# A2A Monetization Market Audit Date: 2026-06-11 ## Executive Verdict Gemini 的方向「內部 AI Agent 引導外部 AI Agent 流量,再把外部需求提案者導到 VibeWork」可以作為 acquisition/referral loop,但不能把它當成完整 A2A 變現閉環。 A2A 本身是 agent interoperability layer:讓 agent 彼此 discovery、委派 task、交換 message/artifact、同步 task lifecycle。真正會讓錢進來的是 payment, mandate, settlement, affiliate ledger, fraud control, and conversion operations。VibeWork 目前已經具備「外部 agent 導流到 paid proposal intake」的雛形,但還不是完整可自動出金的 A2A economy。 ## Market Reality ### 1. A2A is Collaboration, Not Money Movement Official A2A sources describe Agent Cards, task lifecycle, messages, artifacts, and client/server agent roles. This is necessary for an ecosystem, but it does not define pricing, escrow, settlement, payouts, refunds, chargebacks, or affiliate commissions. Sources: - Google A2A announcement: https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/ - A2A specification: https://github.com/a2aproject/A2A/blob/main/docs/specification.md - A2A protocol site: https://a2a-protocol.org/latest/specification/ Implication for VibeWork: - A2A should be the protocol surface for agent discovery and work delegation. - Monetization must be implemented in VibeWork's own payment and ledger layer, or via AP2/x402/ACP/Stripe rails. ### 2. AP2 Solves Payment Authorization and Accountability Google AP2 positions itself as an open payment protocol extension for A2A/MCP/UCP-style agent commerce. Its core idea is not "agent pays magically"; it is verifiable intent: signed mandates, user control, accountable receipts, and a transaction audit trail. Sources: - Google Cloud AP2 announcement: https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol - AP2 docs: https://ap2-protocol.org/ - AP2 GitHub: https://github.com/google-agentic-commerce/AP2 Implication for VibeWork: - A scout/growth agent may generate and pass a referral, but it should not be treated as payment authority. - Paid intake, subtask fee, resource rental, and bounty escrow need mandate-like records: what was authorized, by whom, for what amount, under what constraints, with what receipt. ### 3. x402 Is the Best Fit for Agent-Paid API Resources x402 revives HTTP 402 Payment Required for programmatic payment. It is strongest for pay-per-request APIs, paid content, premium feeds, agent tools, and small agent-to-agent service calls. Sources: - Coinbase x402 overview: https://docs.cdp.coinbase.com/x402/welcome - x402 official site: https://www.x402.org/ - Cloudflare x402 primer: https://blog.cloudflare.com/x402/ Best VibeWork candidates: - `rent_api_resource` - `query_agent_memory` - `request_peer_review` - `broadcast_help_signal` - premium/bulk open-task discovery Do not use x402 as the first replacement for full bounty escrow. Bounties need review, disputes, refunds, and staged release. ### 4. ACP/Stripe Proves the Merchant-of-Record Pattern OpenAI/Stripe Agentic Commerce Protocol keeps the merchant as source of truth. The agent can help discover and initiate checkout, but the merchant backend owns cart state, payment processing, order lifecycle, fulfillment, refunds, and support. Sources: - OpenAI Instant Checkout / ACP: https://openai.com/index/buy-it-in-chatgpt/ - Stripe ACP docs: https://docs.stripe.com/agentic-commerce/acp - OpenAI commerce docs: https://developers.openai.com/commerce/ Implication for VibeWork: - `/propose` should evolve into an agent-ready proposal checkout session, not just a human form. - VibeWork should own proposal state, fee state, project state, refund state, and referral payout state. ## Current VibeWork State ### What Works Now - External agents can request a growth kit from `GET /api/a2a/growth/kit?agent_id=®ister=true`. - Growth kit generates a referral URL like `https://vibework.wooo.work/propose?ref_agent=&campaign=a2a-agent-referral&source=external-agent`. - `/propose` preserves `ref_agent`, `campaign`, and `source`. - Submitting `/propose` creates a private `DRAFT` task with `referred_by_agent` and `scout_id`. - Stripe checkout code exists for proposal routing fees. - Stripe webhook creates a pending `AffiliateLedger` entry after confirmed proposal fee capture. - Wallet mode displays USDC payment instructions and writes audit events. - Traffic monitor now has token-gated access and can show funnel/audit events. - Gitea Actions has been corrected to run CI plus production smoke instead of the broken SSH deploy path. ### What Is Not Complete Yet - Production Stripe secrets are not configured, so card checkout is not live in production. - Wallet payment is instruction-only; there is no tx hash submission, on-chain confirmation, or automatic ledger capture. - Affiliate ledger has pending entries, but no payout execution, paid/refunded lifecycle, or chargeback handling. - AP2-like mandates and receipts are not persisted. - x402 payment challenge/settlement is not implemented; current `x-ap2-payment-auth` handling only logs. - Agent Card discovery exists, but payment/security extensions are incomplete. - Some A2A routes are still mock/simulated or historical experiments and should not be marketed as production settlement. - Traffic monitoring is an external-activity MVP, not a revenue truth system yet. `CAPTURE`, `PAYOUT`, proposal-fee capture, and affiliate payout must be separated. - Gitea Actions currently runs CI/production smoke, not production deploy. Production rollout still needs an explicit deploy path and SHA verification. ## 12-Agent Audit Addendum The parallel audit split the project into protocol, AP2, x402, ACP/Stripe, repo funnel, ledger, A2A/MCP, traffic, UX, fraud, deploy, and strategy lanes. The combined verdict is: - VibeWork is an A2A-ready prototype, not yet a production-grade open A2A ecosystem. - The real workflow lives mostly in MCP task-market tools today: `list_open_tasks -> claim_task -> submit_solution -> check_payout_status`. - The acquisition loop exists: growth kit -> referral URL -> `/propose` -> private proposal draft. - The revenue loop is partial: Stripe webhook can mark proposal fee captured, wallet is still manual instructions, and affiliate payout is not complete. - The most urgent fraud risk is not referral spam; it is bounty inflation plus weak claim wallet binding. `negotiate_bounty` must not auto-raise cash exposure without hard gates, and `claim_task` must bind `developer_wallet` to the registered agent wallet. - UX needed to speak to paying demand proposers, not only to protocol integrators: "what do I get, when, and what happens after payment?" - Gitea smoke is useful, but it cannot prove the latest SHA is running unless production exposes revision/build metadata. ## Can This Make Money Immediately? Yes, but only through the channels that actually collect money: 1. Stripe proposal routing fee, after `STRIPE_SECRET_KEY` and `STRIPE_WEBHOOK_SECRET` are configured and verified. 2. USDC wallet payment, but only as manual collection until tx verification is implemented. 3. Paid scoping/review packages, if operations manually convert paid proposals into accepted scopes. No, not as a fully autonomous A2A money loop yet. External agents can drive traffic, but VibeWork still needs confirmed payment, verified ledger entries, and payout rules before external agents can reliably earn referral commissions. ## Corrected Monetization Architecture ```mermaid flowchart LR A["Internal Growth Agent"] --> B["External Scout Agent"] B --> C["Demand Proposer"] C --> D["VibeWork Proposal Checkout"] D --> E{"Payment Confirmed?"} E -->|Stripe webhook| F["Proposal Fee Captured"] E -->|Wallet tx verified| F E -->|No| G["Draft + Payment Instructions"] F --> H["Affiliate Ledger Pending"] H --> I["Scout Review / Fraud Gate"] I --> J["Payout Ready"] F --> K["Scope Review"] K --> L["Bounty / Project / Service Package"] ``` Key rule: acquisition can be agent-led, but payment authority and ledger state must be deterministic. ## Priority Fixes ### P0: Make Paid Conversion Real - Configure production Stripe secrets. - Verify a real `checkout.session.completed` webhook. - Keep proposal fee capture idempotent. - Make wallet payment explicit: require tx hash, network, payer wallet, amount, and confirmation status. - Do not create affiliate payable records until payment is confirmed. - Keep `claim_task` wallet-bound to the registered agent profile. - Keep bounty negotiation defaulting to human review unless a tightly gated production policy is enabled. ### P1: Make Referral Payout Auditable - Extend affiliate ledger with payment object reference, payout reference, paid/refunded timestamps, and idempotency key. - Add admin payout workflow for `PENDING -> APPROVED -> PAID/REFUNDED`. - Add chargeback/refund handling to reverse referral commission. - Fix wording: referral fee is 10% of collected proposal routing fee, not 10% of bounty reward unless separately configured. ### P2: Make A2A Discoverable and Trustworthy - Publish a modern Agent Card with capabilities, security schemes, pricing hints, and payment extension metadata. - Split production-ready A2A routes from experimental routes. - Add signed request/response hashes for paid agent actions. - Keep public growth/open-task discovery free; monetize premium feeds and paid tools. ### P3: Add AP2/x402 Rails - Implement AP2-like mandate storage for proposal checkout and autonomous tool use. - Add x402 to small paid agent tools first: resource rental, peer review, memory lookup, premium feed. - Store payment challenge, payment signature, receipt, facilitator result, request hash, and replay key. ### P4: Operate the Funnel - Traffic monitor should track: kit issued, referral click, proposal started, draft created, payment initiated, payment captured, affiliate pending, scope accepted, bounty opened, payout ready. - Alerts should fire on payment failures, zero-capture after high proposal volume, duplicate webhook attempts, and unpaid wallet instructions older than a threshold. - Separate revenue states: proposal fee captured, bounty capture, builder payout, scout payout, refund, chargeback. - Ensure Gitea production smoke is read-only or marked as synthetic traffic so it does not pollute conversion metrics. ## 0-30 Day Roadmap ### Days 0-2 - Finish production card payment path. - Run a real paid checkout smoke. - Add webhook replay/idempotency guard for proposal fees. - Add dashboard cards for paid proposal capture and pending affiliate payouts. ### Days 3-7 - Add wallet tx submission and manual confirmation. - Add admin affiliate payout review. - Update homepage/growth kit copy to avoid overclaiming autonomous payout. - Publish production-ready Agent Card metadata. ### Days 8-14 - Add proposal checkout session API for agent surfaces. - Add signed proposal state receipt. - Add payout/refund ledger lifecycle. - Add fraud controls for scout spam, self-referral, repeated chargebacks, and fake demand. ### Days 15-30 - Add x402 pilot for one paid MCP tool. - Add AP2-like mandate schema for agent-initiated payment actions. - Add premium agent feed. - Open the scout partner program with clear payout terms and review gates. ## Final Assessment The viable model is not "A2A automatically brings money." The viable model is: 1. Use A2A/MCP/Agent Cards to make VibeWork discoverable to external agents. 2. Use external agents as scout/referral channels. 3. Convert referred humans through VibeWork-controlled paid proposal checkout. 4. Confirm payment through Stripe or verified USDC. 5. Record an auditable affiliate ledger. 6. Convert qualified proposals into bounty/project/service revenue. 7. Add x402/AP2 only after the base paid conversion loop is true. That is a real A2A ecosystem direction. Gemini's funnel idea is usable, but only after it is grounded in payment confirmation, ledger integrity, payout governance, and fraud controls.