Product Roadmap
Building the Trust and Policy Layer for Autonomous Agents
Timeline: What we're building from Q4 2025 to Q4 2026
The Product Suite
Design Partner Program
Want to influence what we build? We are working with a small group of teams already running agents in production or staging environments.Get direct input, early access, and priority support.
Q4 2025 β Foundation & Core Engine
Focus: Stabilizing the Go enforcement core and developer tooling.
- Full agent envelope validation and signing
- Local evaluation of trust policies (uses the same engine as production)
- JWS/JWKS signature verification and debugging
- β’Initial Go-based guard service exposing the core engine over local RPC
- β’Unix Domain Socket / localhost TCP transport for low latency
- β’SDK prototypes for Node.js and Python calling the guard via RPC
- Note: This is an internal milestone, not a public GA feature.
Q1 2026 β Platform Launch
Focus: The single source of truth for agent identity and lineage.
- β’Agent Registry: Identity and integrity store for all protocols (A2A, MCP, Custom)
- β’Trust Graph: Signed event storage and lineage tracking for agent actions
- β’Visual Dashboard: Visualize agent chains, delegated authority, and policy decisions in real-time
- β’Unified SDKs: Node, Python, and Go libraries powered by the local RPC Guard
- β’Zapier Integration (Beta, subject to demand): Bridge traditional automation into the trusted agent graph
- β’Starter Tier: Free tier for individual developers and small agent swarms
Q2 2026 β Governance & Policy Engine
Focus: Granular control over what agents can actually do.
- β’Context-Aware Rules: Define policies based on agent capability, budget, and context
- β’Lineage Control: Set limits on delegated agents and downstream sub-agents
- β’Decision Modes: Configurable outcomes per capability (Allow, Deny, Escalate, Co-sign)
- β’Team Workspaces: Role-based access control for policy management
- β’SIEM Export: Push decisions and violations directly to Splunk, Datadog, or Sentinel
- β’SSO/SAML: Enterprise identity integration
Q2βQ3 2026 β Observability & Traceability
Focus: Understanding the "Why" behind agent decisions.
- β’Decision Streaming: Real-time stream of policy evaluations via OpenTelemetry
- β’Incident Replay: Trace the full chain of authority (Caller β Agent β Data β Response) for any interaction
- β’Data Action Tracking: Verify which agents accessed specific data payloads
- Note: We stream trust and decision events into your existing observability stack. We do not replace your general log or metric pipelines.
- β’Native exporters for major observability platforms (Datadog, Prometheus, Honeycomb)
Q3 2026 β Enterprise & Reputation Analytics
Focus: Risk scoring and ecosystem health.
- β’Agent Graph Explorer: Visual tool to explore agent relationships and delegation paths
- β’Reputation Scoring: Risk and trust scores for agents, publishers, and relationships
- β’Outlier Detection on Trust Events: Detect anomalous chains of authority or unexpected budget spikes based on graph heuristics
- β’Compliance Reports: Exportable audit trails for regulatory requirements
- β’On-Premise Guard: Run the Guard Service in air-gapped or private cloud environments
- β’SOC 2 Type II: Full compliance certification
Q4 2026 β Marketplace Exploration & Automated Response
Focus: The "Visa" network for agents.
- β’Early work on a directory of agents with verified identity, integrity, and reputation scores
- β’"Verified by CapiscIO" badges based on cryptographic proof history
- β’Kill Switches: Policy-driven containment for high-risk or compromised agents
- β’SOAR Hooks: Trigger automated incident response workflows in external security tools
Available Today
Published packages you can install and use right now.
The official CLI for validating A2A agents. Wraps the Go engine with a Node.js interface.
npm install -g capiscioCommands:
validateβ Agent Card validationkey genβ Ed25519 keypair generationbadge issue/verify/keepβ Trust Badge managementgateway startβ HTTP reverse proxy with badge validation
Pure Python CLI with the same validation capabilities. No Go binary required.
pip install capiscioSame commands as the npm version. Ideal for Python-only environments.
Runtime security middleware for Python agents. Includes SimpleGuard for JWS signing/verification.
pip install capiscio-sdkDrop-in middleware for FastAPI, Flask, or any Python agent framework.
The core validation and scoring engine. Embeddable in any Go application.
go get github.com/capiscio/capiscio-corePackages: scoring, simpleguard, badge, agentcard, gateway, crypto.
CI/CD integration for agent validation with three-dimensional scoring.
uses: capiscio/validate-a2a@v1Outputs: compliance-score, trust-score, availability-score, production-ready.
npm i -g capisciopip install capisciopip install capiscio-sdkgo get .../capiscio-coreVote on Features
How to influence the roadmap
Open a GitHub discussion
Share your use case and desired capability.
Community reacts
Other developers and partners upvote and add context.
We prioritize
We review top-requested items with design partners and fold them into the roadmap where they fit.
Design Partner Benefits
Higher Priority
Design partners' requests are evaluated first and often used to seed new prototypes.
First Access
Early access to internal builds and prototypes.
Special Terms
Priority support and favorable commercial terms when hosted services become available.
Build the future with us
CapiscIO today is a CLI, Python SDK, and Go engine you can ship with.
The roadmap is about turning that into a full trust and policy layer for autonomous agents.