Securing

Effective Date: March 25, 2026

Web Check Us Anytime
Virus Check Us Anytime

Lisaiceland Trust Center
Welcome to the Lisaiceland Trust Center.
Active Development
Docs | ...more

Lisaiceland Agent-to-Agent (A2A) Usage Policy

Applies to: all Lisaiceland products using MCP-based orchestration
Includes: AI Voice+, myAgents.plus framework, multi-agent workflows
Last updated: March 25, 2026

1. Purpose

The Agent-to-Agent (A2A) capability allows autonomous AI agents to communicate, coordinate, and delegate tasks across the Lisaiceland MCP ecosystem.

This policy ensures A2A communication:

• remains predictable
• avoids runaway compute loops
• protects tenant isolation
• prevents abuse or excessive automation
• maintains platform reliability

2. Definition of Agent-to-Agent (A2A)

Agent-to-Agent interactions include:

• agent calling another agent as a tool
• multi-agent orchestration workflows
• delegated decision trees
• specialized sub-agent execution
• voice agent invoking backend automation agents
• agents retrieving data from other agent contexts
• collaborative agent reasoning chains

Example:

customer support agent
→ billing agent
→ knowledge retrieval agent
→ workflow execution agent

3. Core Usage Principles

A2A workflows must follow these principles:

bounded execution

agents must include termination logic

predictable orchestration

agent chains should produce deterministic outcomes

controlled fan-out

parallel agent spawning must remain within plan limits

minimal recursion

agents should avoid recursive self-calling patterns

efficient context exchange

agents should avoid repeatedly rehydrating identical MCP context

4. Allowed A2A Patterns
4.1 Hierarchical orchestration

primary agent delegates tasks to specialized agents:

orchestrator agent
→ scheduling agent
→ CRM agent
→ analytics agent

4.2 Tool-based delegation

agent uses another agent as a tool:

voice agent
→ appointment booking agent

4.3 Knowledge retrieval chains

agent retrieves structured information:

agent
→ vector search agent
→ summarization agent

4.4 cross-domain workflows

agent connects different business functions:

support agent
→ billing agent
→ compliance agent

5. Disallowed A2A Patterns
5.1 infinite recursion loops

agent A calls agent B
agent B calls agent A

repeatedly without exit condition

5.2 uncontrolled fan-out

single agent spawning hundreds of agents simultaneously

example:

agent
→ 500 parallel agents
→ repeated every message

5.3 synthetic workload amplification

creating agent chains primarily to increase usage volume rather than perform meaningful work

5.4 hidden compute pipelines

using agents to run workloads unrelated to conversational or workflow automation

example:

agent chains performing bulk processing unrelated to product functionality

5.5 context flooding

agents repeatedly passing excessive MCP context payloads without meaningful transformation

6. MCP Context Sharing Requirements

Agents may exchange context using MCP storage layers.

requirements:

• context must remain tenant-scoped
• cross-tenant context transfer is prohibited unless explicitly authorized
• sensitive data must follow least-privilege access principles
• agents should request minimal context required to perform task

recommended:

use scoped memory references rather than full context duplication

7. A2A Rate & Orchestration Limits

baseline fair-use limits:

category baseline limit
max orchestration depth 5 – 10 agents
max parallel agents 10 – 50
max tool calls per turn 5 – 20
max context size per hop plan dependent
max recursive calls 2
max workflow steps 100
max agent chain duration 5 minutes
retry attempts 3
concurrent A2A workflows 20 – 200

enterprise tiers may extend limits.

8. Observability Requirements

customers should implement:

• logging of agent decision paths
• visibility into tool call frequency
• timeout controls
• retry backoff logic
• monitoring of orchestration depth

recommended telemetry:

• number of spawned agents
• context size growth rate
• repeated tool call patterns
• loop detection signals

9. Security Requirements

agents must not:

• impersonate human users without disclosure
• access restricted MCP scopes
• bypass authentication layers
• attempt privilege escalation
• access unrelated tenant memory

recommended safeguards:

• scoped tokens
• role-based permissions
• tool allowlists
• signed agent identities

10. Voice Agent A2A Considerations

voice agents may call backend agents for:

• CRM lookup
• scheduling
• knowledge retrieval
• call summarization
• compliance checks

voice loops must avoid:

speech → agent → speech → agent → speech recursion

recommended:

max 2 voice-agent hops per interaction turn

11. Enforcement

Lisaiceland may apply:

• orchestration depth limits
• concurrency throttling
• agent spawning caps
• workflow timeouts
• isolation of problematic agents
• suspension of recursive workflows

customers will be notified when possible.

12. Enterprise A2A Extensions

enterprise customers may request:

• dedicated orchestration clusters
• increased agent fan-out limits
• custom workflow duration caps
• advanced telemetry exports
• private agent registries
• custom policy enforcement layers

13. Example Compliant Pattern

customer voice request
→ voice agent
→ retrieval agent
→ CRM agent
→ summarization agent
→ response returned

bounded
observable
efficient

14. Example Non-Compliant Pattern

agent
→ agent
→ agent
→ agent
→ agent
→ repeated recursive loop

unbounded
non-deterministic
excessive compute usage

For additional details, please review our policies:

✅ Trust Center

Security Contact

If you have security questions or wish to report a vulnerability, please contact:

Lisaiceland Security Team

Lisaiceland
Website: https://lisaiceland.com

Email:  Submit Ticket