MCP and A2A Under Linux Foundation Governance
Model Context Protocol reached 110 million monthly SDK downloads in April 2026. Agent-to-Agent protocol shipped v1.0. The Linux Foundation's Agentic AI Foundation now governs both. Three facts in close succession that, taken individually, sound like press release milestones. Taken together, they signal something more structural: the protocol layer for agentic systems is stabilizing, and the window for making architecture decisions based on "wait and see" is closing.
What the AAIF Structure Actually Controls
The governance structure follows the Linux Foundation's standard two-tier model. The AAIF Governing Board handles strategic decisions: budget allocation, member recruitment, approval of new projects entering the foundation. Individual projects — MCP, A2A, Block's goose agent runtime, and OpenAI's AGENTS.md specification — retain full autonomy over their technical direction and day-to-day development.
What this means in practice: AAIF does not dictate MCP's wire format, its transport mechanisms, or its capability primitives. Anthropic's MCP team still makes those calls. What AAIF provides is IP neutralization (no single company controls the spec), a vendor-neutral governance process for breaking changes, and an organizational home that signals long-term commitment. The Linux Foundation has managed this playbook successfully for Kubernetes, OpenTelemetry, and dozens of other infrastructure standards. It is a known quantity.
| AAIF responsibility | Project autonomy |
|---|---|
| Budget allocation | Technical specifications |
| Member recruitment | Feature development |
| Project approval | Release timelines |
| Governance process | Code review and merging |
For engineering teams, the operative question is not "who runs AAIF" but "what guarantees does governance provide." The answer: stability guarantees on the spec's evolution cadence, a formal process for backward-incompatible changes, and the kind of organizational neutrality that lets enterprise legal and procurement teams approve it. Those three things were the primary blockers to MCP adoption in large organizations in 2025. They are now largely resolved.
The Vertical/Horizontal Protocol Split
One of the more useful mental models to emerge from the AAIF launch is the explicit framing of MCP and A2A as complementary rather than competing protocols, each handling a distinct dimension of agentic system architecture.
MCP operates vertically — it standardizes the connection from an agent downward to its capabilities: tools, data sources, external services, compute environments. An agent using MCP has a consistent interface for invoking a code execution environment, querying a database, calling an API, or reading from a file system, regardless of which vendor provides that capability. The three primitives (tools, resources, and prompts) cover the vast majority of what agents need to reach outward.
A2A operates horizontally — it standardizes peer-to-peer coordination between agents. When an orchestrator agent needs to delegate a sub-task to a specialist agent, or when two independently deployed agents need to exchange state and results, A2A provides the communication protocol. A2A v1.0, now stable, handles capability discovery (what can another agent do?), task delegation, and result streaming between agents that may be built on entirely different runtimes or model providers.
The duality maps cleanly to the two distinct failure modes teams hit when building agentic systems. Context loss and tool incompatibility are MCP problems. Coordination failures — agents that cannot discover each other's capabilities, that duplicate work, that produce conflicting outputs — are A2A problems. Any non-trivial production agentic system in 2026 is hitting both categories. The protocol split is not arbitrary; it reflects a genuine architectural separation of concerns.
What Protocol Maturity Looks Like in Production
The MCP Dev Summit North America, held April 2–3 in New York City, is a useful signal of where the protocol stands. Over 95 sessions from MCP co-founders, maintainers, contributors, and production deployments. The session distribution is telling: in 2025, MCP conferences were dominated by "getting started" and "what is this" content. In April 2026, the sessions were about enterprise tool authorization, multi-agent orchestration patterns, and production observability. The protocol is past the early adopter phase.
On April 15, Databricks announced major enhancements to its AI Gateway, now rebranded as Unity AI Gateway. The product is built explicitly around MCP as the governance layer for agentic AI: fine-grained MCP tool governance, end-to-end observability across agent chains, a unified model API with built-in fallbacks, and centralized audit logging for every tool call an agent makes. The product exists because enterprises need a control plane between their agents and the MCP tools they invoke. The fact that a company of Databricks' size is building infrastructure on top of MCP as a stable foundation — not around it or despite it — is a data point about protocol maturity that press releases cannot fake.
Salesforce followed on April 16 with Headless 360, exposing every Salesforce platform capability as APIs and MCP tools, shipping 60+ new MCP tools as part of the launch. Every major AI provider — Anthropic, OpenAI, Google, Microsoft, Amazon — now supports MCP natively. The network effects of a protocol standard compound quickly once this threshold is crossed. The cost of not supporting MCP for a tool vendor is now higher than the cost of supporting it.
The Honest Assessment
The AAIF transition effectively converts MCP from a vendor-controlled protocol to an industry-controlled standard. The comparable transition for Linux happened in 2000 with the OIN consortium, for Kubernetes in 2016 when it moved to CNCF. Each transition was followed by accelerated enterprise adoption. MCP is at that inflection.
But adoption carries caveats. Teams should evaluate AAIF governance against these measurable criteria:
| Evaluation criteria | Question to answer | Threshold for proceeding |
|---|---|---|
| Spec stability | How many breaking changes in the last 12 months? | Zero major breaking changes in the last 6 months |
| Vendor diversity | Are at least three major cloud providers shipping native support? | AWS, Azure, GCP all support it natively |
| Tool coverage | Can your existing toolchain integrate without custom work? | Official SDKs or certified libraries for your stack |
| Governance process | Is there a documented process for breaking changes? | Formal RFC process with public feedback period |
Teams that meet these criteria can proceed with confidence. Teams still evaluating whether MCP/A2A align with their specific constraints should proceed with pilots that isolate risk and measure against the thresholds above.
Actionable Takeaways
Before AAIF, the practical risk of building a deep MCP integration was vendor dependency: if Anthropic changed the spec, or pivoted priorities, the toolchain had a single-vendor exposure. That risk suppressed enterprise commitment. The governance transition addresses that risk directly.
The practical architectural pattern that emerges from the MCP/A2A duality is a three-layer stack:
Capability layer (MCP): All agent-to-tool connections go through MCP. Tools, data sources, and external services expose MCP-compliant interfaces. Agents never talk to raw APIs directly if an MCP abstraction is available. This provides tool portability — you can swap model providers without re-wiring your tool integrations.
Coordination layer (A2A): Agent-to-agent communication uses A2A. Orchestrators discover specialist agents via A2A capability discovery, delegate tasks via A2A messages, and receive structured results via A2A response schemas. This decouples orchestration logic from the specific agents it coordinates, enabling you to swap, upgrade, or parallelize specialist agents without rewriting orchestration code.
Governance layer (Unity AI Gateway or equivalent): A control plane that sits between your agents and the capability/coordination layers, providing observability, rate limiting, access control, and audit logging. Without this layer, you have no visibility into what your agents are actually calling, at what frequency, and with what data. The recent OAuth supply chain attack pattern — where an AI tool's access to internal environments went unmonitored — illustrates exactly what the observability gap costs when it is exploited. This is not optional infrastructure in production.
Teams that wire this three-layer pattern before they need it will spend their engineering cycles on agent capability and product differentiation. Teams that skip governance and build directly against raw MCP endpoints will retrofit it later, under incident pressure, at significantly higher cost.
Immediate next steps:
- Map your current agent-to-tool connections to MCP primitives and identify any gaps
- Define agent-to-agent coordination patterns and determine whether A2A coverage matches your orchestration needs
- Establish a governance layer baseline: what can you monitor today, and what observability gaps remain?
- Set up a pilot with one production agent using MCP, measuring against the evaluation criteria above
Protocol governance is infrastructure. It is not interesting until it is absent. The AAIF transition means the agentic protocol layer now has the kind of institutional backing that allows multi-year engineering commitments. The teams making those commitments now will have a meaningful head start on the teams that wait for the next signal.