Introducing A2H: A Protocol for Agent-to-Human Communication

Time to read:

February 19, 2026

Written by

Twilion

Introducing A2H: A Protocol for Agent-to-Human Communication

As AI agents become more capable and autonomous, they need a standardized way to loop humans into the conversation. Whether it's requesting approval for a payment, collecting shipping information, or escalating a complex issue to support, agents need to communicate with the people they serve.

Today, we're excited to introduce A2H (Agent-to-Human), an open source protocol specification that provides a single, channel-agnostic, auditable surface for agents to communicate with their human principals.

Have you been playing with OpenClaw and want to see how this helps? See how A2H could work with OpenClaw at this tutorial .

The missing piece in the agent ecosystem

The AI agent landscape is evolving rapidly. We've seen protocols emerge for different parts of the stack:

MCP (Model Context Protocol) for tools and context
A2A (Agent-to-Agent) for inter-agent communication
ACP (Agentic Commerce Protocol) for commerce flows
AP2 (Agent Payments Protocol) for extensible payment mandates

But there's been a gap: how do agents communicate with humans? When an agent needs approval, needs to collect information, or needs to hand off to a human operator, what's the standard interface? A2H is designed to fill that gap.

What A2H enables

A2H defines five core intent types that cover the essential interactions between agents and humans:

Intent	Purpose	Example
INFORM	One-way notification	"Your order has shipped"
COLLECT	Gather structured data	"Please provide your shipping address"
AUTHORIZE	Request approval with authentication	"Approve this $500 transaction"
ESCALATE	Hand off to human support	"Connecting you with a live agent"
RESULT	Report task completion	"Your refund has been processed"

These intents are atomic and composable. An agent can chain them together to build complex workflows while keeping each interaction simple and auditable.

Why channel-agnostic matters

Without A2H, an agent developer integrating human communication faces a familiar problem: build and maintain separate integrations for SMS, email, WhatsApp, push notifications, and voice. Each channel has its own API, its own state management, and its own retry logic.

A2H abstracts this away. Agents send a single intent to an A2H Gateway, which handles channel selection, delivery, failover, and evidence collection. The agent focuses on what it needs from the human, not how to reach them.

Diagram showing the flow from Agent to A2H with assets like a Cryptographic Evidence Bundle

Built-in security and auditability

Trust is essential when agents act on behalf of humans. A2H bakes security into the protocol:

Authentication flexibility: Support for Passkeys/WebAuthn is demonstrated in the example, with OTP, push notifications, voice IVR, and email extensible for additional providers matching the channel needs of both the consumer and builder.

Cryptographic evidence: Every interaction produces signed artifacts. When a human approves a transaction, you get non-repudiable proof linking the intent to the consent to the action taken.

Replay protection: Message idempotency, timestamp validation, nonce binding, and single-use approval links prevent signature reuse and replay attacks. These protections are all enforceable in the framework, reducing the amount of state required outside of the framework.

Here's what an AUTHORIZE intent looks like:

{
  "a2h_version": "1.0",
  "interaction_id": "01936f8a-7b2c-7000-8000-000000000001",
  "type": "AUTHORIZE",
  "message_id": "01936f8a-7b2c-7000-8000-000000000002",
  "agent_id": "did:web:travel-agent.example.com",
  "principal_id": "did:example:alice",
  "channel": {
    "type": "sms",
    "address": "tel:+15551234567",
    "render": {
      "title": "Approve Flight Booking",
      "body": "Your agent wants to book SFO→JFK for $450. Reply YES to approve."
    }
  },
  "authorize": {
    "action": "book_flight",
    "assurance": "passkey.webauthn.v1",
    "ttl_sec": 300
  }
}

The human's response comes back with authentication evidence attached, proof that can be verified later if needed.

Try the demo

We've published a proof-of-concept implementation that demonstrates the AUTHORIZE flow with WebAuthn/Passkey authentication. You can try it yourself:

# Clone the repository
git clone https://github.com/twilio-labs/a2h-spec.git
cd a2h-spec/demo
# Install dependencies and start the gateway
npm install
node server.js
# In another terminal, trigger an AUTHORIZE intent
./agent.sh

The demo spins up a local A2H Gateway. When you run the agent script, it sends an AUTHORIZE intent, and you'll get a link to approve the action using your device's passkey. Once approved, the gateway returns a signed RESPONSE with cryptographic evidence.

Integrating with MCP

For agents built on MCP, A2H provides natural tool mappings:

human_inform() – Send a notification (fire-and-forget)
human_collect() – Gather data from the human (blocking)
human_authorize() – Request approval with evidence (blocking)
human_escalate() – Hand off to human support
human_send_result() – Report final outcome

This means your MCP-enabled agent can communicate with humans using the same tool-calling patterns it uses for everything else.

What's next?

We're publishing the A2H specification and reference implementation today and inviting the community to explore, build, and contribute.

Roadmap for A2H Protocol showing Layer 2 (Authority & Policy) and Layer 1 (Delivery & Evidence) steps.

Layer 2 addresses the harder problems of truly autonomous agents: What if you want to pre-approve certain actions? What if your assistant should be able to approve on your behalf? What if you change your mind after approving?

These problems need your feedback and real-world validation before we standardize solutions. Layer 1 gives the ecosystem a foundation to build on while we gather feedback on what Layer 2 should look like.

Roadmap

v1.0 (Today)

Core protocol specification
Reference gateway implementation
WebAuthn/Passkey evidence
Agent framework examples (OpenClaw, MCP tools)

v1.1 (Next)

Formalized JSON Schemas
OpenTelemetry and CloudEvents bindings
Additional agent framework integrations (LangGraph, CrewAI)
Community profiles for common use cases

v1.2+ (Layer 2 Foundation)

POLICY primitive: Standing approvals with conditions
REVOKE primitive: Cancel pending or standing approvals
Standards track submissions (W3C, OpenID Foundation, AAIF)

v2.0 (Full Authority Model)

DELEGATE primitive: Authority transfer
SCOPE primitive: Agent capability boundaries
Multi-party approval (N-of-M)

We believe that as agents take on more responsibility, the ability to communicate clearly and securely with humans will be a critical differentiator. A2H is Twilio’s contribution to making that communication trustworthy, auditable, and universal.

Check out the specification and let us know what you think by cloning, forking, creating an issue, or sending a PR to the repo.

Rikki Singh is a product and engineering leader based in Bay Area, California. At Twilio, she leads the Emerging Technology and Innovation group Twilio Forward. Outside of work, Rikki enjoys hiking and camping with her husband and toddler.

Ryan Ferguson is a Senior software engineer manager based in Boulder, Colorado. At Twilio, he helps lead engineering initiatives on the Emerging Technology and Innovation team, Twilio Forward. Outside of work, Ryan enjoys running ultra marathons.

Related Resources

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.

Introducing A2H: A Protocol for Agent-to-Human Communication

Related Posts

Related Resources