Runtime security middleware for A2A agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for capiscio from gravatar.com capiscio

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Capiscio Team
  • Tags a2a , agent , agent-to-agent , middleware , security , validation
  • Requires: Python >=3.10
  • Provides-Extra: dev , web
Classifiers
Report project as malware

Project description

CapiscIO SDK (Python)

Enforcement-First Security for A2A Agents.

PyPI version License Python 3.10+

CapiscIO is the "Customs Officer" for your AI Agent. It provides military-grade Identity and Integrity enforcement for the Agent-to-Agent (A2A) Protocol with zero configuration.

🚀 The 60-Second Upgrade

Turn any FastAPI application into a Verified A2A Agent in 3 lines of code.

from fastapi import FastAPI
from capiscio_sdk.simple_guard import SimpleGuard
from capiscio_sdk.integrations.fastapi import CapiscioMiddleware

# 1. Initialize Guard (Auto-generates keys in dev_mode)
guard = SimpleGuard(dev_mode=True)

app = FastAPI()

# 2. Add Enforcement Middleware
app.add_middleware(CapiscioMiddleware, guard=guard)

@app.post("/agent/task")
async def handle_task(request: Request):
    # 🔒 Only reachable if Identity + Integrity are verified
    caller = request.state.agent_id
    return {"status": "accepted", "verified_caller": caller}

🛡️ What You Get (Out of the Box)

  1. Zero-Config Identity:

    • Auto-generates Ed25519 keys and agent-card.json on first run.
    • No manual key management required for development.

  2. Payload Integrity:

    • Enforces SHA-256 Body Hash (bh) verification.
    • Blocks tampered payloads instantly (returns 403 Forbidden).

  3. Replay Protection:

    • Enforces strict 60-second token expiration (exp).
    • Prevents replay attacks and ensures freshness.

  4. Performance Telemetry:

    • Adds <1ms overhead.
    • Includes Server-Timing headers for transparent monitoring.

Installation

pip install capiscio-sdk

How It Works

1. The Handshake

CapiscIO enforces the A2A Trust Protocol:

  • Sender: Signs the request body (JWS + Body Hash).
  • Receiver: Verifies the signature and re-hashes the body to ensure integrity.

2. The "Customs Officer"

The SimpleGuard acts as a local authority. It manages your agent's "Passport" (Agent Card) and verifies the "Visas" (Tokens) of incoming requests.

3. Telemetry

Every response includes a Server-Timing header showing exactly how fast the verification was:

Server-Timing: capiscio-auth;dur=0.618;desc="CapiscIO Verification"

Documentation

License

Apache License 2.0 - see LICENSE for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for capiscio from gravatar.com capiscio

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Capiscio Team
  • Tags a2a , agent , agent-to-agent , middleware , security , validation
  • Requires: Python >=3.10
  • Provides-Extra: dev , web
Classifiers

Release history Release notifications | RSS feed

2.7.1

2.7.0

2.6.0

2.5.0

2.4.0

2.3.1

2.3.0

This version

0.3.0

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

capiscio_sdk-0.3.0.tar.gz (134.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

capiscio_sdk-0.3.0-py3-none-any.whl (50.6 kB view details)

Uploaded Python 3

File details

Details for the file capiscio_sdk-0.3.0.tar.gz.

File metadata

  • Download URL: capiscio_sdk-0.3.0.tar.gz
  • Upload date:
  • Size: 134.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for capiscio_sdk-0.3.0.tar.gz
Algorithm Hash digest
SHA256 a7d95eee387c4a99559870cb4fbfff678bf493377981e8e85ff5fb721e55b8bd
MD5 bed8c2a0a129c46f67e96e711fb40510
BLAKE2b-256 50b8ae6ccdd072e3e8db9ad18792fd89a6b1328ba499aed2e38d7a7ce6e7f38d

See more details on using hashes here.

Provenance

The following attestation bundles were made for capiscio_sdk-0.3.0.tar.gz:

Publisher: publish.yml on capiscio/capiscio-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file capiscio_sdk-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: capiscio_sdk-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 50.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for capiscio_sdk-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a0e817eb650d2fac225f1077ccc4be62b356c732343d372524d868a28869d28f
MD5 fde540854f87354a5e4c9efe549e2d86
BLAKE2b-256 6e1e11e5a90a02e94e947321053bcc592a0ed17e1d9fd8e0e4fb31d82acdaf86

See more details on using hashes here.

Provenance

The following attestation bundles were made for capiscio_sdk-0.3.0-py3-none-any.whl:

Publisher: publish.yml on capiscio/capiscio-sdk-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page