CapitalGuard

Published standard · version 1.0.0

The open security baseline for AI coding agents.

CapitalGuard Standard turns AI-agent repository risk into twelve testable controls, a deterministic Guardprint, and a public verification protocol.

Normative controls

One baseline. Clear evidence. No hidden pass rules.

Open conformance checks the public controls. CapitalGuard Risk Score calibration remains separate and cannot change whether a required control passed.

CGS-AUTH-001

Authorized scope

Ownership or written authorization is recorded before assessment.

CGS-INV-001

Agent inventory

Agents, instructions, tools, commands, permissions, and connected systems are mapped.

CGS-SEC-001

Secret-safe evidence

Secrets are detected without copying values into reports, logs, or public records.

CGS-DATA-001

Data minimization

Local checks do not upload repository source by default.

CGS-INJ-001

Untrusted instructions

Repository text cannot silently override policy or authorize sensitive tools.

CGS-PRIV-001

Least privilege

Agent file, command, connector, and transfer access is limited to the task.

CGS-HUMAN-001

Human approval

High-impact production, data, auth, billing, and deployment actions require approval.

CGS-POL-001

Machine policy

Blocked paths, protected paths, redaction, and approval gates are explicit.

CGS-DRIFT-001

Guardprint drift

A deterministic SHA-256 baseline makes exposure changes visible.

CGS-REPORT-001

Decision-ready report

Findings include impact, precaution, confidence, and scan limits.

CGS-TRACE-001

Evidence traceability

Every result maps to a versioned control and privacy-safe evidence digest.

CGS-ATTEST-001

Signed attestation

Official records use Ed25519, expiry, revocation, and public key verification.

Open conformance

Adopt the standard without surrendering source.

Free checker runs on the repository owner’s runner.

Matched values and source snippets never enter the output.

Results are conformant, non-conformant, or incomplete.

Self-conformance never grants the CapitalGuard Verified badge.

CapitalGuard Verified

Official proof requires a live signature.

A recorded Guardprint proves integrity. An active verified record additionally proves that CapitalGuard completed the authorized review for that exact scope and version.

Ed25519

Signature

SHA-256

Guardprint

Public

Key registry

Live

Revocation

The standard is open. The intelligence is not.

Clear public controls make adoption easier. Protected scoring and data keep the official assessment hard to imitate.

Risk Score weights and calibration
Threat intelligence and detection tuning
Benchmark distributions and peer data
Reviewer playbooks and escalation thresholds
Anti-fraud controls and private signing keys

CapitalGuard Standard 1.0

Build against the baseline. Verify against the registry.