Skip to content

[Dream Cycle 2026-06-26] security: MCP tool permission attestation β€” ADR-155#2472

Draft
ruvnet wants to merge 1 commit into
mainfrom
dream/2026-06-26-security
Draft

[Dream Cycle 2026-06-26] security: MCP tool permission attestation β€” ADR-155#2472
ruvnet wants to merge 1 commit into
mainfrom
dream/2026-06-26-security

Conversation

@ruvnet

@ruvnet ruvnet commented Jun 26, 2026

Copy link
Copy Markdown
Owner

Dream Cycle β€” 2026-06-26 | DEEP: security | SCAN: intelligence, swarm

Rotation

Field Value
Date 2026-06-26
Slot 1
Deep Surface security
Scan Surfaces intelligence, swarm
Session Commit 8ae87524553569dcd6ba6a7e7e96fbea6b0e0b74

ADR

ADR-155 β€” MCP Tool Permission Attestation (Min-Privilege Contract)
v3/docs/adr/ADR-155-mcp-tool-permission-attestation.md

Proposes a ToolPermissionContract at MCP tool registration + a McpPermissionGuard in SafeExecutor that rejects calls escalating beyond declared privilege boundary. Driven by:

  • ShareLock (arXiv 2026): >90% MCP poisoning ASR β€” no tool boundary = trivial attack
  • ToolPrivBench (arXiv 2026): 64.9% OPUR baseline; post-training target 27.02%
  • ControlPlane (arXiv 2026): <1% of agents declare permission boundaries

Research Report

v3/docs/dream-cycle/2026-06-26-security-sota.md (committed to this branch)

7 Grade-A claims. Key benchmarks:

  • ShareLock ASR: >90% (Grade A)
  • ToolPrivBench OPUR baseline: 64.9% (Grade A)
  • ToolPrivBench post-training: 27.02% (Grade A)
  • Progent ASR reduction: 25.8% β†’ 4.2% (Grade A)
  • Entropy jailbreak AUROC: 0.941 (Grade A)

Issue

Closes / tracks: #2471

Scan Summaries

Intelligence: Plan representations decay 4.1×–12.4Γ— after one step (Snowflake 2026). SONA has no plan-persistence guard β€” implementation-level, no ADR.

Swarm: SPIN reduces policy coordination O(n^m) β†’ O(mΒ·n·χ²). Ruflo hierarchical-default is suboptimal above ~16 agents β€” implementation-level, no ADR.

Witness

Witness stamp: 94640412feecef6ccef028cece6fb8af1abb8d577c12c850fd9f0a979a969cfc

Merge Policy

Do not self-merge. Leave for human review. This is a research/ADR PR β€” no implementation code changed. The ADR is Proposed status; implementation tracked in the issue.

⚠️ Needs-Merge Note

0 dream-cycle PRs have been merged in the last 14 nights. Prior dream cycle PRs are accumulating β€” human review and merges are needed to close the backlog.


Generated by Claude Code

…ap (ShareLock >90% ASR, ToolPrivBench 64.9% OPUR)

- Add ADR-155: MCP Tool Permission Attestation (min-privilege contract at tool registration + dispatch)
- Add SOTA report: v3/docs/dream-cycle/2026-06-26-security-sota.md
- Update v3/docs/adr/README.md with ADR-155 row

Witness: 94640412feecef6ccef028cece6fb8af1abb8d577c12c850fd9f0a979a969cfc

Co-Authored-By: RuFlo <ruv@ruv.net>
Claude-Session: https://claude.ai/code/session_01X8VCF2hF6oSfoFZXWx1DDe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants