Technology Stack
The Agentic Web Stack is organized as seven technology levels. A technology level is a boundary of responsibility: it explains what problem the layer solves, which artifacts it produces, and which technologies are commonly used in current implementations.
The layers are not product categories or vendor recommendations. They are a practical map for deciding where a tool belongs and how it should connect to the rest of the system.
How to Read the Stack
- Start at the bottom when exposing a new agent or service: discovery, identity, APIs, then agent protocols.
- Start at the top when designing a product workflow: application goal, model needs, memory needs, then protocol and API integration.
- Use Agentic Web Stack Timeline for the chronological development path, and Technology Origins when you need the first public milestone, original developer, or stewardship model for a technology.
- Use End-to-End Demo, Architecture Flows, and Specifications to see the stack as a complete scenario.
Common Stack by Level
| Level | Responsibility | Common technologies | First docs |
|---|---|---|---|
| 7 Applications | User-facing workflows and task orchestration | LangGraph, CrewAI, Semantic Kernel, ADK, custom Python or TypeScript agents | Applications |
| 6 Models | Reasoning, generation, embeddings, and multimodal inference | OpenAI, Gemini, Claude, Ollama, llama.cpp, vLLM, model gateways | Models |
| 5 Memory | Retrieval, semantic search, long-term state, structured knowledge | Chroma, Qdrant, Weaviate, pgvector, Neo4j, RDF, SPARQL | Memory |
| 4 Agent Protocols | Agent-to-tool and agent-to-agent interoperability | MCP, A2A, JSON-RPC, protocol adapters, streaming transports | Agent Protocols |
| 3 APIs | Deterministic service capabilities and schemas | REST, GraphQL, OpenAPI, JSON Schema, FastAPI, Express, NestJS, Spring Boot | APIs |
| 2 Identity | Authentication, authorization, delegation, and policy | OAuth2, OpenID Connect, JWT, JWK, mTLS, API gateways, OPA | Identity |
| 1 Discovery | Machine-readable service and agent metadata | Agent Card, /.well-known/agent-card.json, agent registries, OpenAPI, robots.txt, sitemap.xml | Discovery |
Level Introductions
Level 1: Discovery
Discovery answers: "What exists here, what can it do, and how do I talk to it?" For agents, the key artifact is the Agent Card, usually published at /.well-known/agent-card.json for A2A-compatible agents. Registries add local trust metadata such as approved domains, versions, protocols, and review status. Traditional web discovery artifacts such as robots.txt, sitemap.xml, and openapi.json still matter because agents often combine web crawling, API inspection, and explicit agent metadata.
Level 2: Identity
Identity answers: "Who is calling, who is being represented, and what is allowed?" Most production systems still use OAuth2, OpenID Connect, access tokens, scopes, claims, API gateways, and policy engines. Agent systems add delegation pressure: an agent may need to act for a human, a service account, or another agent while preserving auditability.
Level 3: APIs
APIs answer: "Which deterministic operations can be called?" REST and GraphQL remain the common service surfaces. OpenAPI and JSON Schema make these APIs machine-readable so agents, SDK generators, test tools, and governance tools can inspect the contract.
Level 4: Agent Protocols
Agent protocols answer: "How do agents use tools and collaborate with other agents?" MCP standardizes agent-to-tool and agent-to-resource access. A2A standardizes agent-to-agent communication, discovery, task delegation, and result exchange. These protocols sit above ordinary APIs but usually still rely on HTTP, JSON, authentication, and service infrastructure.
Level 5: Memory
Memory answers: "What context should survive beyond one model call?" Vector databases support semantic retrieval and RAG. Knowledge graphs support explicit entity relationships and reasoning paths. Production systems often combine both with relational databases and object storage.
Level 6: Models
Models answer: "Which inference capability should perform the reasoning or generation?" Hosted providers offer strong managed capabilities, while local runtimes offer control over deployment, privacy, cost, and latency. A mature stack keeps model choice replaceable where possible.
Level 7: Applications
Applications answer: "What useful work does the system perform?" Research agents, coding agents, and enterprise agents compose every lower level: they discover services, authenticate, call APIs, use tools, retrieve memory, invoke models, and coordinate task state.
Recommended Learning Path
- Read Agent Card to understand agent self-description.
- Read A2A and MCP to understand protocol boundaries.
- Read Discovery, Identity, and APIs to understand the web substrate.
- Read Memory, Models, and Applications to understand the agent runtime side.
- Read Agentic Web Stack Timeline for the development history, then Technology Origins for dates, origin organizations, governance context, and reference links.
- Read End-to-End Demo, Security and Trust, and Operations and Evaluation for a complete scenario and production-readiness concerns.