CapiscIO is an open source runtime guard for AI agents.
We enforce:
- Identity – Ed25519 signed envelopes so you know which agent actually called you.
- Payload integrity – SHA-256 body hashing so tampered requests are rejected.
- Freshness – strict
iat/expchecks so replayed traffic die on arrival.
All with sub-millisecond overhead in Python and Go.
Use CapiscIO as:
- A Python SDK (SimpleGuard) to guard your agent endpoints.
- A Go middleware / sidecar in front of HTTP services.
- A CLI (Node or Python) to validate agent cards and test endpoints in CI.
-
Developer first
CLI ready, CI friendly, and a drop-in guard you can wire in with a couple of lines. -
Protocol aware
Built for the Agent-to-Agent (A2A) protocol and designed to extend to MCP and other agent standards. -
Performance obsessed
Go based core and a pure Python guard, both adding well under 1 ms per call in our benchmarks.
We keep the stack small and focused: core enforcement, runtime guard, and CLI tooling.
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-core | High performance enforcement engine used by sidecars and CLIs. Verifies Ed25519 JWS envelopes, enforces body hashes, and checks timestamps with microsecond-level overhead. | Go |
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-sdk-python | Drop-in guard for Python services (FastAPI / Flask / etc). Auto-discovers keys, enforces identity, payload integrity, and replay protection at the HTTP boundary. | Python |
Both CLIs wrap capiscio-core, so dev-time checks and runtime enforcement share the same semantics.
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-node | Node-based capiscio CLI. Validate agent cards, test live endpoints, and run security checks locally or in CI. |
TypeScript / Node |
| capiscio-python | Python package capiscio exposing the same CLI experience and core behaviour for Python-centric environments. |
Python |
| validate-a2a | GitHub Action that runs the capiscio CLI in your pipeline. Blocks broken or non-compliant agents before deployment. |
TypeScript |
Adjust the exact wording if any of those wrappers do more or less, but keep the “both wrap core” message.
Today, CapiscIO ships the guard and tooling. We’re working with design partners on the next layers.
- Local enforcement SDK (Python) and Go middleware / sidecars.
- Identity, integrity, and freshness checks at the protocol boundary.
capiscioCLI (Node and Python) plus GitHub Action for dev-time and CI validation.
- Centralized discovery of trusted agent keys.
- Managed key lifecycle and trust stores for teams running many agents.
- Cross-agent observability and traces.
- Policy and governance over which agents can call which tools.
- Audit-friendly exports for your existing SIEM / compliance stack.
We are intentionally co-designing Stage 2 and 3 with a small set of design partners.
Read more about the architecture and roadmap →
We’re building the security layer we wish existed before everyone deployed multi-agent systems.
You can help by:
-
Trying the tools
# Node CLI (recommended entry point) npm install -g capiscio # Python CLI wrapper (if you prefer Python tooling) pip install capiscio # Python guard pip install capiscio-sdk-python
-
Join the discussion:
- Contribute: Check out "Good First Issues" in any of our repos. Open issues if you hit edge cases securing agents in the wild.
