Skip to content

CommonIntents/CAP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
spec
spec
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CAP — Capability Authentication Protocol

Org

Dynamic defense, activated on demand.

CAP defines who can do what, under what conditions, within what timeframe. It transforms permissions from static passes into a time-bound, evaluable trust process.

CAP is the immune system of the CIS/CAP protocol family.

What CAP Defines

  • Manifest — capability declarations (what a tool exposes, with security constraints)
  • Decision Queue — asynchronous HITL (human-in-the-loop) state machine
  • Capability Handshake — long-term identity → short-lived operational credential
  • Optional Extensions — Lease (time-bound), Expiry, Audit, Passkey, Delegation

Core Philosophy

Not declared, means it does not exist. Extensions not activated mean zero overhead.

Protocol Stack

CIS  (intent semantics)
 ↑
CIB  (transport binding)
 ↑
CISS (mTLS security)
 ↑
CAP  ← You are here

Read the Spec

Related

Protocol Repository
CIS CommonIntents/CIS
CIB CommonIntents/CIB
CISS CommonIntents/CISS

License

Apache 2.0 — see LICENSE.

About

Capability authentication & asynchronous HITL decision standard

Topics

protocol ai-agent hitl trust-minimization capability-authentication

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors