Runtime security middleware for A2A agents
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
CapiscIO SDK (Python)
Runtime security middleware for A2A (Agent-to-Agent) protocol agents
What is CapiscIO SDK?
CapiscIO SDK provides always-on runtime protection for agents using the A2A (Agent-to-Agent) protocol. It wraps your agent executor to validate incoming requests, verify signatures, and protect against malicious actors—all without requiring peer cooperation.
Key Features
- ✅ Message validation - Schema and protocol compliance checking
- ✅ Signature verification - JWS/JWKS cryptographic validation (RFC 7515)
- ✅ Upstream protection - Validate agents you call
- ✅ Downstream protection - Validate agents calling you
- ✅ Rate limiting - Token bucket algorithm
- ✅ Caching - Performance-optimized validation results
- ✅ Three integration patterns - Minimal, explicit, or decorator
Installation
pip install capiscio-sdk
Quick Start
Pattern 1: Minimal (One-liner with Preset)
from capiscio_sdk import secure, SecurityConfig
from a2a.server.request_handlers import DefaultRequestHandler
from a2a.server.tasks import InMemoryTaskStore
# Wrap your agent with security (production defaults)
agent = secure(MyAgentExecutor(), SecurityConfig.production())
# Use in A2A request handler
handler = DefaultRequestHandler(
agent_executor=agent,
task_store=InMemoryTaskStore()
)
# Access validation results (three-dimensional scoring)
result = await agent.validate_agent_card(card_url)
print(result.compliance.total, result.trust.total, result.availability.total)
Pattern 2: Granular Control
from capiscio_sdk import CapiscIOSecurityExecutor, SecurityConfig
# Start with a preset, customize what matters to you
config = SecurityConfig.production()
config.downstream.rate_limit_requests_per_minute = 100 # Higher rate limit
config.downstream.require_signatures = True # Enforce signatures
config.upstream.test_endpoints = True # Test before calling
config.fail_mode = "monitor" # Log but don't block yet
secure_agent = CapiscIOSecurityExecutor(
delegate=MyAgentExecutor(),
config=config
)
Pattern 3: Environment-Driven (12-Factor App)
from capiscio_sdk import secure_agent, SecurityConfig
from a2a import AgentExecutor, RequestContext, EventQueue
@secure_agent(config=SecurityConfig.from_env())
class MyAgentExecutor(AgentExecutor):
async def execute(self, context: RequestContext, event_queue: EventQueue):
# Your agent logic - config loaded from env vars
pass
# Already secured - use directly!
handler = DefaultRequestHandler(agent_executor=MyAgentExecutor())
All 16 configuration options documented in the Configuration Guide.
Why CapiscIO?
The Problem
When building A2A agents, you face security risks from:
- Malicious downstream agents sending invalid/malicious requests
- Broken upstream dependencies with invalid agent cards
- Protocol violations causing runtime failures
- Missing signatures with no authenticity verification
The Solution
CapiscIO wraps your agent executor and provides:
- Downstream Protection - Validates all incoming requests
- Upstream Protection - Validates agents you call
- Always-On - Works without peer cooperation
- Performance - Caching and parallel validation
- Three-Dimensional Scoring - Compliance, trust, and availability insights
Configuration
Presets
# Development - Permissive, verbose logging
SecurityConfig.development()
# Production - Balanced (default)
SecurityConfig.production()
# Strict - Maximum security
SecurityConfig.strict()
# From environment variables
SecurityConfig.from_env()
Custom Configuration
from capiscio_sdk import SecurityConfig, DownstreamConfig, UpstreamConfig
config = SecurityConfig(
downstream=DownstreamConfig(
validate_schema=True,
verify_signatures=True,
require_signatures=False,
enable_rate_limiting=True,
rate_limit_requests_per_minute=100
),
upstream=UpstreamConfig(
validate_agent_cards=True,
verify_signatures=True,
cache_validation=True,
cache_timeout=3600 # seconds
),
fail_mode="block", # "block" | "monitor" | "log"
timeout_ms=5000
)
Documentation
Roadmap
- V1.0 (Q4 2025) - Core middleware (this package)
- V2.0 (Q2 2026) - Extension protocol (validation feedback)
- V3.0 (Q3 2026) - Platform integration (trust network)
- V4.0 (Q4 2026) - Enterprise features (policies, audit logs)
Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
License
Apache License 2.0 - see LICENSE for details.
About A2A
The Agent-to-Agent (A2A) protocol is an open standard for agent interoperability, supported by Google and 50+ partners including Salesforce, ServiceNow, SAP, Intuit, and more. CapiscIO provides the security layer for production A2A deployments.
Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: docs.capisc.io
- Website: capisc.io
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file capiscio_sdk-0.2.0.tar.gz.
File metadata
- Download URL: capiscio_sdk-0.2.0.tar.gz
- Upload date:
- Size: 128.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dd9b135fd7767e42188f48b80457e816e8e6911178cd16a6e0eedddc255c0144
|
|
| MD5 |
4cc4fa8f87b5208ab5583f74aefa03e2
|
|
| BLAKE2b-256 |
7066532cc969612749f0e805e44b14507b56febb7bb7430fcf65217264822993
|
Provenance
The following attestation bundles were made for capiscio_sdk-0.2.0.tar.gz:
Publisher:
publish.yml on capiscio/capiscio-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
capiscio_sdk-0.2.0.tar.gz -
Subject digest:
dd9b135fd7767e42188f48b80457e816e8e6911178cd16a6e0eedddc255c0144 - Sigstore transparency entry: 712543114
- Sigstore integration time:
-
Permalink:
capiscio/capiscio-sdk-python@c3e38dbaf920ad6ed682809b6a2184228220d5c6 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/capiscio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c3e38dbaf920ad6ed682809b6a2184228220d5c6 -
Trigger Event:
push
-
Statement type:
File details
Details for the file capiscio_sdk-0.2.0-py3-none-any.whl.
File metadata
- Download URL: capiscio_sdk-0.2.0-py3-none-any.whl
- Upload date:
- Size: 45.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
40c60109574e2617dc53f1c0240e3a103096a9e46f59758ff3cbd5faf5313a2e
|
|
| MD5 |
e4365dc35978cd18e4b83bc044b4263c
|
|
| BLAKE2b-256 |
a851681e5c1414162c170df74d15223ff59e75e434b035046927a3ce990338a2
|
Provenance
The following attestation bundles were made for capiscio_sdk-0.2.0-py3-none-any.whl:
Publisher:
publish.yml on capiscio/capiscio-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
capiscio_sdk-0.2.0-py3-none-any.whl -
Subject digest:
40c60109574e2617dc53f1c0240e3a103096a9e46f59758ff3cbd5faf5313a2e - Sigstore transparency entry: 712543122
- Sigstore integration time:
-
Permalink:
capiscio/capiscio-sdk-python@c3e38dbaf920ad6ed682809b6a2184228220d5c6 -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/capiscio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c3e38dbaf920ad6ed682809b6a2184228220d5c6 -
Trigger Event:
push
-
Statement type:
