The Agent Identity and Integrity Guard
Enforce agent identity, payload integrity, and freshness on every request.
Guard verifies that only the right agents can call the right tools, with untampered payloads.
A lightweight, drop-in guard that enforces the SimpleGuard standard for A2A and HTTP traffic: Ed25519 signed envelopes, SHA-256 body hashing, and strict iat/exp timestamp checks with sub-millisecond overhead.
Agent Identity (Who)
Verify which agent sent the request using Ed25519 signatures. Not user login—agent-to-agent caller authenticity.
Integrity Checks
Ensure payloads haven't been modified by enforcing SHA-256 body hashes tied to each signed request.
Replay Protection
Prevent replay attacks with strict iat and exp validation and a short time window.
Stop Attacks At The Edge
Real-world threats blocked by SimpleGuard semantics
Spoofed Agent Calls
Attacker impersonates your 'Billing' agent to trigger a refund.
Signature verification fails. Only holders of the private key can sign.
Payload Tampering
Man-in-the-middle modifies the transfer amount in transit.
Body hash mismatch. The signature covers the SHA-256 hash of the body.
Replay Attacks
Attacker captures a valid request and replays it 100 times.
Timestamp check. Requests outside the 60s window are rejected.
Drop-in Protection in Two Lines
Simple integration for any stack
pip install capiscio-sdk-pythonv0.3.0from fastapi import FastAPI
from capiscio.guard import SimpleGuard
app = FastAPI()
# Zero config: auto-discovers agent-card.json and key material
guard = SimpleGuard(app, dev_mode=True)
@app.post("/agent/message")
async def handle_message():
# Only reached if agent identity, integrity, and freshness checks pass
return {"status": "verified"}Need explicit keys, trust stores, or environment-based secrets? Check the advanced configuration docs.
Sub-millisecond Overhead
~0.23ms in Go, ~0.9ms in Python. Built for high-throughput agent traffic.
Fail-Closed Design
Invalid signatures, expired timestamps, or tampered payloads are rejected immediately.
The SimpleGuard Standard
Cryptographic enforcement details for security engineers
Ed25519 (Edwards-curve Digital Signature Algorithm).
JWS format in X-Capiscio-JWS header. Proves which agent signed.
SHA-256 body hash.
Bound to the JWS as bh claim to prevent tampering.
Strict iat and exp checks.
Default 60s window with 5s clock skew tolerance.
Immediate rejection.
Returns 401 Unauthorized or 403 Forbidden on any failure.
Flexible Deployment
Choose the integration that fits your architecture
- Zero infrastructure dependency
- Native framework support (FastAPI, Flask, Django)
- Ideal for monolithic agent services
- Protect any service (Node, Rust, Ruby)
- Deploy as Kubernetes sidecar
- Offload crypto operations
How CapiscIO fits with your existing stack
We don't issue identities; we enforce them at the agent boundary.
- Works with your IAM (Okta, AWS IAM)—doesn't replace it. Guard handles agent-to-agent identity, not user identity.
- Sits next to your API gateway, enforcing per-message agent identity and payload integrity. Not a replacement for Kong or Envoy.
- Focused on agent-to-agent and agent-to-tool calls, not generic network traffic or user sessions.
payment-agent on Vercel calling ledger-agent on AWS. Guard ensures the request is signed, untampered, and fresh—regardless of where each agent runs.The Capiscio Stack
Catch issues before you deploy
The Guard protects you at runtime, but the Capiscio CLI helps you validate agent cards and test endpoints during development and CI/CD.
- Validate locally - Check A2A agent cards and signatures before commit
- CI/CD Gates - Use the
capiscioCLI and GitHub Action to block invalid or non-responsive agents before deployment
Ready to Secure Your Agents?
Start with the open source guard and CLI today. Contact us if you need help hardening multi-agent or cross-cloud environments.
Frequently Asked Questions
Everything you need to know