Available Now
Free to Start

Real-Time Agent Protection in Production

Safeguard Every Request. Block Invalid Agents at Runtime.

Always-on runtime validation with three-dimensional scoring, signature verification, and zero-config integration for Python agents.

🛡️ Runtime Protection
🚪 API Gateway
🏢 Multi-tenant SaaS
🤖 Autonomous Systems
Get StartedSee Use Cases

Why Developers Choose Middleware

🔥

"An Invalid Agent Accessed Customer Data"

Production breach at 3 AM. Malformed agent card bypassed validation, exposed PII. Hours of incident response, customer notifications, compliance reports.

→ Middleware blocks invalid agents before they reach your API

👻

"Requests Failing with No Error Logs"

Silent failures in production. Users reporting errors but logs show nothing. Spent 6 hours tracing the issue to an unsigned agent with expired keys.

→ Middleware logs every validation failure with detailed context

"Which Agent Broke? Why? When?"

Debug nightmare. 50 partner agents calling your API. One started failing yesterday. No way to tell which one, what changed, or how to reproduce it.

→ Middleware tracks per-agent metrics and trust scores over time

Industry-Leading Scoring

Three-Dimensional Agent Quality Scoring

Don't rely on a single score. Get independent insights into Compliance, Trust, and Availability— so you can make informed decisions based on your priorities.

📄Compliance
0-100

How well does the agent conform to A2A v0.3.0 specification?

  • • Core required fields
  • • Skills quality
  • • Format compliance
  • • Data quality
🔐Trust
0-100

How trustworthy and secure is this agent?

  • • JWS signature verification
  • • Provider information
  • • Security posture
  • • Documentation quality
🚀Availability
0-100

Is the agent operationally available and responding?

  • • Endpoint health
  • • Response time
  • • Transport support
  • • Error handling
# Validation result from middleware
result = await agent.validate_agent_card("https://partner.example.com")

print(f"Compliance: {result.compliance.total}/100")  # 95 - Excellent
print(f"Trust: {result.trust.total}/100")            # 85 - Highly Trusted  
print(f"Availability: {result.availability.total}")   # 90 - Available

# Make informed decisions based on your priorities
if result.trust.rating == TrustRating.HIGHLY_TRUSTED:
    await process_payment(partner_url)  # Trust matters for payments
elif result.availability.total >= 90:
    await real_time_chat(partner_url)   # Availability matters for chat

Quick Start: Choose Your Integration Pattern

🛡️ Runtime Protection
Protect Every Request
Block invalid agents before they reach your handler
from capiscio_a2a_security import secure, SecurityConfig

# Wrap your agent (one line!)
agent = secure(
    MyAgentExecutor(),
    SecurityConfig.production()
)

# Invalid agents are automatically rejected
# ✅ 100% coverage
# ⚡ <2ms overhead

Perfect for: Production APIs, sensitive data, payment processing

🚪 API Gateway
Granular Configuration
Fine-tune validation rules for your specific needs
from capiscio_a2a_security import CapiscioSecurityExecutor, SecurityConfig

# Start with preset, customize
config = SecurityConfig.production()
config.downstream.require_signatures = True
config.downstream.rate_limit_requests_per_minute = 100
config.fail_mode = "monitor"  # Log first

agent = CapiscioSecurityExecutor(
    delegate=MyAgentExecutor(),
    config=config
)

Perfect for: Custom policies, rate limiting, gradual enforcement

🏢 Multi-tenant SaaS
Per-Tenant Policies
Different validation rules for different customers
from capiscio_a2a_security import SecurityConfig

# Enterprise customer: strict validation
enterprise_config = SecurityConfig.strict()
enterprise_agent = secure(agent, enterprise_config)

# Startup customer: permissive
startup_config = SecurityConfig.development()
startup_agent = secure(agent, startup_config)

# Configure per tenant, track separately

Perfect for: SaaS platforms, white-label products, managed services

🤖 Autonomous Systems
Monitor Mode
Observe and learn before enforcing
from capiscio_a2a_security import SecurityConfig

# Start in monitor mode
config = SecurityConfig.production()
config.fail_mode = "monitor"  # Log but don't block

agent = secure(MyAgent(), config)

# Analyze results, then switch to "block"
# when ready for enforcement

Perfect for: Gradual rollouts, learning mode, brownfield migrations

Get Started in 60 Seconds

pip install capiscio-a2a-security

Python 3.10+ • Apache 2.0 License • Zero Dependencies

How Middleware Protects You

🛡️

Request-Level Validation

Every A2A request is validated before it reaches your handler. Invalid requests are rejected with clear error messages.

📊

Real-Time Analytics

See which agents are failing validation, how often, and why. Identify patterns and problematic integrations.

Zero Performance Impact

Validation happens in microseconds. Your API response times stay fast, even at scale.

🔧

Framework Agnostic

Works with Express, Fastify, Next.js, Cloudflare Workers, and more. Drop it in and go.

Simple Integration

1. Install the middleware

pip install capiscio-a2a-security

2. Wrap your agent executor

from capiscio_a2a_security import secure, SecurityConfig

# Wrap your agent (one line!)
agent = secure(
    MyAgentExecutor(),
    SecurityConfig.production()
)

3. Invalid requests are automatically blocked

# Raises CapiscioValidationError in block mode
# Or logs warning in monitor/log modes

# All validation details available:
result = agent.validate_agent_card(card)
print(result.compliance.total)  # 0-100
print(result.trust.total)        # 0-100
print(result.issues)             # List[ValidationIssue]
Pre-Deployment Validation

Validate Before You Deploy

Middleware protects production, but CapiscIO CLI validates during development. Catch issues in your agent cards before they ever reach runtime.

  • CI/CD integration - Block deployments of invalid agents
  • Development workflow - Test agent cards locally before committing
  • Same scoring system - Compliance, Trust, Availability checks
Explore CLI Tool
# Full validation pipeline
# 1. Dev: CLI validates locally
$ capiscio validate agent.json
✅ Compliance: 95/100
✅ Trust: 85/100

# 2. CI: GitHub Action blocks bad agents
$ capiscio validate --strict

# 3. Prod: Middleware protects runtime
agent = secure(MyAgent(), config)

Product Roadmap

V0.1 (Released Oct 2025) - Core middleware

Schema validation, signature verification, basic rate limiting

V1.0 (Q4 2025) - Production hardening

Performance optimizations, enhanced caching, better error handling

🚀

Q1 2026 - Platform integration

Dashboard integration, real-time events, agent registry sync

🔮

Q2 2026 - Enterprise features

On-premise deployment, custom policies, advanced threat detection

🔮

Q3 2026 - Edge deployment

Cloudflare Workers, Vercel Edge, Fastly integration

🔮

Q4 2026 - Advanced threat detection

ML-based anomaly detection, behavioral analysis

Join Early Access for Platform Features →
Coming Q1 2026

Middleware Captures Data → Platform Visualizes Insights

Get real-time dashboards, trust badges, and validation analytics for all your agents

📊 Dashboard
Real-time agent health monitoring, validation trends, and trust score analytics
🏆 Trust Badges
Embeddable badges showing agent quality scores and compliance status
📈 Analytics
Historical data, anomaly detection, and partner agent performance tracking
Join Early Access

Get Started with CapiscIO Middleware

Free to start. Scale as you grow.

pip install capiscio-a2a-security
View on PyPIRead Documentation
View Pricing →
Python 3.10+ • Apache 2.0 License • Zero Dependencies

Frequently Asked Questions

Everything you need to know