Concepts¶
Understand how CapiscIO works under the hood. These docs explain the why and how behind the platform.
Identity & Trust¶
-
Identity & DIDs
Decentralized identifiers give your agent a permanent, cryptographically verifiable identity.
-
Trust Badges
Cryptographic credentials that attest to your agent's identity verification level (0-4).
-
Trust Levels
The five-level verification hierarchy—from self-signed to extended validation.
Validation & Scoring¶
-
Validation Process
How CapiscIO validates agent cards across 7+ categories: schema compliance, security, versioning, and more.
-
Scoring System
The three-dimensional scoring model: Compliance, Trust, and Availability. What the numbers mean.
Runtime Security¶
-
Enforcement
How SimpleGuard enforces security policies on incoming requests. The runtime protection layer.
-
MCP Security
RFC-006 (tool authorization) and RFC-007 (server verification) for Model Context Protocol.
Infrastructure¶
-
Agent Registry
The central registry for agent discovery, DID resolution, and badge verification.
How It All Fits Together¶
┌─────────────────────────────────────────────────────────────────┐
│ CapiscIO Architecture │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Identity │ │ Trust │ │ Registry │ │
│ │ │ │ │ │ │ │
│ │ DID + Keys │───▶│ Badges │───▶│ Discovery │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │ │ │ │
│ └───────────────────┼───────────────────┘ │
│ │ │
│ ▼ │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ Validation & Scoring │ │
│ │ │ │
│ │ Compliance (0-100) × Trust (0-100) × Availability │ │
│ └────────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌────────────────────────────────────────────────────────────┐ │
│ │ Runtime Enforcement │ │
│ │ │ │
│ │ SimpleGuard → Verify Signatures → Check Trust Level │ │
│ └────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
Concept Quick Reference¶
| Concept | What It Answers |
|---|---|
| Validation | "Is this agent card correctly formatted?" |
| Scoring | "How good is this agent across compliance, trust, availability?" |
| Trust Model | "How do I manage who my agent trusts?" |
| Enforcement | "How do I protect my agent at runtime?" |
| MCP Guard | "How do I secure MCP tools?" |
Specifications (RFCs)¶
For the formal technical specifications, see the CapiscIO RFCs:
| RFC | Title | Status |
|---|---|---|
| RFC-001 | Agent Governance Control Plane (AGCP) | ✅ Approved |
| RFC-002 | Trust Badge Specification | ✅ Approved |
| RFC-003 | Key Ownership Proof Protocol | ✅ Approved |
| RFC-006 | MCP Tool Authority Evidence | ✅ Approved |
| RFC-007 | MCP Server Identity Discovery | ✅ Approved |
Next Steps¶
-
Get Started
Ready to try it? Jump into the getting started guides.
-
How-To Guides
Task-oriented guides for specific problems.