# Cabranet Digital SL and Saspien: Complete Public Context > This file consolidates the public website content for AI agents, automated reviewers, search systems, startup-programme reviewers, funding organisations, enterprise design partners, and governance or security teams. It excludes credentials, private plans, financial terms, deployment secrets, and non-public roadmap material. - Canonical site: https://cabranetdigital.com/ - Legal entity: Cabranet Digital SL - Product: Saspien - Public contact: hello@cabranetdigital.com - Spanish contact label: hola@cabranetdigital.com - Location: Santolaya de Cabranes, Asturias, Spain - NIF: B26820449 - EU VAT: ESB26820449 - Registry: Registro Mercantil de Asturias, Hoja AS-65746 - BORME: BORME-A-2026-44-33, announcement 112168, 2026-03-05 - Founding date: 2026-02-19 - Public stage: Saspien Verifier v0 live; enterprise layer in development - Updated: 2026-06-13 ## English Public Content ### Home Agents act on skills you cannot verify. Cabranet Digital SL is building Saspien, a verification and governance layer for AI agents. It checks external skills and MCP servers before execution, across the models, runtimes, clouds, and tooling enterprises already use. Cabranet Digital SL is the Spanish legal entity behind Saspien. The website is intended for enterprise design partners, startup programmes, funding and advisory partners, public innovation reviewers, and AI governance or security teams. ### What Saspien Does Enterprise agents no longer just chat: they call tools, retrieve instructions, and can touch internal systems. When a skill or MCP server comes from outside the organisation, teams need evidence about the source before they let the agent act. Saspien is a small control point in that capability supply chain. Before execution, it verifies the publisher, checks whether the capability still matches what was declared, and returns a decision policy can use: allow, review, or deny. Saspien is deliberately model, runtime, and cloud agnostic. It works alongside Anthropic, OpenAI, or any other model provider so governance teams can obtain provenance evidence without being tied to one vendor's enterprise platform or licensing agreement. NIST SP 800-207 context: Zero Trust assumes that assets and user accounts do not receive implicit trust. Example result: ```text SASPIEN.CHECK capability: orders.reschedule source: publisher verified content: expected and unchanged policy: enterprise policy matched decision: ALLOW ``` ### How Verification Works 1. Authenticate: confirm the publisher behind a skill or MCP server before an agent trusts it. 2. Verify: check that the capability is expected, current, and still matches what was declared. 3. Enforce: return an allow, review, or deny decision with enough evidence for governance and audit. Cabranet Digital SL is building Saspien as a product layer, not an agent runtime, MCP server, LLM safety filter, or consultancy. It sits beside existing models, runtimes, clouds, sandboxes, and monitoring so teams can add provenance evidence without rebuilding their agent stack. ### Saspien Verifier v0 The public verifier implements SASP, the Secure Agent Skills Protocol, Saspien's open protocol for authenticated provenance of agent skills. Version 0 covers domain-anchored provenance, manifest discovery, and content-digest verification. Signing, freshness, and revocation are pending broader publisher adoption and protocol rollout. Accepted input is a domain, a SASP `manifest.json` URL, or another HTTPS URL. The live service performs: - HTTPS-only input validation; - rejection of literal IP, localhost, `.local`, `.internal`, private, and reserved targets; - DNS resolution through DNS-over-HTTPS, including the DNSSEC AD flag; - an SSRF-guarded fetch with size and timeout limits; - SASP manifest discovery and per-skill entry validation; - SHA-256 content-digest verification for same-origin skill artifacts; - inspection for Strict-Transport-Security and Content-Security-Policy headers; - freshness and revocation reporting when publishers provide those fields. The SASP report has six stages: publisher identity, declared skill set, content digests, freshness, revocation, and trust mapping. Each stage receives its own pass, warning, fail, or information status. Generic HTTPS URLs receive a single-resource report. The verifier does not issue one VERIFIED or SAFE verdict. The verifier performs real checks, not a simulation. Its output is a limited technical preview, not a certification or guarantee of safety, security, integrity, or trustworthiness. Demo publisher: `sasp.sh`. ### Agent Invocation, WebMCP And SASP Provenance Agents and HTTP clients can invoke the verifier without a browser by sending: ```text POST https://cabranetdigital.com/api/v1/verify Content-Type: application/json {"url":"sasp.sh"} ``` The public REST endpoint returns the same JSON report as the web interface, permits cross-origin requests, and uses a rate-limit bucket separate from the browser endpoint. A 429 response includes `Retry-After`. On supported browsers, the TEST DRIVE SASPIEN page also feature-detects `document.modelContext` and registers one read-only WebMCP tool named `saspien.verify-url`. A browser agent can use it to run the same visible verification workflow as the form. This path keeps the same-origin `/api/verify` endpoint and requires the page to remain open. The browser first loads the canonical contract at https://cabranetdigital.com/webmcp/saspien.verify-url.json. That exact artifact is declared with a SHA-256 content digest in https://cabranetdigital.com/manifest.json, so TEST DRIVE SASPIEN can verify its publisher domain, same-origin location, declaration, and bytes. WebMCP is a W3C Community Group draft dated 11 June 2026, not a W3C Standard, and browser support is experimental. This is not an MCP server. SASP authenticates the published contract; it does not remotely attest the JavaScript bundle executing in the browser. Target-derived output is untrusted and remains evidence, not a certification or guarantee. Technical note: https://cabranetdigital.com/webmcp/index.md ### Team Tom Coleman is the founder of Saspien. He is building a portable trust layer that lets enterprises check the provenance and integrity of agent skills and MCP servers before AI agents act on them. Saspien is model-, cloud-, and runtime-agnostic. The Verifier v0 is the first public piece of that work. - Profile image: https://cabranetdigital.com/tom-coleman-madeira.png - LinkedIn: https://www.linkedin.com/in/tom-coleman-0719b049/ - GitHub: https://github.com/tom-gemini-cloud ### Contact Cabranet Digital SL welcomes contact from startup programmes, enterprise design partners, funding or advisory partners, public innovation reviewers, and people interested in the work. - Email: hello@cabranetdigital.com - Legal entity: Cabranet Digital SL - Location: Santolaya de Cabranes, Asturias, Spain - Stage: Verifier v0 live; enterprise layer in development - Approach: provenance and governance; vendor-neutral ### Legal Notice The Spanish notice is legally operative. The English text is a courtesy translation. Cabranet Digital SL operates the website from Santolaya de Cabranes, Asturias, Spain. NIF: B26820449. EU VAT: ESB26820449. Registry: Registro Mercantil de Asturias, Hoja AS-65746. Contact: hello@cabranetdigital.com. The website provides information about Saspien and includes the live Saspien Verifier. Use of the site implies acceptance of its terms. Content is informational. The verifier performs real but limited checks and is not a certification or guarantee. Unless otherwise indicated, website content, branding, and code belong to Cabranet Digital SL or its licensors. Spanish law applies, subject to mandatory consumer-protection rules. ### Privacy Policy Cabranet Digital SL is the controller for this website. The contact form uses the submitted email address and message only to respond to the enquiry, based on consent and the company's legitimate interest in answering enquiries. Verifier URLs are used transiently for DNS, fetch, hashing, and manifest analysis. The endpoint applies in-memory IP rate limiting and does not persist submitted URLs. Responses use `Cache-Control: no-store`. The selected English or Spanish language is stored in browser `localStorage` as a functional preference and is not sent to the server. Cloudflare acts as a processor for hosting, network security, email delivery where configured, and Cloudflare Turnstile bot protection. GDPR rights include access, rectification, deletion, restriction, objection, and data portability. Contact hello@cabranetdigital.com to exercise those rights. ## Contenido Publico En Espanol ### Inicio Tus agentes ejecutan skills que no puedes verificar. Cabranet Digital SL desarrolla Saspien, una capa de verificacion y gobernanza para agentes de IA. Comprueba skills externas y servidores MCP antes de la ejecucion, con los modelos, runtimes, nubes y herramientas que la empresa ya usa. ### Que Hace Saspien Los agentes empresariales ya no solo conversan: llaman herramientas, recuperan instrucciones y pueden acceder a sistemas internos. Cuando una skill o un servidor MCP viene de fuera de la organizacion, los equipos necesitan evidencia sobre el origen antes de permitir que el agente actue. Saspien es un punto de control en esa cadena de suministro de capacidades. Antes de la ejecucion, verifica el publicador, comprueba que la capacidad sigue coincidiendo con lo declarado y devuelve una decision que la politica puede usar: permitir, revisar o denegar. Saspien es agnostico respecto al modelo, al runtime y a la nube. Funciona junto a Anthropic, OpenAI o cualquier otro proveedor para aportar evidencia de procedencia sin vincular a la organizacion con la plataforma o licencia de un unico proveedor. ### Como Funciona 1. Autenticar: confirmar el publicador detras de una skill o servidor MCP. 2. Verificar: comprobar que la capacidad es la esperada, esta vigente y sigue coincidiendo con lo declarado. 3. Aplicar: devolver una decision de permitir, revisar o denegar con evidencia para gobernanza y auditoria. Saspien es una capa de producto, no un runtime de agentes, servidor MCP, filtro de seguridad LLM ni consultoria. Convive con modelos, runtimes, nubes, sandboxes y monitorizacion existentes. ### Verificador Saspien v0 El Verificador implementa SASP, el Secure Agent Skills Protocol, el protocolo abierto de Saspien para la procedencia autenticada de skills de agentes. La v0 cubre procedencia anclada al dominio, descubrimiento de manifiestos y verificacion de digest de contenido. La firma, frescura y revocacion dependen de la evolucion del protocolo y la adopcion por los publicadores. Acepta un dominio, una URL de `manifest.json` SASP o cualquier URL HTTPS. Realiza validacion de entrada, DNS-over-HTTPS y estado DNSSEC, proteccion SSRF, descarga limitada, descubrimiento y validacion del manifiesto, SHA-256 para artefactos del mismo origen, cabeceras de seguridad y estado de frescura o revocacion cuando este publicado. El informe SASP contiene seis etapas: identidad del publicador, conjunto declarado de skills, digests de contenido, frescura, revocacion y mapeo de confianza. No emite un unico veredicto VERIFICADO o SEGURO. Es una vista previa tecnica, no una certificacion ni una garantia. Publicador de demostracion: `sasp.sh`. ### Invocacion Por Agentes, WebMCP Y Procedencia SASP Los agentes y clientes HTTP pueden invocar el verificador sin navegador: ```text POST https://cabranetdigital.com/api/v1/verify Content-Type: application/json {"url":"sasp.sh"} ``` El endpoint REST publico devuelve el mismo informe JSON que la interfaz web, admite solicitudes de otros origenes y usa un limite independiente del endpoint del navegador. Una respuesta 429 incluye `Retry-After`. En navegadores compatibles, la pagina PRUEBA SASPIEN tambien detecta `document.modelContext` y registra una herramienta WebMCP de solo lectura llamada `saspien.verify-url`. Esta via mantiene el endpoint `/api/verify` del mismo origen y requiere que la pagina permanezca abierta. El navegador carga primero el contrato canonico en https://cabranetdigital.com/webmcp/saspien.verify-url.json. Ese artefacto exacto se declara con un digest SHA-256 en https://cabranetdigital.com/manifest.json, por lo que PRUEBA SASPIEN puede verificar el dominio del publicador, el mismo origen, la declaracion y los bytes. WebMCP es un borrador de un Community Group del W3C fechado el 11 de junio de 2026, no un estandar W3C, y la compatibilidad es experimental. Esto no es un servidor MCP. SASP autentica el contrato publicado, no el bundle JavaScript en ejecucion. La salida derivada del destino no es confiable y sigue siendo evidencia, no una certificacion ni una garantia. Nota tecnica: https://cabranetdigital.com/webmcp/index.md ### Equipo Y Contacto Tom Coleman es el fundador de Saspien. Desarrolla una capa portatil de confianza para comprobar la procedencia e integridad de skills y servidores MCP antes de que los agentes actuen. - Contacto en ingles: hello@cabranetdigital.com - Etiqueta de contacto en espanol: hola@cabranetdigital.com - Entidad legal: Cabranet Digital SL - Ubicacion: Santolaya de Cabranes, Asturias, Spain - Etapa: Verificador v0 disponible; capa enterprise en desarrollo ### Aviso Legal Y Privacidad La version espanola del aviso legal es la vigente. Cabranet Digital SL opera el sitio desde Santolaya de Cabranes, Asturias, Spain. NIF B26820449; IVA UE ESB26820449; Registro Mercantil de Asturias, Hoja AS-65746. El contenido es informativo y el Verificador no constituye una certificacion o garantia. La legislacion espanola es aplicable, sin perjuicio de normas obligatorias de proteccion de consumidores. El formulario de contacto trata el correo y mensaje para responder a la consulta. Las URL del Verificador se usan transitoriamente y no se persisten. La preferencia de idioma se guarda en `localStorage`. Cloudflare presta servicios de alojamiento, seguridad de red, correo cuando esta configurado y Turnstile. Los derechos RGPD pueden ejercerse escribiendo a hola@cabranetdigital.com o hello@cabranetdigital.com. ## Canonical Resources - [LLM index](https://cabranetdigital.com/llms.txt) - [Markdown mirror](https://cabranetdigital.com/llms-full.md) - [Markdown home](https://cabranetdigital.com/index.md) - [Markdown menu](https://cabranetdigital.com/menu/index.md) - [Markdown what page](https://cabranetdigital.com/what/index.md) - [Markdown how page](https://cabranetdigital.com/how/index.md) - [Markdown verifier page](https://cabranetdigital.com/verify/index.md) - [Markdown team page](https://cabranetdigital.com/team/index.md) - [Founder profile image](https://cabranetdigital.com/tom-coleman-madeira.png) - [Markdown contact page](https://cabranetdigital.com/contact/index.md) - [Markdown legal notice](https://cabranetdigital.com/legal/index.md) - [Markdown privacy policy](https://cabranetdigital.com/privacy/index.md) - [Agent profile JSON](https://cabranetdigital.com/.well-known/agent.json) - [Agent profile Markdown](https://cabranetdigital.com/.well-known/agent.md) - [Agent Skills index JSON](https://cabranetdigital.com/.well-known/agent-skills/index.json) - [Agent Skills index Markdown](https://cabranetdigital.com/.well-known/agent-skills/index.md) - [Agent Skill](https://cabranetdigital.com/.well-known/agent-skills/cabranet-digital-sl-website/SKILL.md) - [Security contact](https://cabranetdigital.com/.well-known/security.txt) - [Security policy Markdown](https://cabranetdigital.com/.well-known/security.md) - [XML sitemap](https://cabranetdigital.com/sitemap.xml) - [Markdown sitemap](https://cabranetdigital.com/sitemap.md) - [Crawler policy](https://cabranetdigital.com/robots.txt) - [Crawler policy Markdown](https://cabranetdigital.com/robots.md)