Comprehensive validation for AI agent trust and protocol compliance | Beyond schema validation - test cryptographic authenticity and live protocol functionality.
π Learn more about CapiscIO | Download Page | Web Validator
Agent cards can pass schema validation but fail in production due to real-world integration issues.
- π Endpoint connectivity - declared URLs return 404 or timeout
β οΈ Protocol implementation gaps - JSONRPC/GRPC errors in production- π Missing cryptographic signatures - no way to verify agent authenticity
- π Specification compliance - subtle A2A protocol violations
- β Schema vs reality - valid JSON but broken functionality
- π JWS signature verification - cryptographically verify agent authenticity
- π Live endpoint testing - catch broken protocols before deployment
- β‘ Zero-dependency validation - no npm vulnerabilities or Python conflicts
- π‘οΈ Comprehensive validation - trust AND functionality in one command
π‘ Prefer a web interface? Try our online validator at capisc.io - no installation required!
# Install globally
npm install -g capiscio-cli
# Validate your agent
capiscio validate ./agent-card.json
# Test live endpoints
capiscio validate https://your-agent.com
# Strict validation for production
capiscio validate ./agent-card.json --strict --jsonIf you don't want to use Node.js or Python, you can download the standalone Go binary directly from the capiscio-core repository. This is the engine that powers the CLI.
Download latest binaries from capiscio-core releases
| Platform | Architecture | Binary Name |
|---|---|---|
| Linux | x64 | capiscio-linux-amd64 |
| macOS | Intel | capiscio-darwin-amd64 |
| macOS | Apple Silicon | capiscio-darwin-arm64 |
| Windows | Intel x64 | capiscio-windows-amd64.exe |
# Download the binary
curl -L -o capiscio https://github.com/capiscio/capiscio-core/releases/download/v1.0.2/capiscio-linux-amd64
# Make executable
chmod +x capiscio
# Run
./capiscio validate ./agent-card.json- π Two-Layer Validation - ONLY CapiscIO validates both cryptographic trust AND protocol compliance
- β JWS Signature Verification - Cryptographic validation of agent authenticity (RFC 7515 compliant)
- π Live Protocol Testing - Actually tests JSONRPC, GRPC, and REST endpoints (not just schemas)
- β‘ High Performance - Powered by a native Go binary for blazing fast validation
- π‘οΈ Secure by Default - Signature verification enabled automatically
- π§ CI/CD Ready - JSON output with proper exit codes for automated pipelines
- π Smart Discovery - Finds agent cards automatically with multiple fallbacks
- π» Cross-Platform - npm or standalone binaries
capiscio validate [input] [options]
# Examples
capiscio validate # Auto-detect in current directory
capiscio validate ./agent-card.json # Validate local file (with signatures)
capiscio validate https://agent.com # Test live agent (with signatures)
capiscio validate ./agent-card.json --skip-signature # Skip signature verification
capiscio validate ./agent-card.json --verbose # Detailed output
capiscio validate ./agent-card.json --registry-ready # Check registry readiness
capiscio validate https://agent.com --errors-only # Show only problems
capiscio validate ./agent-card.json --show-version # Version analysis| Option | Description |
|---|---|
| --strict | Strict A2A protocol compliance |
| --json | JSON output for CI/CD |
| --verbose | Detailed validation steps |
| --timeout | Request timeout (default: 10000) |
| --schema-only | Skip live endpoint testing |
| --skip-signature | Skip JWS signature verification |
| --test-live | Test agent endpoint with real messages |
The --test-live flag tests your agent endpoint with real A2A protocol messages:
# Test agent endpoint
capiscio validate https://agent.com --test-live
# Test with custom timeout
capiscio validate ./agent-card.json --test-live --timeout 5000
# Full validation for production
capiscio validate https://agent.com --test-live --strict --jsonWhat it validates:
- β Endpoint connectivity
- β JSONRPC and HTTP+JSON transport protocols
- β A2A message structure (Message, Task, StatusUpdate, ArtifactUpdate)
- β Response timing metrics
Exit codes for automation:
0= Success1= Schema validation failed2= Network error (timeout, connection refused, DNS)3= Protocol violation (invalid A2A response)
Use cases:
- CI/CD post-deployment verification
- Cron-based health monitoring
- Pre-production testing
- Third-party agent evaluation
- Multi-environment validation
- Progressive (default): Balanced validation with warnings for compatibility issues
- Strict: Full compliance required, warnings become errors, registry-ready validation
Registry Ready: Use --registry-ready for strict validation optimized for agent registry deployment.
CapiscIO CLI automatically provides detailed quality scoring across three independent dimensions:
# Scoring is shown by default
capiscio validate agent.jsonThree Quality Dimensions:
- Spec Compliance (0-100) - How well does the agent conform to A2A v0.3.0?
- Trust (0-100) - How trustworthy and secure is this agent? (includes confidence multiplier)
- Availability (0-100) - Is the endpoint operational? (requires
--test-live)
Each score includes a detailed breakdown showing exactly what contributed to the result.
Note: Legacy single-score output has been replaced by this multi-dimensional system in v2.0.0.
Stop Integration Disasters Before They Happen:
- Compromised agents inject malicious responses - unsigned cards can't be trusted
- JSONRPC methods return wrong error codes - protocol violations cause failures
- GRPC services are unreachable or misconfigured - integration breaks silently
- REST endpoints don't match declared capabilities - runtime mismatches
- Tampered agent cards - man-in-the-middle attacks succeed
- Production failures cascade - one bad agent brings down your system
- JWS signature verification - cryptographically prove agent authenticity
- Live endpoint connectivity testing - catch broken protocols before deployment
- A2A protocol compliance validation - prevent specification violations
- HTTPS-only JWKS security - tamper-proof key distribution
- Real connectivity validation - beyond schema to actual functionality
The only CLI that validates both cryptographic trust AND protocol compliance.
Unlike basic schema validators, CapiscIO CLI actually tests your agent endpoints and verifies cryptographic signatures:
- JSONRPC - Validates JSON-RPC 2.0 compliance and connectivity
- GRPC - Tests gRPC endpoint accessibility
- REST - Verifies HTTP+JSON endpoint patterns
- JWS Signatures - Cryptographic verification of agent card authenticity (RFC 7515)
- Consistency - Ensures equivalent functionality across protocols
Perfect for testing your own agents and evaluating third-party agents before integration.
CapiscIO CLI now includes secure by default JWS signature verification for agent cards:
- RFC 7515 compliant JWS (JSON Web Signature) verification
- JWKS (JSON Web Key Set) fetching from trusted sources
- Detached signature support for agent card authentication
- HTTPS-only JWKS endpoints for security
# Signature verification runs automatically
capiscio validate ./agent-card.json
# Opt-out when signatures aren't needed
capiscio validate ./agent-card.json --skip-signature- Authenticity - Verify agent cards haven't been tampered with
- Trust - Cryptographically confirm the publisher's identity
- Security - Prevent malicious agent card injection
- Compliance - Meet security requirements for production deployments
Signature verification adds minimal overhead while providing crucial security guarantees for agent ecosystems.
# GitHub Actions
- name: Validate Agent
run: |
npm install -g capiscio-cli
capiscio validate ./agent-card.json --json --strict# GitHub Actions - No Node.js required
- name: Download and Validate Agent
run: |
# Download Core Binary (Linux AMD64)
curl -L -o capiscio https://github.com/capiscio/capiscio-core/releases/download/v1.0.2/capiscio-linux-amd64
chmod +x capiscio
./capiscio validate ./agent-card.json --json --strictExit codes: 0 = success, 1 = validation failed
Q: What is the A2A Protocol?
A: The Agent-to-Agent (A2A) protocol v0.3.0 is a standardized specification for AI agent discovery, communication, and interoperability. Learn more at capisc.io.
Q: How is this different from schema validators?
A: We actually test live JSONRPC, GRPC, and REST endpoints with transport protocol validation, not just JSON schema structure. We also verify JWS signatures for cryptographic authenticity.
Q: Can I validate LLM agent cards?
A: Yes! Perfect for AI/LLM developers validating agent configurations and testing third-party agents before integration.
Q: What file formats are supported?
A: Current spec uses agent-card.json. We also support legacy agent.json files and auto-discover from /.well-known/agent-card.json endpoints.
Apache-2.0 Β© CapiscIO
Need help? Visit capisc.io | Open an issue | Documentation | Web Validator
Keywords: A2A protocol, AI agent validation, agent-card.json validator, agent.json validator, agent-to-agent protocol, LLM agent cards, AI agent discovery, agent configuration validation, transport protocol testing, JSONRPC validation, GRPC testing, REST endpoint validation, agent protocol CLI, AI agent compliance, JWS signature verification, agent card authentication