Capsule format · v0.6 · SDKs
One format, several reference implementations.
The v0.6 format specification is the contract; the SDKs are reference implementations that all build against the same canonical test vectors. New implementations are welcome, and the test vectors are the conformance gate: an implementation is Capsule-compliant when its hashes match the JS reference on the published vectors.
Conformance · verified 2026-05-12 · view report · machine-readable
Section 01
Status at a glance
One row per implementation. Status labels below the table are deliberately blunt: shipped is shipped, in flight is in flight, PoC is PoC.
| Language | Package | Version | Status | Maintainer |
|---|---|---|---|---|
| JavaScript | @capsule/sdk-v0.6-prototype |
0.6.0 | Reference lane | Virion.ai |
| Python | capsule |
0.6.0 | SDK lane | Virion.ai |
| Rust | capsule-verify |
verifier only | Independent verifier lane | Virion.ai |
| Swift | Capsule |
0.6.0 | SDK lane | Virion.ai |
| Kotlin | ai.virion.capsule |
0.6.0 | Plain-capsule lane | Virion.ai |
Status legend
- Reference lane: primary JavaScript implementation for builder, reader, verifier, CLI, and browser examples.
- SDK lane: public implementation intended to track v0.6 behavior and conformance vectors.
- Independent verifier lane: verifier-focused implementation used to keep the spec from becoming a single-library contract.
Section 02 · Test vectors are the contract
Conformance
The current public harness tests the JavaScript reference SDK, CLI checks, spec-vector registry checks, and generic example capsules. Other implementation lanes remain visible in the matrix so contributors can track where parity work is expected, without implying they are all executed by the same CI target today.
git clone https://github.com/virionai/capsules-protocol cd capsules-protocol node tools/run-conformance.mjs
The website keeps the last published report until upstream CI publishes a new output/conformance-report.md.
What's verified
sdk-jsreference implementation andclichecks.spec/vectorsregistry checks.- Generic examples: report, table/graph, and React-rendered artifact capsules.
- Repository hygiene checks for generic examples.
Reports are archived at /conformance/ with one dated copy per public release.
Section 03
JavaScript (Shipped)
The reference SDK. Builder, reader, verifier, the canonical-JSON and Ed25519 primitives, and the deterministic-ZIP container live in a single npm package. The exported surface includes CapsuleBuilder, CapsuleReader, verifyCapsule, plus the lower-level buildChainEvents, hashEvent, verifyChain, buildEnvelope, signEnvelope, verifyEnvelopeSignatures, buildManifest, computeCapsuleId, packZip, unpackZip, and the JCS / SHA-256 helpers (jcs, sha256, sha256Hex). Two dependencies: canonicalize (RFC 8785 JCS) and jszip (deterministic ZIP). Node 20 or newer; runs unmodified in browsers via a bundler.
npm install @capsule/sdk-v0.6-prototype
import { CapsuleReader, verifyCapsule } from "@capsule/sdk-v0.6-prototype";
const bytes = await fetch("/examples/medical-journal/sample.capsule")
.then((r) => r.arrayBuffer());
const reader = await CapsuleReader.fromBytes(new Uint8Array(bytes));
const result = await verifyCapsule(reader, { allowlist: [] });
console.log(result.ok, result.level, result.envelope.signers);
Source: github.com/virionai/capsules-protocol/tree/main/sdk-js.
Browser-only reference builds without a bundler are demonstrated in examples/medical-journal/: the clinician reader loads the SDK in a single offline HTML file.
Section 04
Python (In flight)
Capsule started as a Python codebase. The Python implementation is being upgraded to v0.6 in the open, on the same crypto primitives as the JS SDK (SHA-256, JCS RFC 8785, Ed25519 raw-byte signing, ChaCha20-Poly1305 + X25519 + HKDF-SHA256 for encrypted capsules) and the same deterministic ZIP rules. It is expected to ship parity against the JS reference test vectors as the second independent implementation.
This is the format-stewardship signal. Independent implementations completing test-vector parity are what move v0.6 from reference implementation toward stable protocol. See the ROADMAP.md gates for the current criteria.
Section 05
Rust (verifier-only)
The Rust implementation is verifier-focused: capsule verify file.capsule, exit 0 on pass, exit 1 on fail, with typed errors for server-side and command-line workflows.
Verifier-first is the right first scope because the verifier is the contract any consumer needs; the builder is what producers need.
Section 06
Swift & Kotlin
Swift
The Swift lane lives in the public repository under sdk-swift/. It covers native reading, building, canonicalization, signatures, and parity tests against repository fixtures.
Kotlin
The Kotlin lane lives under sdk-kotlin/. It tracks the plain JCS, SHA-256, and Ed25519 path and rejects unsupported encrypted capsules until that profile is implemented.
Section 07
How conformance works
Conformance is test-vector parity. A new implementation is Capsule-compliant when it produces capsules whose content_index_hash matches the JS reference, and whose canonical envelope payload signs and verifies bit-identically against the published test vectors. Every hash that ships in provenance/envelope.json (capsule_id, first_event_hash, entry_hash, manifest_hash, content_index_hash, envelope_signature) is checkable byte-for-byte.
Conformance is not enforced by anything except those test vectors. There is no certification program, no registry of approved implementations, no "Capsule Foundation" issuing logos. The test vectors are the conformance program: if the hashes match, the implementation is compliant; if they don't, it isn't.
The spec lives at /protocol/v0.6/: five files (format, manifest, chain, envelope, trust), roughly 5 KB of text in total. The latest conformance results, including the per-target breakdown, are published at /conformance/latest.md.
Section 08
Building a new implementation
What an implementer should know before starting:
- Format anchor. /protocol/v0.6/ is the canonical spec. Five spec files (
format,manifest,chain,envelope,trust), roughly 5 KB of text total. Read these first; everything else is an artifact of them. - Crypto primitives required. SHA-256, JCS RFC 8785, Ed25519 (raw-byte signing: sign the bytes, not a hex string), and for encrypted capsules ChaCha20-Poly1305 + X25519 + HKDF-SHA256.
- ZIP primitives required. For writing: a deterministic
ZIP_STOREDwriter with fixed timestamps and sorted paths. For reading: any compliant ZIP parser. - Test vectors. Drop the new SDK against the published vectors; if the hashes match, it's compliant. The
capsule vectors verify <vectors.json>CLI is the single line a CI matrix can run across JS, Rust, Python, Swift, Kotlin to prove the implementations agree. - No second-class implementations. Partial implementations are explicitly welcome: verifier-only Rust, builder-only Python, mobile SDKs scoped to read-only. The roadmap rewards completed shapes over comprehensive coverage. A clean verifier with test-vector parity is a stronger contribution than a half-finished builder.
Open an issue at github.com/virionai/capsules-protocol/issues to coordinate.
Section 09
Roadmap
- v0.6 locks when a second independent implementation round-trips signed test vectors. This is milestone 1 of the project roadmap; until it lands, every version commitment is debt.
- Once locked, the Capsule spec gets a versioned release tag and the JS SDK rebases from
0.6.0-prototype.xto0.6.0. The "prototype" suffix is the visible signal that the format has not yet been independently validated. - v0.7 plans: AES-256-GCM cipher support, encrypted-capsule extension (multi-recipient envelope), and RFC 3161 / Rekor temporal anchoring. All three are parking-lot today, blocked on adoption signal, not on engineering.
See the full roadmap for current v1.0 gates.