A2A Agent Card Checker (Schema Only)

Quick Check: Is Your Agent Card Valid?

Paste your JSON, check for typos and missing fields. No installation required.

For cryptographic identity, integrity, and replay protection, use the CapiscIO CLI or Guard.

Agent Card Input
Loading...

Ready to Validate

Enter your agent card JSON or URL and click validate to get started

What This Checks (And What It Does Not)

This Tool Checks
JSON syntax — Does it parse without errors?
Required fields — Is name, version, url, provider present?
URL format — Are URLs syntactically valid?

Good for: Catching typos and malformed JSON before you commit.

This Tool Does Not Check
Identity (signatures) — Is this agent who it claims to be?
Integrity (payload hashes) — Was the card tampered with?
Freshness (replay protection) — Is this request current?

For these: Use the CLI or Guard.

When to Use Which Tool

This page is a playground. CLI and Guard are where real security happens.

🎨

You are writing your first agent card

Use this web checker to catch syntax errors as you type. Quick feedback loop, no installation.

Pro tip: Keep this page open while you edit. Paste, check, fix, repeat.
🚀

You are about to deploy to production

Now you need the CLI. It verifies signatures, tests endpoints, and confirms your agent card is cryptographically sound.

Run: capiscio validate ./agent.json
🛡️

You need runtime enforcement

CapiscIO Guard enforces identity, integrity, and freshness on every request. CLI validates before deploy. Guard enforces at runtime.

Python: from capiscio import SimpleGuard
⚙️

You are setting up automated testing

The CLI only. It outputs JSON and SARIF formats for CI/CD integration, runs headless, and provides proper exit codes for pipeline automation.

Example: capiscio validate ./agent.json --json --errors-only

Schema Is Not Security

A valid JSON structure does not mean a trustworthy agent. Here is what this tool cannot catch:

  • Signature is present but signed by the wrong key
    Or expired. Or the JWKS URL is unreachable. This tool does not verify cryptographic signatures.
  • No signature at all
    The card cannot prove agent identity. Treat it as unauthenticated metadata until verified by CLI or Guard.
  • Endpoint URL is valid syntax but not reachable
    Firewall rules, DNS issues, SSL problems. This tool never tries to connect.
  • Replayed or stale requests
    Freshness checks require runtime enforcement. Only Guard can reject replays.

This is why CLI and Guard exist. Schema validation is step one. Identity, integrity, and freshness are steps two, three, and four.

Run Full Validation in CLISecure Runtime with Guard →

Ready for Real Validation?

Schema checks pass? Now verify identity, integrity, and freshness.

1

Install the CLI

npm install -g capiscio-cli

Or Python: pip install capiscio

2

Run full validation

capiscio validate ./agent-card.json

This verifies signatures, tests endpoints, and checks protocol compliance.

3

Add runtime enforcement

CLI validates before deploy. Guard enforces at runtime. Same identity, integrity, freshness checks on every request.

Learn more about Guard →

Additional Installation Options

Choose your installation method:
Node.js:
npm install -g capiscio-cli
Python:
pip install capiscio
Standalone Binary (No Dependencies):
Validate with signature verification (automatic):
capiscio validate ./agent-card.json
Test actual endpoints:
capiscio validate https://agent.com
CI/CD integration:
capiscio validate ./agent.json --json --errors-only

Schema Checks Are Just the Start

This page confirms your JSON is valid. CLI and Guard confirm your agent is secure.

Web Checker
Schema completeness
What you just used
CLI
Identity + Integrity
Signatures, endpoints, CI/CD
Guard
+ Freshness
Runtime enforcement

Schema completeness is not a security score. It reflects field presence and JSON validity only.

Schema Passes. Now Prove Identity.

CLI validates signatures and endpoints. Guard enforces identity, integrity, and freshness at runtime.

Learn About Guard →