CapiscIO is an open source runtime guard for AI agents.
We enforce:
- Identity – Ed25519 signed envelopes so you know which agent actually called you.
- Payload integrity – SHA-256 body hashing so tampered requests are rejected.
- Freshness – strict
iat/expchecks so replayed traffic die on arrival.
All with sub-millisecond overhead in Python and Go.
Use CapiscIO as:
- A Python SDK (SimpleGuard) to guard your agent endpoints.
- A Go middleware / sidecar in front of HTTP services.
- A Docker sidecar (
capiscio/guard) for containerized deployments. - A CLI (Node or Python) to validate agent cards and test endpoints in CI.
-
Developer first
CLI ready, CI friendly, and a drop-in guard you can wire in with a couple of lines. -
Protocol aware
Built for A2A and MCP protocols. Guards both agent-to-agent and agent-to-tool communication. -
Performance obsessed
Go based core and a pure Python guard, both adding well under 1 ms per call in our benchmarks.
We keep the stack small and focused: core enforcement, runtime guard, and CLI tooling.
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-core | High performance enforcement engine used by sidecars and CLIs. Verifies Ed25519 JWS envelopes, enforces body hashes, and checks timestamps with microsecond-level overhead. Also available as capiscio/guard Docker image. |
Go |
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-sdk-python | Drop-in guard for Python services (FastAPI / Flask / etc). Auto-discovers keys, enforces identity, payload integrity, and replay protection at the HTTP boundary. | Python |
| capiscio-mcp-python | MCP SDK wrapper that adds CapiscIO identity and signing to MCP servers and clients. Guards tool calls with the same protections as A2A. | Python |
Both CLIs wrap capiscio-core, so dev-time checks and runtime enforcement share the same semantics.
| Repository | Description | Tech Stack |
|---|---|---|
| capiscio-node | Node-based capiscio CLI. Validate agent cards, test live endpoints, and run security checks locally or in CI. |
TypeScript / Node |
| capiscio-python | Python package capiscio exposing the same CLI experience and core behaviour for Python-centric environments. |
Python |
| validate-a2a | GitHub Action that runs the capiscio CLI in your pipeline. Validates agent cards, enforces Proof of Possession, and checks MCP server compliance. |
TypeScript |
Today, CapiscIO ships the guard and tooling. We’re working with design partners on the next layers.
- Local enforcement SDK (Python) and Go middleware / sidecars.
- Identity, integrity, and freshness checks at the protocol boundary.
capiscioCLI (Node and Python) plus GitHub Action for dev-time and CI validation.
- Centralized discovery of trusted agent and MCP server keys.
- Trust Badges with 5 validation levels (Self-Signed → Extended Validation).
- MCP Server Registry for tool identity management.
- Managed key lifecycle and trust stores for teams running many agents.
- Cross-agent observability and traces.
- Policy and governance over which agents can call which tools.
- Audit-friendly exports for your existing SIEM / compliance stack.
We are intentionally co-designing Stage 2 and 3 with a small set of design partners.
Read more about the architecture and roadmap →
We’re building the security layer we wish existed before everyone deployed multi-agent systems.
You can help by:
-
Trying the tools
# Node CLI (recommended entry point) npm install -g capiscio # Python CLI wrapper (if you prefer Python tooling) pip install capiscio # Python guard SDK pip install capiscio-sdk # Docker sidecar docker pull capiscio/guard
-
Join the discussion:
- Contribute: Check out "Good First Issues" in any of our repos. Open issues if you hit edge cases securing agents in the wild.
