Open source. Apache 2.0 licensed.

CLI Β· Built on capiscio-core

Catch Bad Agents Before Your Users Do

Validate agent cards. Test live endpoints. Block broken deployments.

One command to validate A2A agent cardsβ€”schema, signatures, and live endpoints. CLI in dev. Guard in prod.

CLI secures your pipeline. Guard secures your runtime.

πŸ› οΈ
Pre-Commit
Validate before you push
πŸ”„
CI/CD Gates
GitHub Action included
πŸ”
Vendor Due Diligence
Validate before integration
⏰
Cron Monitoring
3rd party health checks

Get started in 30 seconds

Install via npm (recommended)
npm install -g capiscio
Or via pip
pip install capiscio
Then validate an A2A agent card:
capiscio validate ./agent-card.json
View Documentation

Stop These Developer Failures

We've been on the receiving end of broken agents. The CLI exists so you don't have to be.

πŸ”₯

"It worked on my machine..."

Every developer at 2 AM

You committed an agent card with a bad transport URL or missing field. CI passed. Production broke.

βœ“ Solution:
capiscio validate ./agent-card.json
Validate agent cards before commit
πŸ‘»

"Their agent stopped responding..."

Platform engineer monitoring 3rd parties

You depend on a third party agent. They changed schema or broke their endpoint. Your users see failures first.

βœ“ Solution:
capiscio validate https://thirdparty.com/agent-card.json --test-live
Validate card and hit live endpoint
⏰

"CI says pass, prod says fail"

DevOps lead with broken pipeline

Your tests only check JSON shape. They don't check that signatures verify or that the transport responds.

βœ“ Solution:
uses: capiscio/validate-a2a@v1
Live endpoint + signature checks

Four Ways to Use the CLI

Choose the workflow that fits your needs

πŸ› οΈ
1. Pre-Deployment Validation
Validate agent cards locally before commit
Install once:
npm install -g capiscio
Validate anytime:
capiscio validate ./agent-card.json
Perfect for:
  • β€’ Local development workflow
  • β€’ Pre-commit validation hooks
  • β€’ Quick agent card debugging
πŸ”„
2. CI/CD Quality Gate
Block invalid or non-responsive agents from deploying
Add to workflow:
- uses: capiscio/validate-a2a@v1 with: agent-card: ./agent.json test-live: true
Perfect for:
  • β€’ GitHub Actions / GitLab CI
  • β€’ Pull request validation
  • β€’ Deployment gating
πŸ”
3. Third-Party Agent Validation
Verify external agents you depend on
Validate any live agent:
capiscio validate https://external-agent.com
Check compliance:
βœ“ Agent card: valid
βœ“ Signature: valid (Ed25519)
βœ“ Endpoint: 200 OK
Perfect for:
  • β€’ Vetting partner agents
  • β€’ Registry submissions
  • β€’ Due diligence on new integrations
⏰
4. Scheduled Checks
Combine CLI with cron or your scheduler
Cron job example:
# Every 6 hours0 */6 * * * capiscio validate \https://agent.com --json \> /var/log/agent-health.log
GitHub Actions schedule:
on: schedule: - cron: '0 */6 * * *'
Perfect for:
  • β€’ Periodic health checks
  • β€’ Catching signature failures early
  • β€’ Detecting transport issues
Enterprise CI/CD

CI Policy Gates

Block deployments that fail security checks. Enforce agent validation at the pipeline level, not after production incidents.

GitHub Actions: Fail on Invalid Signature
Block PRs where agent cards have invalid or expired signatures
# .github/workflows/agent-gate.yml
name: Agent Security Gate
on: [pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: capiscio/validate-a2a@v1
with:
agent-card: ./agent.json
strict: true
test-live: true
fail-on-warnings: true
Result: PRs blocked if signature is missing, invalid, or endpoint unreachable
Score Threshold: Fail Below 80
Block deployments with low validation scores
# Run validation and check score
SCORE=$(capiscio validate ./agent.json --json \
| jq -r '.score')
if [ "$SCORE" -lt 80 ]; then
echo "❌ Validation score $SCORE below threshold (80)"
exit 1
fi
Score factors: signature validity, endpoint reachability, schema compliance, freshness
Required Fields: Enforce Metadata
Block agents missing required fields for production
# Check for required fields using jq
RESULT=$(capiscio validate ./agent.json --json)
echo "$RESULT" | jq -e '.agent_card.metadata.contact' \
&& echo "$RESULT" | jq -e '.agent_card.version' \
|| exit 1
Result: Deploy blocked if any required field is missing
πŸ”
Vendor Due Diligence
Validate third-party agents before integrating them into your stack
# Validate vendor agent before approval
capiscio validate https://vendor.com/agent.json \
--test-live \
--strict \
--json > vendor-diligence-report.json
Enterprise use case: Before approving a third-party agent integration, run CLI validation to verify signature, endpoint health, and schema compliance. Store reports for audit.

CI gates prevent security issues from reaching production. Combine with Guard for runtime enforcement.

Why use the capiscio CLI?

Production-ready validation for AI agents

πŸ›‘οΈ
CORE
Built on capiscio-core
  • β€’ Same Go core as Guard and SDK
  • β€’ Agent card schema validation
  • β€’ Ed25519 signature verification
  • β€’ Live endpoint availability checks
πŸ”’
A2A Protocol Aware
  • β€’ Validates A2A agent cards against spec
  • β€’ Checks endpoints behave as declared
  • β€’ Supports HTTP/A2A today
  • β€’ JSON-RPC/gRPC evolving with spec
Live Endpoint Testing
  • β€’ Hit declared HTTP transport
  • β€’ Ensure correct response behavior
  • β€’ Verify not just JSON shape
  • β€’ Real connectivity checks
CI & Automation Friendly
  • β€’ JSON output for pipelines
  • β€’ Clear exit codes
  • β€’ GitHub Action available
  • β€’ Plug straight into CI

Usage Examples

Common validation scenarios

Basic Agent Validation
Validate agents from URLs or local files
# Validate a local agent card
capiscio validate ./agent-card.json
# Validate a remote agent and test its endpoint
capiscio validate https://example.com/agent-card.json --test-live

Clear, Actionable Output

Human friendly in the terminal, machine friendly in CI.

Successful Validation
βœ“ Agent card: ./agent-card.json
βœ“ A2A schema: valid
βœ“ Signature: valid (Ed25519, kid=payments-agent)
βœ“ Endpoint: 200 OK (https://api.example.com/a2a)
All checks passed.
βœ•
Failed Validation
βœ— Agent card: ./agent-card.json
βœ“ A2A schema: valid
βœ— Signature: invalid (mismatched key)
βœ— Endpoint: timeout (https://api.example.com/a2a)
2 checks failed. See --json output for details.

Frequently Asked Questions

Everything you need to know

Runtime Enforcement

Need real-time enforcement, not just validation?

The CLI is perfect for development and CI/CD. For live production traffic, use the CapiscIO Guard to enforce the same agent identity and integrity checks at the HTTP boundary.

  • Enforce agent identity - Plus body-hash integrity and replay protection
  • Drop-in Guard - Python SDK or Go sidecar
  • Built on capiscio-core - Same signature verification as the CLI
Explore Guard
# Python guard in action
from capiscio_sdk import secure, SecurityConfig

agent = secure(
    MyAgentExecutor(),
    SecurityConfig.production()
)

# βœ… Every request validated
# ⚑ <2ms overhead
# πŸ”’ 100% compliant

Ready to validate and harden your AI agents?

Start with the capiscio CLI to validate A2A agents and test live endpoints. Then add the Guard when you are ready to enforce checks at runtime.

View Documentation

Open source β€’ Built on capiscio-core β€’ Designed for production