-mcp
allowed: [sendMessage, listChannels]
llm:
ref:
name: Open-AI-LLM
salesforce-agent:
info:
label: Salesforce Onboarding Agent
description: Agent that provisions Salesforce profiles for new hires.
metadata:
platform: AgentForce
interfaces:
a2a:
card:
name: salesforce-agent
description: Onboards new employees to Salesforce.
url: https://sfdc-agent.example.com/a2a
version: "1.0.0"
protocolVersion: "1.0"
capabilities: {}
defaultInputModes: [application/json]
defaultOutputModes: [application/json]
skills: []
llm:
ref:
name: Open-AI-LLM
mcps:
slack-mcp:
info:
label: Slack MCP Server
description: MCP server for sending messages and listing Slack channels.
metadata:
protocolVersion: "2024-11-05"
transport:
kind: sse
ssePath: /mcp
tools:
- name: sendMessage
description: Send a message to a Slack channel.
inputSchema:
type: object
properties:
text: { type: string }
channelId: { type: string }
- name: listChannels
description: List available Slack channels.
inputSchema:
type: object
llms:
Open-AI-LLM:
info:
label: OpenAI LLM
description: OpenAI provider for orchestration and generation nodes.
metadata:
platform: OpenAI
models:
- gpt-4o
- gpt-4o-mini
- gpt5-mini
Azure-OpenAI-LLM:
info:
label: Azure OpenAI LLM
description: Azure OpenAI for orchestration nodes.
metadata:
platform: AzureOpenai
models:
- gpt-4o
The registry section has these properties.
| Parameter | Description | Type | Required | Values |
|---|---|---|---|---|
|
The list of agents defined as part of this network. |
Object |
No |
Keys: identifiers matching ^[a-zA-Z_][a-zA-Z0-9_.-]*$. Values: AgentEntity |
|
The list of MCP servers defined as part of this network. |
Object |
No |
Keys: identifiers. Values: MCPServerEntity |
|
The list of LLM providers defined as part of this network. |
Object |
No |
Keys: identifiers. Values: LLMEntityEach |
Info
All nodes in this section share these properties.
| Parameter | Description | Type | Required |
|---|---|---|---|
|
The human readable short text. |
String |
No |
|
A human readable text of what this element does. Accepts CommonMark syntax. |
String |
No |
|
Optional tags. |
Array of Strings |
No |
Agents
Each registry agent is an AgentEntity. The schema requires a metadata object. The interfaces, tools, and LLM reference are nested under metadata, not at the root of the agent.
The agents section has these properties.
| Parameter | Description | Type | Required |
|---|---|---|---|
|
Metadata for the agent. |
InfoObject |
No |
|
Platform, interfaces, tools, and LLM wiring for the agent. |
Object |
Yes |
|
Host platform for the agent (for example, AgentForce or Bedrock). |
String |
Yes |
|
The interfaces that this agent supports. At least one of |
Object |
Yes |
|
A2A protocol version 1.x interface definition. Contains the agent card. |
Object |
No (at least one interface required) |
|
The A2A v1 agent card. See A2A Card. |
AgentCard |
No |
|
A2A protocol version 0.3.x interface definition (legacy). |
Object |
No (at least one interface required) |
|
The A2A v0.3 agent card. |
AgentCard |
No |
|
Other protocol interface definition. |
Object |
No (at least one interface required) |
|
The protocol name for this interface. |
String |
Yes (when using other) |
|
The card for this protocol. |
Object |
No |
|
Named URLs for the agent. |
Array |
No |
|
The list of tool providers (MCP or A2A) |
Array[Object] |
No |
|
Reference to the LLM used by this agent (ref to a declared LLM) |
Object |
No |
Authentication for outbound calls is configured on connections (and related policies), not on registry AgentEntity definitions.
If you are connecting to an agent that uses A2A protocol version 0.3.x, use the a2a_v03 interface key instead of a2a. The a2a key targets A2A protocol version 1.x.
|
A2A Card
This section adheres to the Agent-to-Agent (A2A) specification v1.0 and describes an agent’s contract, skills, and capabilities. This is a standard A2A agent card as defined in the Agent2Agent (A2A) Protocol specification.
The A2A card section has these properties.
| Parameter | Description | Type | Required | Values |
|---|---|---|---|---|
|
Human-readable name for the agent. |
string |
Yes |
— |
|
Human-readable description of the agent’s purpose. |
string |
Yes |
— |
|
Preferred endpoint URL for interacting with the agent. Must support preferredTransport. |
string |
Yes |
for example, https://api.example.com/a2a/v1 |
|
Agent’s own version number (format defined by provider). |
String |
Yes |
for example, 1.0.0 |
|
Version of the A2A protocol this agent supports. |
String |
Yes |
for example, 1.0 |
|
Optional capabilities supported by the agent. |
AgentCapabilities |
Yes |
See below |
|
Default supported input MIME types for all skills (overridable per skill). |
Array of string |
Yes |
— |
|
Default supported output MIME types for all skills (overridable per skill). |
Array of string |
Yes |
— |
|
The set of skills or distinct capabilities the agent can perform. |
Array of AgentSkills |
Yes |
See below |
|
Transport for the main url. Must be available at that URL. |
String |
No |
JSON-RPC, GRPC, HTTP JSON (default: JSON-RPC) |
|
Additional transport+URL combinations for the same agent. |
Array of AgentInterface |
No |
Each: { transport: string, url: string } |
|
The transport protocol for this interface. |
String |
Yes |
|
|
The URL for this additional interface. |
String (URI) |
Yes |
Valid URI string |
|
Agent’s service provider. |
AgentProvider |
No |
{ organization: string, url: string } |
|
Optional URL to the agent’s documentation. |
String |
No |
— |
|
Optional URL to an icon for the agent. |
String |
No |
— |
|
Security requirement objects for all interactions (OpenAPI 3.0 style; OR of ANDs). |
Array of object |
No |
Each object: scheme names → array of scope strings |
|
Declared security schemes (key \= scheme name). OpenAPI 3.0 Security Scheme Object. |
Object |
No |
apiKey, http, oauth2, openIdConnect, mutualTLS |
|
JSON Web Signatures for this AgentCard (RFC 7515 JWS). |
Array of AgentCardSignature |
No |
{ protected, signature, header? } |
Skills Properties
Skills describe the distinct capabilities the agent can perform and have these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
|
Unique identifier for the skill. |
String |
Any string value |
No |
|
A human-readable name for the skill. |
String |
Any string value |
No |
|
A description of what this skill does. |
String |
Any string value |
No |
|
Usage examples demonstrating how to use this skill. |
Array of strings |
Array of example strings |
No |
|
Supported input MIME types for this skill (overrides defaultInputModes). |
Array of strings |
Array of MIME type strings |
No |
|
Supported output MIME types for this skill (overrides defaultOutputModes). |
Array of strings |
Array of MIME type strings |
No |
|
Categorization tags for this skill. |
Array of strings |
Array of tag strings |
No |
Capabilities Properties
Capabilities describe optional features supported by the agent and have these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
|
Indicates if the agent supports streaming responses. |
Boolean |
|
No |
|
Indicates if the agent supports push notifications. |
Boolean |
|
No |
|
Indicates if the agent supports providing an extended agent card when authenticated. |
Boolean |
|
No |
|
List of protocol extensions supported by the agent. |
Array |
Array of extension objects |
No |
MCP
The MCP Server section has these properties.
| Parameter | Description | Type | Required | Values |
|---|---|---|---|---|
|
Metadata for the MCP Server |
|
No |
— |
|
Named URLs for the MCP server. |
Array |
No |
— |
|
MCP server descriptor (how to connect and what it exposes). |
Object |
Yes |
— |
|
Version of the MCP protocol. |
String |
No |
"2024-11-05", "2025-03-26", "2025-06-18", "2025-11-25" |
|
Transport used for communication. |
MCPTransport |
Yes |
SseTransport, StreamableHttpTransport, or StdioTransport |
|
Service provider of the MCP server. |
Object |
No |
{ organization: string, url: string } |
|
Server capabilities. |
ServerCapabilities |
No |
completions, experimental, tasks, logging, prompts, resources, tools |
|
List of tools. |
Array |
No |
action definitions |
|
List of resources. |
Array |
No |
Resource definitions |
|
List of resource templates. |
Array |
No |
ResourceTemplate definitions |
|
List of prompts. |
Array |
No |
Prompt definitions |
|
Platform the MCP server runs on. |
String |
No |
— |
|
Security schemes for authentication. |
Object |
No |
SecurityScheme by key |
MCP Transport types
The metadata.transport object describes how clients connect to the MCP server. The supported transport kinds are sse, streamableHttp, and stdio.
Example
registry:
mcps:
weather-mcp:
metadata:
protocolVersion: "2025-06-18"
transport:
kind: streamableHttp
path: /weather/mcp
provider:
organization: Acme Inc.
url: https://www.acme.com
my-mcp-sse:
metadata:
transport:
kind: sse
ssePath: /mcp/sse
messagesPath: /mcp
SseTransport
Sse Transport has these properties.
| Parameter | Description | Type | Required | Values |
|---|---|---|---|---|
|
Transport type. |
String |
Yes |
|
|
Path to the SSE endpoint. |
String |
Yes |
— |
|
Path to the messages endpoint. |
String |
No |
Agent Graph Expression Optional |
Reference Types
Reference types are reusable objects that point to other entities defined in the registry, such as agents, MCP servers, LLMs, connections, and policies.
Example
registry:
agents:
myEvaluationAgent:
type: a2a_agent
protocol: a2a
platform: agentforce
kind: evaluation
connections:
- kind: mcp
ref:
assetId: my-mcp-server
version: 1.0.0
allowed:
- tool-name-1
provenance:
kind: exchange
metadata:
organizationId: my-org
Reference types used in the Registry section have these properties.
| Reference | Description | Type | Required | Values |
|---|---|---|---|---|
|
Reference to an agent. |
Object |
No |
|
|
Reference to an MCP server. |
Object |
No |
|
|
Reference to an LLM provider. |
Object |
No |
|
|
Reference to a connection. |
Object |
No |
|
|
Reference to a policy. |
Object |
No |
|
Context Section
This section is for reusable entities scoped to the graphs defined in the agent-network.yaml file. It holds definitions that are used by the document (for example, connections, policies) but are not published to the agent registry.
Example
context:
connections:
hr_system_agent:
kind: a2a
ref:
name: hr-system-agent
url: https://hr-agent.example.com/a2a
policies:
outbound:
- ref:
name: retry-policy
salesforce_agent:
kind: a2a
ref:
name: salesforce-agent
url: https://sfdc-agent.example.com/a2a
slack_mcp:
kind: mcp
ref:
name: slack-mcp
url: https://mcp.example.com/slack
openai_llm:
kind: llm
ref:
name: Open-AI-LLM
url: https://api.openai.com/v1
authentication:
kind: apiKey
apiKey: "${env.OPENAI_API_KEY}"
policies:
retry-policy:
ref:
name: retry-policy
configuration:
maxAttempts: 3
backoffMs: 1000
The context section has these properties.
| Parameter | Description | Type |
|---|---|---|
connections |
The list of connections defined as part of this network. |
Connection Objects |
policies |
Policy definitions that govern connection behavior, access, and execution. |
Policies Object |
Connections
Connection definitions live in the context object. Each connections object has a kind field that determines its connection type: either a2a, llm, or mcp.
Connection ID Format
Each connection key (ID) must use only:
-
Lowercase letters (
a–z) -
Numeric characters (
0–9) -
Underscores (
_), non-trailing
For example, hr_system_agent and slack_mcp are valid, but HR-System-Agent and my_connection_ are not.
Connection objects have these properties.
| Field Name | Description | Type | Required |
|---|---|---|---|
|
Connection type |
|
Yes |
|
A reference to an asset representing the target system. |
Reference Object |
Yes |
|
The base URL of the target system. |
String |
No |
|
The authentication method to use when connecting to the target system. |
Authentication Object |
No (Yes for |
|
Policy bindings to apply to this connection, organized by traffic direction. |
Object |
No |
|
Policy bindings applied to inbound traffic. |
Array |
No |
|
Policy bindings applied to outbound traffic. |
Array |
No |
You can attach policies to connection objects by referencing their policy identifier or by defining an inline policy binding. See the policies object for field definitions.
Policies
This section describes reusable, composable policy bindings and definitions that govern specific behaviors or constraints related to connections. You must reference the policy identifier to attach a policy.
For more information about applying policies via Flex Gateway in Local Mode, see:
Example
context:
policies:
myRateLimitPolicy:
ref:
name: myReferenceObject
configuration:
- rate: 100
unit: minute
This section has these properties.
| Parameter | Description | Type | Required |
|---|---|---|---|
ref |
Reference to a specific policy definition. |
Object |
Yes |
ref.name |
Name of the reference definition |
String |
Yes |
configuration |
Policy-specific configuration (structure defined by the referenced policy definition). |
Object |
Yes |
Authentication
This section defines the authentication schemes used by the agent network for authenticating when making outbound requests.
Basic Client Authentication
HTTP Basic authentication with username and password.
Example
kind: basic username: my-username password: my-password headerName: Authorization
The basic object has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
The authentication method type. |
String |
basic |
Yes |
username |
Username for authentication. |
String |
String |
Yes |
password |
Password for authentication. |
String |
String |
Yes |
headerName |
The name of the HTTP used for basic credentials. If not specified, Authorization is used. |
String |
String. Defaults to Authorization. |
No |
API Key Client Authentication
Authenticates outbound requests by including an API key in a configurable HTTP header.
Example
kind: apiKey apiKey: my-api-key-123 headerName: Authorization
An API key passed in a header has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
The authentication method type. |
String |
apiKey |
Yes |
headerName |
The name of the HTTP header that carries the API key. If not specified, Authorization is used. |
String |
String. Defaults to Authorization. |
No |
apiKey |
The header or parameter name for the API key. |
String |
String |
No |
API Key Client Credentials Client Authentication
API key client credentials with client ID and client secret objects.
Example
type: apikey-client-credentials client-id:
value: my-client-id
name: client_id client-secret:
value: my-client-secret
name: client_secret
The API key client credentials object has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
The authentication method type. |
String |
apikey-client-credentials |
Yes |
clientId |
Description of the client ID to be used. |
Object |
Object with value and optional name (default header name is client_id). |
Yes |
clientId.value |
The value for the client ID. |
String |
String |
Yes |
clientId.name |
The header or parameter name. |
String |
String |
No |
clientSecret |
Description of the client secret to be used. |
Object |
Object with value and optional name (default header name is client_secret). |
No |
clientSecret.value |
The value for the client secret. |
String |
String |
Yes |
clientSecret.name |
The header or parameter name. |
String |
String |
No |
OAuth 2.0 Client Credentials Grant Client Authentication
OAuth 2.0 authentication using the Client Credentials Grant Type. Allows agents to obtain access tokens using a client ID and client secret from the token provider.
Example
kind: oauth2-client-credentials clientId: my-client-id clientSecret: my-client-secret token:
url: https://my-oauth2-provider.com/token
timeout: 15
bodyEncoding: form scopes:
- my.custom.scope
- another.scope
The oauth2-client-credentials object has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
The authentication method type. |
String |
oauth2-client-credentials |
Yes |
clientId |
The client ID to authenticate with the OAuth2 provider. |
String |
String |
Yes |
clientSecret |
The client secret used with client ID. |
String |
String |
Yes |
token |
Configuration for how to fetch the token. |
Object |
Token object |
Yes |
token.url |
The URL of the token provider (token endpoint). |
String |
Valid URL string |
Yes |
token.timeout |
Time in seconds to wait for the token service to respond. |
Number |
Any number |
No |
token.bodyEncoding |
Content encoding for the request body. ( |
String |
|
No |
scopes |
Array of scopes to request during token retrieval. |
Array |
Array of scope strings. Defaults to [] |
No |
In-Task Authorization Code
Use in-task authorization code when the connection needs secondary credentials obtained during a task using the OAuth 2.0 Authorization Code flow. OAuth2 tokens are extracted from message data and injected into the Authorization header for upstream calls. This supports step-up or in-task authentication (for example, when a user must re-authenticate for a sensitive action). For more information about the associated policy, see A2A In-Task Authorization Code Policy.
Example
authentication:
kind: in-task-authorization-code
secondaryAuthProvider: providerName
authorizationEndpoint: https://oauth.provider.com/authorize
tokenEndpoint: https://oauth.provider.com/token
scopes: Read
redirectUri: https://oauth.provider.com/callback
responseType: code
tokenAudience: https://api.example.com/agents/my-agent
codeChallengeMethod: S256
bodyEncoding: form
challengeResponseStatusCode: 200
tokenTimeout: 300
The in-task-authorization-code authentication has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
Authentication type. |
String |
in-task-authorization-code |
Yes |
authorizationEndpoint |
OAuth2 authorization endpoint URL. Used to generate the authentication challenge. |
String |
Valid URL |
Yes |
tokenEndpoint |
OAuth2 token endpoint URL. Used to generate the authentication challenge. |
String |
Valid URL |
Yes |
scopes |
OAuth2 scopes required for step-up authentication. |
String |
Space- or comma-separated scope list (for example, openid profile email) |
Yes |
redirectUri |
OAuth2 redirect URI the client uses in the authorization flow. |
String |
Valid URI |
Yes |
secondaryAuthProvider |
Name of the IdP (for example, okta, auth0). Informational only, for the authentication card. |
String |
Any string |
No |
responseType |
OAuth2 response type. |
String |
Typically code. Default: code |
No |
codeChallengeMethod |
PKCE code challenge method. |
String |
Typically S256. Default: S256 |
No |
tokenAudience |
Intended recipient of the token (for example, agent1 or API URL). |
String |
Any string |
No |
bodyEncoding |
Encoding for the token request body. |
String |
form, json. Default: form |
No |
tokenTimeout |
Timeout in seconds for token requests. |
Integer |
Positive integer. Default: 300 |
No |
challengeResponseStatusCode |
HTTP status code returned for auth-required challenge responses. Typically 200 for JSON-RPC compatibility. |
Integer |
HTTP status code. Default: 200 |
No |
distributed |
Share token cache across replicas. Required for fully managed gateway or any multi-replica deployment. |
Boolean |
|
No |
subjectTokenType |
The token type identifier for the subject token. |
String |
Default: |
No |
requestedTokenType |
The desired token type for the issued token. |
String |
Any string |
No |
OAuth 2.0 OBO Credential Injection
This authentication type supports OAuth 2.0 Token Exchange and Microsoft Entra ID On-Behalf-Of protocols. For more information about the associated policy, see OAuth 2.0 OBO Credential Injection Policy.
Using OAuth 2.0 Token Exchange
authentication:
kind: oauth2-obo
flow: oauth2-token-exchange
tokenEndpoint: https://oauth.provider.com/token
clientId: clientId
clientSecret: clientSecret
targetType: audience
targetValue: https://api.example.com/agents/my-agent
scope: Read #optional, OAuth 2.0 scope to request. Required for Microsoft Entra OBO (for example, api://downstream-client-id/.default). Optional for OAuth 2.0 Token Exchange (RFC 8693).
timeout: 5000
Using Microsoft Entra ID On-Behalf-Of
authentication:
kind: oauth2-obo
flow: microsoft-entra-obo
tokenEndpoint: https://oauth.provider.com/token
clientId: clientId
clientSecret: clientSecret
scope: api://downstream-client-id/.default
timeout: 5000
The oauth2-obo authentication has these properties.
| Parameter | Description | Type | Valid Values | Required |
|---|---|---|---|---|
kind |
Authentication type. |
String |
oauth2-obo |
Yes |
flow |
Token exchange flow type. |
String |
oauth2-token-exchange, microsoft-entra-obo |
Yes |
clientId |
OAuth2 client ID for token exchange. |
String |
String |
Yes |
clientSecret |
OAuth2 client secret for token exchange. |
String |
String |
Yes |
tokenEndpoint |
OAuth2 token endpoint URL for token exchange. |
String |
Valid URL |
Yes |
targetType |
Parameter type for specifying the target service (audience for logical name, resource for physical URI). Used for OAuth 2.0 Token Exchange. |
String |
audience, resource. Default: audience |
No |
targetValue |
Target audience URI or resource URI for the exchanged token. Required for OAuth 2.0 Token Exchange. |
String |
Valid URI |
Required when using oauth2-token-exchange with a target |
scope |
OAuth scope to request. Required for Microsoft Entra OBO (for example, api://downstream-client-id/.default). Optional for OAuth 2.0 Token Exchange. |
String |
String |
Required for microsoft-entra-obo |
timeout |
Timeout for token exchange requests in milliseconds. |
Integer |
Positive integer. Default: 10000 |
No |
cibaEnabled |
When |
Boolean |
|
No |
cibaEndpoint |
Backchannel authorization ( |
String |
Valid URL |
No |
cibaLoginHintClaim |
JWT claim from the subject token to send as the CIBA |
String |
String. Default: |
No |
cibaBindingMessage |
Optional message shown on the user’s authentication device during CIBA approval. |
String |
String |
No |
distributed |
Share token cache across replicas. Required for fully managed gateway or any multi-replica deployment. |
Boolean |
|
No |
Brokers Section
Use this section to define brokers that orchestrate and control the flow of agent and tool invocations. Each broker object maps to an .agent file. You can have multiple Agent Script files in your /brokers directory.
Broker ID Format
Each broker key (ID) must use only:
-
Lowercase letters (
a–z) -
Numeric characters (
0–9) -
Underscores (
_), non-trailing
For example, customer_service_agent and billing_agent are valid, but customerServiceAgent and my_broker_ are not.
Example
brokers:
customer_service_agent:
kind: AgentScript
implementation: ./brokers/customer-service.agent
interfaces:
a2a:
card: ...
policies:
inbound:
- ref:
name: rate-limit-policy
billing_agent:
kind: AgentScript
implementation: ./brokers/billing-handler.agent
interfaces:
a2a:
card: ...
The brokers section has these properties.
| Parameter | Description | Type | Required | Values |
|---|---|---|---|---|
|
Named broker definition. See Broker ID Format. |
Object |
No |
Keys: identifiers using only lowercase |
|
The type of agent implementation. |
String |
Yes |
|
|
The path to the Agent Script implementation file. |
String |
Yes |
— |
|
Exposed interfaces for this broker. |
Object |
Yes |
|
interfaces.a2a
The a2a interface defines how external clients interact with a broker through the Agent2Agent protocol. It contains the broker’s agent card and any inbound or outbound policy bindings.
| Parameter | Description | Type | Required |
|---|---|---|---|
|
The A2A agent card. See A2A Card. |
AgentCard |
No |
|
Inbound and outbound policy binding lists for this interface. |
Object |
No |
|
Policy bindings for inbound traffic. |
Array |
No |
|
Policy bindings for outbound traffic. |
Array |
No |
User Identity and Task Security
The broker derives a userId from the authentication context of the security policy applied at the broker’s ingress. This userId secures A2A task management operations, ensuring that only the authenticated user who owns a task can query or modify it. This includes SendMessage and SendStreamingMessage operations that target an existing task.
If no authentication policy is configured at the broker’s ingress, or if a userId cannot be determined from the authentication context, the broker continues to orchestrate normally. However, A2A task management operations (such as querying task status, canceling a task, or sending messages to an existing task) are not available for tasks created without an associated userId.
Policy Binding Reference
Use a policy binding reference to attach a previously declared policy to a broker interface by name.
| Parameter | Description | Type | Required |
|---|---|---|---|
|
Name of the declared policy binding. See Policies. |
String |
Yes |
Inline Policy Binding
Use an inline policy binding to define a policy directly on the broker interface without declaring it elsewhere first.
| Parameter | Description | Type | Required |
|---|---|---|---|
|
The policy to be applied. |
Object |
Yes |
|
Reference to the policy definition. |
PolicyRef See Policies. |
Yes |
|
Policy-specific configuration. |
Object |
Yes |
Expressions Format
Use Python expressions to resolve or calculate values that are only available at runtime.
Enclose expressions using the {{}} evaluation wrapper. You can also use multiline statements using the appropriate YAML syntax.
Example
- reasoning:
id: welcome-message
description: "Send a welcome message to the candidate."
llm: my-primary-llm
prompt: "Extract the email from {{input}} and send a greeting email to the user saying their onboarding process has started"
tools:
- ref: my-email-tool
Expressions have these properties.
| Variable Name | Description | Type | Required |
|---|---|---|---|
input |
Payload or parameters provided as input to the node. |
Type defined by Graph |
Yes |
variables |
A mutable key-value store for variables scoped to the execution of the graph instance. |
Dict[string, any] |
Yes |
{node-ids} |
Read-only mapping of all node definitions available in the current graph, indexed by node id. |
Dict[string, Object] |
Yes |
{node-ids} have these properties.
| Variable Name | Type | Description | Required |
|---|---|---|---|
input |
Type defined by Graph |
Input to the node as it happened. |
Yes |
output |
Type defined by Graph |
Output provided by the node as it happened |
Yes |
Exchange.JSON File
All agent network projects have an exchange.json file. This file contains asset metadata available in Anypoint Exchange after publishing your agent network assets.
Example
{
"main": "agent-network.yaml",
"name": "Employee Onboarding Network",
"classifier": "agentic-network",
"organizationId": "85de5a54-1f33-4ea4-a1bf-8a65bc409179",
"descriptorVersion": "1.0.0",
"tags": [],
"groupId": "85de5a54-1f33-4ea4-a1bf-8a65bc409179",
"assetId": "employee-onboarding-network",
"version": "1.0.5",
"dependencies": [
{
"groupId": "85de5a54-1f33-4ea4-a1bf-8a65bc409179",
"assetId": "hr-agent",
"version": "1.0.21",
"classifier": "agent-metadata",
"packaging": "zip"
}
],
"metadata": {
"variables": {
"openai": {
"clientId": {
"description": "OpenAI LLM Client ID",
"default": ""
},
"clientSecret": {
"description": "OpenAI LLM Client Secret",
"default": "",
"secret": true
},
"url": {
"description": "OpenAI URL",
"default": "",
"secret": false
}
}
}
}
}
These key-value pairs are important for your agent network configuration:
-
groupId: ID of the Anypoint business group that owns your agent network and all the assets derived from it.
-
assetId: Unique identifier for the agent network project.
-
dependencies: Existing assets that this network needs to reference.
-
variables: Nested in the metadata section, defines all the variables whose values shouldn’t be hardcoded in the
agent-network.yamlfile. Enter these values when publishing the agent network. Each variable has a description value, a default value, and a secret value that indicates whether it’s treated as sensitive or not.
Runtime System Limits Configuration
You can configure runtime system limits for your agent network by adding specific variables to the metadata.variables section of your exchange.json file. These variables control graph execution behavior and help prevent infinite loops or excessive resource usage.
Example
{
"main": "agent-network.yaml",
"name": "it-investigation-GA-version",
"classifier": "agentic-network",
"organizationId": "{YOUR ORG ID}",
"descriptorVersion": "1.0.0",
"tags": [],
"metadata": {
"variables": {
"openai": {
"apiKey": {
"description": "OpenAI API key",
"default": "",
"secret": true
}
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_HANDOFF_ITERATIONS": {
"description": "max node-to-node transitions per turn",
"secret": false,
"default": "30"
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_REASONING_ITERATIONS": {
"description": "max LLM reasoning loops within a single node",
"secret": false,
"default": "20"
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_SUBGRAPH_DEPTH": {
"description": "max subgraph nesting depth",
"secret": false,
"default": "10"
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_NODE_TOOL_CALL_ITERATIONS": {
"description": "max tool_executor runs per node",
"secret": false,
"default": "20"
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_TURN_TOOL_CALL_COUNTS": {
"description": "total tool invocations across all nodes per turn",
"secret": false,
"default": "50"
},
"MODULE_GRAPH_ERROR_SETTINGS_MAX_STATE_SIZE_BYTES": {
"description": "max accumulated state size in bytes (10 MB)",
"secret": false,
"default": "10485760"
}
}
},
"apiVersion": "v1.0",
"dependencies": [],
"groupId": "{YOUR ORG ID}",
"assetId": "it-investigation-GA-version",
"version": "1.0.0"
}
Runtime System Limit Variables
The following table describes the runtime system limit variables you can configure:
| Variable Name | Description | Default Value |
|---|---|---|
MODULE_GRAPH_ERROR_SETTINGS_MAX_HANDOFF_ITERATIONS |
Maximum number of node-to-node transitions allowed per turn. Controls how many times execution can move between nodes in the agent network graph during a single conversation turn. |
30 |
MODULE_GRAPH_ERROR_SETTINGS_MAX_REASONING_ITERATIONS |
Maximum number of LLM reasoning loops allowed within a single node. Limits how many times the LLM can iterate on its reasoning before producing a result. |
20 |
MODULE_GRAPH_ERROR_SETTINGS_MAX_SUBGRAPH_DEPTH |
Maximum nesting depth for subgraphs. Controls how deeply agent networks can be nested within other agent networks. |
10 |
MODULE_GRAPH_ERROR_SETTINGS_MAX_NODE_TOOL_CALL_ITERATIONS |
Maximum number of tool executor runs allowed per node. Limits how many times a node can invoke tool execution during its processing. |
20 |
MODULE_GRAPH_ERROR_SETTINGS_MAX_TURN_TOOL_CALL_COUNTS |
Total number of tool invocations allowed across all nodes per turn. Provides a global limit on tool usage during a single conversation turn. |
50 |
MODULE_GRAPH_ERROR_SETTINGS_MAX_STATE_SIZE_BYTES |
Maximum accumulated state size in bytes. Limits the total amount of state data that can be accumulated during graph execution. Default is 10 MB (10485760 bytes). |
10485760 |
Specify all runtime system limit variables as string values in the exchange.json file. All variables are non-sensitive (secret: false).



