Skip to content

[Dream Cycle 2026-06-16] security: MCP tool attestation + injection monitoring (ADR-159)#2394

Draft
ruvnet wants to merge 1 commit into
mainfrom
dream/2026-06-16-security
Draft

[Dream Cycle 2026-06-16] security: MCP tool attestation + injection monitoring (ADR-159)#2394
ruvnet wants to merge 1 commit into
mainfrom
dream/2026-06-16-security

Conversation

@ruvnet

@ruvnet ruvnet commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Tonight's Rotation

Field Value
SLOT 1
DEEP security
SCAN intelligence, swarm
Date 2026-06-16
Session commit 28c81c03e3e84555a9238b3217b9f586fc0c7dbc

ADR

ADR-159 — Multi-Layer Agent Security Stack
Path: v3/docs/adr/ADR-159-multi-layer-agent-security.md
Status: Proposed

Three-layer design:

  1. MCP Tool Attestation — cryptographic signing + capability-based access control for 314 registered tools
  2. Indirect Prompt Injection Monitoring — content sanitization at pre-task, post-edit, pre-command hooks
  3. Agent Action Audit Trail — append-only AgentDB log + checkpoint/rollback for Goal Hijacking (OWASP ASI01)

Research Report

Full SOTA report: v3/docs/dream/2026-06-16-security-report.md

Key grade-A findings:

  • ClawSafety: ASR 40–75% across frontier models (arXiv:2604.01438)
  • MCP threat coverage: single defense ≤34%; MCPSHIELD integrated: 91% (arXiv:2604.05969)
  • Jailbreak success: >90%; backdoor: ~100%; env injection: 93% (arXiv:2506.23260)
  • OWASP Agentic Top 10 2026: ASI01 = Agent Goal Hijacking

Witness

Field Value
Report SHA-256 4622f385ffd1f94b931c45e0f7811fdde0a74493ddd6d9b1330c639d8355011f
Witness stamp eb541488c3bebd7c55602b4690c143b94c142e79344a16e09f70843bb4a420ac

Merge Policy

Leave for human review. Do not self-merge.

ADR-159 requires architectural review before implementation begins. Pending 21 nights of unmerged dream PRs — recommend reviewing highest-impact open dream PR first (see needs-merge note in issue).


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant