One chat. Every agent. Any protocol.
A single front door for all your AI agents β Agentgram speaks REST, A2A and ADK on the way in,
and emits clean AG-UI events on the way out, so the UI never has to care how an agent is built.
I kept ending up with a different chat window for every agent I built β one for the Kubernetes agent, another for logs, another for metrics β each speaking its own protocol. Agentgram is the single front door I wanted: one chat UI, one API, every agent, regardless of how each one is wired underneath.
The API is a multiplexer. It handles auth, permissions and session storage, talks to each agent in its native protocol, and converts everything to a uniform stream of AG-UI events. The web client just renders that stream β it never needs to know whether an answer came from a REST endpoint, an A2A peer or a Google ADK app.
Tip
The killer feature β centralize everything, behind RBAC. Point Agentgram at every agent and MCP server in your company β whether they speak ADK, A2A or a custom protocol β and expose them through one API endpoint and one MCP endpoint. Role-based access control (RBAC) decides exactly who can reach which agent or MCP, so a single integration hands each person precisely the tools they're entitled to β and nothing else. No more N integrations, N logins, N tools to wire up per client.
- π’ Centralize N agents and N MCP servers β register everything your company runs and reach it all through one API endpoint and one MCP endpoint.
- π‘οΈ RBAC β fine-grained, per-agent and per-MCP access control by group or user. Each caller only ever sees what they're allowed to.
- π Protocol-agnostic β Custom REST/SSE, A2A (JSON-RPC) and Google ADK agents behind one interface.
- π‘ AG-UI native β the API emits standard AG-UI SSE events (
RUN_STARTED,TEXT_MESSAGE_*,TOOL_CALL_*,RUN_FINISHED). - 𧡠Sessions that persist β conversation history per agent, stored in Redis and managed by the API (agents stay stateless).
- π₯ Multi-agent chats β talk to several agents in one thread and propagate context between them.
- π€ Share & collaborate β share conversations with revocable, time-limited links (view or clone), and build shared multi-agent groups that a team uses together.
- π Authentication β optional Keycloak (OIDC/JWT) login; identities and groups (e.g. Google Workspace) drive the RBAC above.
- π οΈ MCP server β expose your agents as tools inside Claude Code and Cursor, with full OAuth + Dynamic Client Registration (no manual setup).
- π¬ Slack integration β reach the same agents from Slack.
- π Built-in observability β usage metrics, latency and cost dashboards out of the box.
- π§° Admin panel β register agents, MCP servers, LLMs and permissions from the UI.
ββββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββ
β Web βββββ>β API βββββ>β Agent (Custom) β
β (Next.js + AG-UI) β<βββββ (Go Multiplexer) β<βββββ REST Β· SSE β
ββββββββββββββββββββββββ β β βββββββββββββββββββ
β β - JWT / OIDC auth β βββββββββββββββββββ
AG-UI events β - Permissions βββββ>β Agent (A2A) β
over SSE β - Session store β<βββββ JSON-RPC β
β - AG-UI conversion β βββββββββββββββββββ
β - MCP server β βββββββββββββββββββ
βββββββββββββββββββββββββββ>β Agent (ADK) β
β <βββββ REST Β· SSE β
Redis Β· PostgreSQL βββββββββββββββββββ
See docs/PROTOCOLS_OVERVIEW.md for how each protocol is mapped onto AG-UI.
Requirements: Node.js 22+, Go 1.25+, Docker & Docker Compose.
git clone https://github.com/dfradehubs/agentgram.git
cd agentgram
make install # install web + Go dependencies
make docker-up # API + mock agent + Redis + PostgreSQL + a test frontendThat brings up:
| Service | URL |
|---|---|
| API | http://localhost:8080 |
| Mock agent | http://localhost:9000 |
| Test frontend | http://localhost:3001 |
To run the real web UI against the stack:
make web # Next.js dev server on http://localhost:3000Run make help to see every available target.
A chat request is a list of messages plus an optional session id:
POST /api/agents/{agentId}/chat
Content-Type: application/json
Authorization: Bearer <jwt> # only when auth is enabled
{
"messages": [
{ "role": "user", "content": "Hello" }
],
"session_id": "optional-uuid"
}The response is a stream of AG-UI events over SSE β the same shape no matter which protocol the agent speaks:
data: {"type":"RUN_STARTED","threadId":"...","runId":"..."}
data: {"type":"TEXT_MESSAGE_START","messageId":"...","role":"assistant"}
data: {"type":"TEXT_MESSAGE_CONTENT","messageId":"...","delta":"Hello"}
data: {"type":"TEXT_MESSAGE_END","messageId":"..."}
data: {"type":"RUN_FINISHED","threadId":"...","runId":"..."}
Full API reference: docs/API.md. Agent contracts: REST Β· A2A Β· ADK.
Ready-to-use deployment recipes live in examples/:
- Docker Compose β self-host the whole stack (API + web + Redis + PostgreSQL) with the published images. The fastest way to put Agentgram on a server.
- Kubernetes (Helm) β production values for the bjw-s
app-templatechart, plus an Ingress that routes the web app and the MCP/OAuth endpoints correctly.
Container images are published to GitHub Container Registry on every release:
ghcr.io/dfradehubs/agentgram-api
ghcr.io/dfradehubs/agentgram-web
The API is configured from a single YAML file (CONFIG_PATH, e.g. api/configs/config.yaml) that
covers the server, auth, Redis, PostgreSQL, metrics, tracing and the MCP server. Secrets are never
written inline β every sensitive value uses ${ENV:VAR} and is resolved from the environment:
auth:
enabled: true # set false to run without login (local / trusted networks)
keycloak:
enabled: true
issuer: "${ENV:KEYCLOAK_ISSUER}"
client_id: "${ENV:OIDC_CLIENT_ID}"
client_secret: "${ENV:OIDC_CLIENT_SECRET}"
redis:
addr: "${ENV:REDIS_ADDR}"
password: "${ENV:REDIS_PASSWORD}"See api/.env.example for the full list of variables.
Agents are managed at runtime from the built-in admin panel (/admin) and stored in PostgreSQL β
no redeploy needed to add one. For each agent you choose its protocol (Custom / A2A / ADK), its
endpoint, and who can reach it (Google Workspace groups or individual users).
Agentgram ships a standard MCP server that turns your agents into tools for any MCP-compatible IDE or CLI β Claude Code, Cursor, and any other client that speaks the spec. It implements the full discovery + auth flow defined by the standard β protected resource metadata (RFC 9728), authorization server discovery (RFC 8414) and Dynamic Client Registration (RFC 7591) β so a conformant client connects with just the URL, nothing to configure by hand:
claude mcp add --transport http agentgram https://agentgram.example.com/mcpThe client runs the OAuth + DCR flow automatically. Then ask away:
Ask logs-agent for the errors in the last 30 minutes of the payment-api service.
The endpoint exposes both your agents (ask_<agent-id>) and the tools of any MCP server
registered in Agentgram that you're allowed to use β Agentgram aggregates those upstream servers
and re-exposes their tools, all filtered by your permissions.
Full guide (client setup, automations, tuning): docs/MCP.md.
API β Go 1.25 Β· Chi router Β· Redis (sessions + pub/sub) Β· PostgreSQL Β· OpenTelemetry Β· structured logging.
Web β Next.js 16 (App Router) Β· TypeScript Β· Tailwind CSS 4 Β· SSE/AG-UI consumed directly via fetch + ReadableStream Β· Pino logging Β· bilingual UI (English / Spanish).
agentgram/
βββ api/ # Go API (multiplexer) β proxy, agents, auth, mcp, store, repository
βββ web/ # Next.js web client (AG-UI over SSE)
βββ docs/ # Architecture, API and protocol contracts
βββ examples/ # Docker Compose & Kubernetes deployment recipes
βββ Makefile # Development & build commands
Deeper dives: docs/ARCHITECTURE.md Β· api/CLAUDE.md Β· web/CLAUDE.md.
Issues and pull requests are welcome. For anything non-trivial, open an issue first so we can talk it
through. Keep PRs focused, run make test and make lint before pushing, and follow
Conventional Commits (feat:, fix:, docs:, β¦).
Released under the MIT License. Β© Daniel Fradejas.