Agent Capsule Protocol for inspectable text-native artifact transfer

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for arikyp from gravatar.com arikyp

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags agents , ai-agents , artifact-transfer , protocol , security , provenance , signatures , base64 , governance
  • Requires: Python >=3.11
  • Provides-Extra: signing , compression , fetch , all
Classifiers
Report project as malware

Project description

Agent Capsule

Tests PyPI License

Agent Capsule is the verifiable handoff format for agents.

It is a small open protocol + developer toolkit for safe agent handoffs. It wraps exact machine-readable payloads in a text-native envelope so receivers can detect, verify, policy-check, and unpack safely.

2-Minute Proof

python3 -m pip install agentcapsule
agentcapsule pack handoff.json --out capsule.txt
agentcapsule ingest thread.txt --out ./sandbox --strict --json

If ingest exits 0, the handoff passed verification/policy and unpacked safely. If ingest exits non-zero in --strict, treat it as a CI/governance failure.

One Command, One Function

CLI:

agentcapsule ingest thread.txt --out ./sandbox --policy ./policy.json --json --strict

Python:

from agentcapsule import ingest_for_framework

result = ingest_for_framework(
    messages=thread_messages,
    out_dir="./sandbox",
    policy="./policy.json",
)

print(result.inline_capsules)
print(result.references)
print(result.unpacked_files)

What It Solves

Normal agent channels are lossy for machine payloads (truncation, formatting drift, silent edits). Agent Capsule turns handoffs into verifiable artifacts.

Protocol Layers

  • Capsule: exact payload bytes + metadata + hash/signature context.
  • Envelope: text wire format with boundary markers, headers, and encoded payload.
  • Manifest: handoff intent (creator, task, files, capabilities, policy hints).
  • Delivery modes: inline, attachment, reference (URI + capsule hash + payload hash).

Delivery Modes

  • inline: full capsule in message body.
  • attachment: full capsule as file/blob.
  • reference: descriptor in message, full capsule fetched by URI.

Reference descriptors are not authoritative by themselves. Receivers must fetch the full capsule and verify capsule_sha256, payload_sha256, signature trust policy, and receiver policy.

Not A Transport Platform

Agent Capsule does not replace transport. It travels through existing systems: chat, tickets, email, GitHub, A2A/MCP workflows, and object storage.

Security And Trust Model

Baseline:

  • SHA256 payload integrity checks.
  • Local policy checks.
  • Safe unpacking into a chosen output directory.

Optional hardening:

  • HMAC-SHA256 signatures.
  • Ed25519 signatures and trust registry checks.
  • Signed trust snapshot import/sync into local registries (trust import-snapshot, trust sync).
  • AES-256-GCM payload encryption (agentcapsule[signing], experimental optional extra).
  • Zstandard compression (agentcapsule[compression], experimental optional extra).
  • Resumable reference fetching (agentcapsule[fetch], experimental optional extra).

For trust sync, snapshot key entries must include inline public_key; public_key_path entries are rejected.

Current Limitations

  • No hosted trust service: signature trust resolution is local-file policy/registry driven.
  • No remote/global key-discovery protocol yet: receivers must supply local trust inputs.
  • No first-party JS/TS reference implementation yet.
  • Governance output is JSON-first; there is no built-in long-running dashboard service.
  • Encryption, compression, and reference fetching are optional extras and currently experimental surfaces.

Typical Flow

  1. Sender packs payload into a capsule.
  2. Sender transports inline/attachment/reference.
  3. Receiver scans and ingests.
  4. Receiver verifies metadata, hashes, signature trust, and policy.
  5. Receiver unpacks verified payload into sandbox.
  6. Receiver runs downstream logic on unpacked files.

Install

PyPI:

python3 -m pip install agentcapsule

Full optional capabilities:

python3 -m pip install "agentcapsule[all]"

Individual optional extras:

python3 -m pip install "agentcapsule[signing]"
python3 -m pip install "agentcapsule[compression]"
python3 -m pip install "agentcapsule[fetch]"

Reference fetching support only:

python3 -m pip install "agentcapsule[fetch]"

Docs

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for arikyp from gravatar.com arikyp

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags agents , ai-agents , artifact-transfer , protocol , security , provenance , signatures , base64 , governance
  • Requires: Python >=3.11
  • Provides-Extra: signing , compression , fetch , all
Classifiers

Release history Release notifications | RSS feed

This version

0.1.4

0.1.3

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentcapsule-0.1.4.tar.gz (57.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentcapsule-0.1.4-py3-none-any.whl (48.9 kB view details)

Uploaded Python 3

File details

Details for the file agentcapsule-0.1.4.tar.gz.

File metadata

  • Download URL: agentcapsule-0.1.4.tar.gz
  • Upload date:
  • Size: 57.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agentcapsule-0.1.4.tar.gz
Algorithm Hash digest
SHA256 b9425d3f6c153d0b1132234391d210f13bdc784ba98fdb81041ca2f5f452fb6e
MD5 426d7d2a98c14542e12efa3595cbdbc0
BLAKE2b-256 b3b8ce917683b94d6074530321ab6b48ef726e00e56b3dc2e9bb529a218d837a

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentcapsule-0.1.4.tar.gz:

Publisher: pypi-publish.yml on arikyp/agentcapsule

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agentcapsule-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: agentcapsule-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 48.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agentcapsule-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 30b787bf69674a9eafb877f824bf3bd730a06db8dec180a4148d250e6c86881c
MD5 7e1890b50ec25ecfa18e8b4d5317e91d
BLAKE2b-256 ede66d7307fc94e9b95a9fa0a834ba636079f76990a1a50f2c075de18ff79edd

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentcapsule-0.1.4-py3-none-any.whl:

Publisher: pypi-publish.yml on arikyp/agentcapsule

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page