Building the guard and trust layer for agentic AI

Agentic AI needs what the web got with TLS: a way to know who is calling you, what they sent, and whether to trust it.

CapiscIO provides that layer for the A2A protocol today and is built to extend to other agent standards.

Our Mission

Protocol Aligned Enforcement

Enforce the A2A protocol as it was designed to be used. Validate agent cards and traffic against the Google and Linux Foundation spec so agents speak a common, safe language.

Agent Identity

Verify which agent sent the request using Ed25519 signed envelopes. Not user login—machine-to-machine caller authenticity, checked cryptographically.

Runtime Protection

Secure production agents with always-on guards and sidecars. Enforce agent identity, payload integrity, and replay protection on every call so malicious or broken traffic is blocked in real time.

Developer First Tools

Give developers what they actually use: a free CLI, open source guard SDK, Go core, and clear docs. Built by developers, for developers, to fit into real CI and runtime environments.

The Future We're Building Toward

In the next few years, we are working toward a world where:

Every AI agent has a verified, trustworthy agent identity that can be enforced at the protocol boundary

Developers can integrate agents with confidence, with guards and traces instead of guesswork

Security is built in, not bolted on, from agent card to runtime traffic

The agentic AI ecosystem is as reliable as the web, with shared protocols and shared trust signals

To get there, we are building from local guards and CLIs today toward a registry and governance layer co-designed with early partners.

Open Source First

We believe trust infrastructure should be transparent, auditable, and community-driven.

Apache 2.0
CapiscIO CLI

Free forever, fully open source

Apache 2.0
CapiscIO Guard & Core

Production ready enforcement with a permissive license

CC BY 4.0
Documentation

Share, adapt, and build on our docs

Why Open Source?

Transparent
See exactly how validation and enforcement work
Auditable
Security teams can review the code and threat model
Community Driven
GitHub first development with public issues and roadmaps
Indie Friendly
Free and open for developers to use in their own stacks

Get Involved

Join the community building the trust layer for AI agents.

GitHub

Try the guard and CLI, file issues, and help shape the roadmap.

View on GitHub →

Contribute

See CONTRIBUTING.md in each repository for guidelines on code contributions, documentation, and more.

View Contributing Guide →

Stay Updated

Follow our blog for updates on A2A Protocol, security best practices, and product releases.

Read the Blog →

Ready to Build with CapiscIO?

Start securing A2A agents today. Validate agent cards with the CLI and enforce agent identity and integrity with the Guard. Free tools, open source, developer friendly.

Get StartedView Documentation