Product Roadmap
Building the Trust and Policy Layer for Autonomous Agents
Timeline: What we're building from Q4 2025 to Q4 2026
The Product Suite
Design Partner Program
Want to influence what we build? We are working with a small group of teams already running agents in production or staging environments.Get direct input, priority access, and dedicated support.
Q4 2025 – Foundation & Core Engine
Focus: Stabilizing the Go enforcement core and developer tooling.
- Full agent envelope validation and signing
- Local evaluation of trust policies (uses the same engine as production)
- JWS/JWKS signature verification and debugging
- •Initial Go-based guard service exposing the core engine over local RPC
- •Unix Domain Socket / localhost TCP transport for low latency
- •SDK prototypes for Node.js and Python calling the guard via RPC
- Note: This is an internal milestone, not a public GA feature.
Q1 2026 – Platform Launch
Focus: The single source of truth for agent identity and security posture.
- •Agent & Server Registry: Identity and integrity store for A2A agents and MCP servers
- •Event Log: Structured event storage for badge verification, guard decisions, and agent activity
- •Visual Dashboard: Trust posture metrics, agent inventory, event timeline, and API key management
- •Unified SDKs: Node, Python, and Go libraries powered by the local RPC Guard
- •LangChain & MCP Integrations: Native trust enforcement for LangChain/LangGraph chains and MCP tool servers
- •Starter Tier: Free tier for individual developers and small agent swarms
Q2 2026 – Cross-Org Zero Trust
Focus: Agent A from Org A calls Agent B in Org B — Org B sets the rules. Cross-organization policy enforcement built on badge identity.
- •Inbound Agent Policies: Org B defines rules for agents calling in from Org A — allow, deny, or scope based on badge claims, org identity, and capabilities
- •Observe Mode: Evaluate policies without blocking — log decisions for tuning before enforcing
- •Zero-Trust Defaults: Every cross-org call requires a valid badge; no implicit trust between organizations
- MVP: Basic cross-org policy with allow/deny rules per badge claim — demo-ready for design partners.
- •Team Workspaces: Role-based access control for policy management
- •SIEM Export: Push decisions and violations directly to Splunk, Datadog, or Sentinel
- •SSO/SAML: Enterprise identity integration
Q2–Q3 2026 – TCHB & Observability
Focus: Transaction binding and understanding the "Why" behind agent decisions.
- •TCHB Implementation: Bind multi-hop agent workflows into verifiable chains of custody
- •Hop Tracing: Trace caller → agent → sub-agent chains via signed hop attestations
- •Trust Graph Visualization: Explore agent relationships and delegation paths in the dashboard (built on TCHB data)
- Note: Trust graph and delegation chain visualization require RFC-004 TCHB as a prerequisite.
- •Event Streaming: Export guard decisions and policy evaluations to your existing stack
- •Native exporters planned for Datadog, Prometheus, and Honeycomb
Q3 2026 – Delegated Authority & Policy Engine
Focus: Full delegation stack and policy enforcement — building on TCHB (RFC-004) shipped in Q2–Q3.
Authority Envelopes (RFC-008)
- •Delegation Chains: Cryptographic hash-chained envelopes — Agent A delegates scoped authority to Agent B with monotonic narrowing
- •Capability Classes: Dot-notation scoped capabilities (e.g.
finance.payments.read) with prefix-based subtree inheritance - •Enforcement Modes: Observe → Guard → Delegate → Strict — progressive tightening per envelope issuer
Policy Engine (RFC-005)
- •PEP / PDP Contract: Engine-agnostic policy evaluation — compatible with OPA, Cedar, or custom engines
- •Constraint Narrowing: Anti-escalation enforcement — child delegation can never exceed parent scope
- •Obligations & Break-Glass: Mode-specific obligation handling and signed emergency override tokens
- •Delegation Chain Viewer: Visual tool to explore agent relationships and delegation paths built on TCHB + envelope data
- •Policy Decision Log: Searchable history of PDP allow/deny decisions with full context
- •On-Premise Guard: Run the Guard Service in air-gapped or private cloud environments
- •SOC 2 Type II: Compliance certification (in progress)
Q4 2026 – Analytics, Marketplace & Automated Response
Focus: Reputation intelligence and the "Visa" network for agents.
- •Reputation Scoring: Risk and trust scores for agents, publishers, and relationships
- •Outlier Detection: Detect anomalous chains of authority based on graph heuristics
- •Compliance Reports: Exportable audit trails for regulatory requirements
- •Exploring a directory of agents with verified identity and reputation scores (demand-dependent)
- •"Verified by CapiscIO" badges based on cryptographic proof history
- •Kill Switches: Policy-driven containment for high-risk or compromised agents
- •SOAR Hooks: Trigger automated incident response workflows in external security tools
Available Today
Published packages you can install and use right now.
The official CLI for validating A2A agents. Wraps the Go engine with a Node.js interface.
npm install -g capiscioCommands:
validate– Agent Card validationkey gen– Ed25519 keypair generationbadge issue/verify/keep– Trust Badge managementgateway start– HTTP reverse proxy with badge validation
Python-packaged CLI wrapping the same Go core engine. Install via pip, run from any Python environment.
pip install capiscioSame commands as the npm version. The Go binary is downloaded automatically on first run.
Runtime security middleware for Python agents. Includes SimpleGuard for JWS signing/verification.
pip install capiscio-sdkDrop-in middleware for FastAPI, Flask, or any Python agent framework.
Trust enforcement for LangChain and LangGraph agents. Drop a guard into any LCEL chain.
pip install langchain-capiscioComposable via the | pipe operator: CapiscioGuard() | ChatOpenAI()
MCP server identity and tool-call attestation. Secures Model Context Protocol tool servers.
pip install capiscio-mcpProvides MCPServerIdentity for signing and verifying MCP tool calls.
The core validation and scoring engine. Embeddable in any Go application.
go get github.com/capiscio/capiscio-coreKey packages: badge, simpleguard, did, pop, gateway, scoring, mcp, revocation, and more.
CI/CD integration for agent validation with three-dimensional scoring.
uses: capiscio/validate-a2a@v1Outputs: compliance-score, trust-score, availability-score, production-ready.
npm i -g capisciopip install capisciopip install capiscio-sdkpip install langchain-capisciopip install capiscio-mcpgo get .../capiscio-coreVote on Features
How to influence the roadmap
Open a GitHub discussion
Share your use case and desired capability.
Community reacts
Other developers and partners upvote and add context.
We prioritize
We review top-requested items with design partners and fold them into the roadmap where they fit.
Design Partner Benefits
Higher Priority
Design partners' requests are evaluated first and often used to seed new prototypes.
First Access
Priority access to internal builds and prototypes.
Special Terms
Priority support and favorable commercial terms when hosted services become available.
Build the future with us
CapiscIO today is a CLI, Python SDK, and Go engine you can ship with.
The roadmap is about turning that into a full trust and policy layer for autonomous agents.