Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Mund — MCP Security Scanner

БесплатноНе проверен

Scan for prompt injection, secrets, PII, and vet MCP servers before installation

GitHubEmbed

Описание

Scan for prompt injection, secrets, PII, and vet MCP servers before installation

README

Infrastructure security for AI agents. We attack what we defend.

npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm License

Make agent behavior verifiable, auditable, and cryptographically provable across any harness, any platform. Built as a TypeScript monorepo with MCP integration, blockchain anchoring, and — as of Q4 — a published red-team engine that tests our own defenses.

The thesis: every security platform claims its defenses work. We're the first to publish the attacks that prove it. Same suite. Same scorecard. Same locked benchmark — applied to our own packages, every release.


🚀 Get started in one command

npx @weave_protocol/cli init

The CLI detects your framework (LangChain, LlamaIndex, MCP, OpenAI, Anthropic, Microsoft, Google) and scaffolds the right security middleware for your stack. Or install everything at once:

npm install @weave_protocol/full

🆕 What's New

⚔️ Q4 Moat Quarter — we attack what we defend

The first agent security platform to publish its own offensive engine. Two new packages flipped the suite from purely defensive to defense + offense in the same monorepo, validated against each other:

Package Role Version
@weave_protocol/adversary Offensive engine — 68 documented + novel attacks across 5 categories (IPI, tool-coercion, jailbreak, extraction, goal-corruption). Real Playwright browser target with 4 breach signal channels. Real-LLM demo mode via Anthropic API. v0.2.1
@weave_protocol/agentsecbench Standardized benchmark — locked attack suites, tier grades A–F, paste-ready reports, side-by-side comparison ✅ v0.1.0

Trophy attacks — documented in-the-wild incidents reproduced in the corpus:

  • 🏦 Atlan autonomous-fraud (Dec 2025) — first documented agent-driven financial fraud
  • 🔒 EchoLeak (CVE-2025-32711) — Microsoft Copilot zero-click exfil
  • 👻 Brave/Comet OTP exfil (2025) — browser agent secret leak via hidden CSS
  • 🚫 Forcepoint false copyright (Apr 2026) — DoS via fake copyright claim
# Run the canonical benchmark against the demo target — proves the suite lands
npx @weave_protocol/agentsecbench run

# Or run the full 68-attack corpus directly
npx @weave_protocol/adversary demo

Why this matters: every model release, every WARD policy change, every adapter update can be re-benchmarked against the same locked suite. Did your score regress? agentsecbench compare will show you. Does your WARD policy actually defend anything? --measure-ward-delta will tell you. This is how a category gets defined.

See Adversary README → · See AgentSecBench README → · See METHODOLOGY.md →


💰 Q4 Governance — autonomous spending caps

Every enterprise agent question today is "what's my ceiling on this thing?" — measured in dollars, not just tool calls. @weave_protocol/[email protected] answers it. Per-window budgets (run / hour / day / week / month) that gate LLM calls and tool calls, with three actions: block, require approval/consensus, or notify.

Multi-provider LLM pricing built in — Anthropic, OpenAI, Google, and local (free). Per-tool amount caps (send_payment max $500/day). Interactive TTY approval prompt for human-in-loop terminals. Async callback for Slack/PagerDuty/custom UIs. Safe defaults — never silent approval in non-interactive contexts.

npx @weave_protocol/[email protected] spending caps         # inspect WARD.md caps
npx @weave_protocol/[email protected] spending simulate     # dry-run scenarios
# Extend your WARD.md:
spending_limits:
  - window: day
    budget: { usd: 5.00 }
    on_exceeded: require_approval
  - window: run
    budget: { tool_calls: 100 }
    on_exceeded: block
  - window: day
    budget:
      tools:
        send_payment: { max_amount_usd: 500 }
    on_exceeded: require_approval

Backward compatible with the existing behavioral_limits.maxCostUSD. In-memory storage in v1.1 with a pluggable interface for the v1.2 Redis/SQLite backends. Programmatic API via import { SpendingTracker } from '@weave_protocol/witan/spending'.

See Witan spending caps README →


🛡️ Four runtimes. Three vendors. One policy file.

The thesis was that WARD.md could be a portable agent security standard — write it once, enforce it everywhere. As of today, that's shipped and live across the entire agent harness landscape:

Runtime Vendor Enforcer Status
MCP servers Open standard Hundredmen v1.1.0 ✅ Live on npm
Claude Code Anthropic adapter-claudecode v0.1.0 ✅ Live on npm
Google Antigravity (desktop + agy CLI + SDK) Google adapter-antigravity v0.1.0 ✅ Live on npm
Microsoft Agent Framework Microsoft adapter-msaf v0.1.0 ✅ Live on npm
Browser agents Open standard browser v0.1.0 ✅ Live on npm

The same WARD.md file in your project root is now read and enforced by Anthropic's, Google's, Microsoft's, MCP's, and the browser harness's runtimes — without any platform-specific edits.

my-agent-project/
├── AGENTS.md          # what the agent does
├── SKILL.md           # how the agent does it
└── WARD.md            # what the agent can't do  ← all five surfaces respect this

🌐 Browser agent security (Q3) — fifth enforcement surface

@weave_protocol/browser adds runtime IPI (indirect prompt injection) scanning to browser-driving agents. 33 detection patterns cover the documented threat surface: hidden CSS payloads, role-hijack directives, tool-call mimicry, action-injection directives, payment-recipient proximity patterns (Atlan), copyright-DoS markers (Forcepoint), and more.

Pair with the Browser Guard extension for client-side visibility into what your agent sees vs. what you see.

See browser README →


📊 State of AI Agent Security: Q3 2026 Report

Industry analysis of agent security trends, platform maturity, supply chain risks, and market gaps. Live at: tyox-all.github.io/Weave_Protocol/q3-2026.html


Previously shipped (Q3)

  • adapter-msaf v0.1.0 — Microsoft Agent Framework enforcement via middleware. WardMiddleware class, one-line integration, Azure credential heuristic.
  • adapter-antigravity v0.1.0 — Google Antigravity enforcement. One install protects desktop + agy CLI + SDK.
  • adapter-claudecode v0.1.0 — Claude Code enforcement via PreToolUse hooks.
  • Hundredmen v1.1.0 — WARD.md is now the first gate in the MCP decision flow, ahead of reputation/drift/approval.
  • WARD.md v0.1.0 — Agent security policy standard. Ten domains: filesystem, network, capabilities, data boundaries, behavioral limits, multi-agent, compliance, verification, threat model, incident response. Spec →
  • Tollere v0.2.2 — Multi-channel supply chain security. npm, PyPI, Cargo, Go, Maven, Docker Hub, VS Code Marketplace, Open VSX, JetBrains. Sandwich pattern detection.
  • Weave CLI v0.1.0 + Full Bundle v0.1.0weave init / audit / dashboard / doctor. One-command security setup.

📦 Packages

The suite is now organized into three layers — defense, offensive, and operations. All 17 packages live on npm under the @weave_protocol scope, plus one Python package on PyPI.

🛡️ Defense Layer (11 packages)

The packages that keep your agent within policy: declare it, enforce it across every harness, scan everything that enters, encrypt everything that exits.

Package Version Description
🛡️ @weave_protocol/ward 0.1.0 WARD.md — agent security policy standard (parser, validator, runtime checks)
🛡️ @weave_protocol/adapter-claudecode 0.1.0 Claude Code adapter — enforces WARD.md via PreToolUse hooks
🛡️ @weave_protocol/adapter-antigravity 0.1.0 Google Antigravity adapter — enforces WARD.md across desktop, agy CLI, and SDK
🛡️ @weave_protocol/adapter-msaf 0.1.0 Microsoft Agent Framework adapter — middleware-based WARD enforcement
🌐 @weave_protocol/browser 0.1.0 Browser agent security — runtime IPI scanner (33 patterns) for headless agents
🔍 @weave_protocol/hundredmen 1.1.0 MCP proxy — intercept, scan, gate tool calls; enforces WARD.md as first gate
🛡️ @weave_protocol/mund 0.2.2 Scanner — secrets, PII, injection, MCP vetting, threat intel
🏛️ @weave_protocol/hord 0.1.6 Vault — encrypted storage with Yoxallismus dual-tumbler cipher
⚖️ @weave_protocol/domere 1.3.4 Judge — compliance (PCI-DSS, ISO27001, SOC2, HIPAA, GDPR, CCPA), blockchain anchoring
👥 @weave_protocol/witan 1.1.0 Council — multi-agent consensus & governance, autonomous spending caps (Q4 v1.1)
🛂 @weave_protocol/tollere 0.2.2 Customs — supply chain security (npm, PyPI, Docker, IDE extensions, sandwich detection)

⚔️ Offensive Layer (2 packages) — NEW Q4

The red team. We attack what we defend.

Package Version Description
⚔️ @weave_protocol/adversary 0.2.1 Offensive engine — 68 attacks · real Playwright browser target · real-LLM demo mode · WARD-aware attack selection
🎯 @weave_protocol/agentsecbench 0.1.0 Standardized benchmark — locked suites (ASB-Browser-v1), tier grading A–F, trophy attacks, WARD delta, paste-ready reports

🔧 Operations & Integrations (5 packages, plus 1 PyPI)

The front door, the dashboard, the bridges to other frameworks.

Package Version Description
🕸️ @weave_protocol/cli 0.1.0 The weave CLIinit, audit, dashboard, doctor
📦 @weave_protocol/full 0.1.0 Bundle — installs all packages in one command
🔌 @weave_protocol/api 1.1.1 REST API + Operator Dashboardnpx @weave_protocol/apihttp://localhost:3000/dashboard
🔗 @weave_protocol/langchain 1.0.2 LangChain.js security callbacks & tool wrappers (0 audit vulnerabilities via npm overrides)
🐍 weave-protocol-llamaindex 0.1.0 Python/LlamaIndex security callbacks & tools (on PyPI)

🤖 AI Agent Skills

Each package includes a SKILL.md file following the Claude Agent Skills specification. These teach AI agents how to use Weave Protocol tools effectively.

Package Skill Name Triggers
🕸️ CLI weave-cli set up Weave, init project, scaffold security, audit, dashboard, doctor
🛡️ Ward ward WARD.md, agent security policy, guardrails, lock down agent
🛡️ adapter-claudecode adapter-claudecode secure Claude Code, install WARD hooks, block Claude Code actions
🛡️ adapter-antigravity adapter-antigravity secure Antigravity, agy hooks, block GCP credential reads
🛡️ adapter-msaf adapter-msaf secure MSAF agent, WardMiddleware, lock down Copilot SDK, Azure enforcement
🌐 browser browser-security secure browser agent, IPI scanning, hidden CSS detection, page-context safety
🛡️ Mund security-scanning scan, detect secrets, check injection, vet MCP server, threat intel
🏛️ Hord encrypting-data encrypt, decrypt, vault, Yoxallismus, protect
⚖️ Domere compliance-auditing audit, checkpoint, SOC2, HIPAA, PCI-DSS, GDPR, CCPA, blockchain
👥 Witan consensus-governance consensus, vote, approve, policy, escalate
🔍 Hundredmen security-inspection intercept, drift, reputation, approve, block, live feed, enforce WARD
🛂 Tollere supply-chain-security npm install, docker pull, install extension, typosquat, CVE, sandwich pattern
⚔️ Adversary adversarial-testing red-team agent, attack, penetration test, find vulnerabilities, IPI test, run attack corpus
🎯 AgentSecBench security-benchmarking benchmark agent, security score, tier grade, ASB-Browser, citable security report, compare runs
🔗 Langchain langchain-security LangChain, callback, secure tool, RAG security, PII redaction
🔌 API weave-api-calling REST API, HTTP endpoint, curl, fetch

Installation:

The SKILL.md format is shared across Claude Code and Antigravity, so the same files work for both — only the install path differs.

git clone https://github.com/Tyox-all/Weave_Protocol.git
cd Weave_Protocol

# For Claude Code:
mkdir -p ~/.claude/skills/weave-protocol
cp */SKILL.md ~/.claude/skills/weave-protocol/

# For Google Antigravity (global, all sessions):
mkdir -p ~/.gemini/antigravity-cli/skills/weave-protocol
cp */SKILL.md ~/.gemini/antigravity-cli/skills/weave-protocol/

# Or per-project under .agents/:
mkdir -p .agents/skills/weave-protocol
cp /path/to/Weave_Protocol/*/SKILL.md .agents/skills/weave-protocol/

For Microsoft Agent Framework, skills aren't used — MSAF is code-level. Use the WardMiddleware class from @weave_protocol/adapter-msaf instead.


🚀 Quick Start

Option 1: Guided setup (recommended)

npx @weave_protocol/cli init

Option 2: Install everything

npm install @weave_protocol/full

Option 3: Install individual packages

npm install @weave_protocol/mund @weave_protocol/tollere @weave_protocol/ward

Option 4: Benchmark first, defend second

# See what attacks land on your agent before you start hardening
npx @weave_protocol/agentsecbench run --measure-ward-delta

Claude Desktop Integration (MCP)

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mund":       { "command": "npx", "args": ["-y", "@weave_protocol/mund"] },
    "hord":       { "command": "npx", "args": ["-y", "@weave_protocol/hord"] },
    "domere":     { "command": "npx", "args": ["-y", "@weave_protocol/domere"] },
    "hundredmen": { "command": "npx", "args": ["-y", "@weave_protocol/hundredmen"] },
    "tollere":    { "command": "npx", "args": ["-y", "@weave_protocol/tollere"] }
  }
}

Claude Code / Antigravity / MSAF Integration

# Anthropic
npm install -g @weave_protocol/adapter-claudecode && weave-claude-code init

# Google
npm install -g @weave_protocol/adapter-antigravity && weave-antigravity init

# Microsoft (code-level)
npm install @weave_protocol/adapter-msaf
import { WardMiddleware } from '@weave_protocol/adapter-msaf';
const ward = new WardMiddleware();
agent.useFunctionMiddleware(ward.functionMiddleware());

Drop a WARD.md in your project root. Any (or all) of the adapters will gate every tool call.


✨ Package Details

🕸️ CLI — One Command for Everything

npx @weave_protocol/cli init        # detect framework, scaffold middleware
npx @weave_protocol/cli audit       # supply chain scan (Tollere)
npx @weave_protocol/cli dashboard   # launch monitoring UI
npx @weave_protocol/cli doctor      # environment health check

📄 Skill: weave-cli


🛡️ Ward — The Policy Standard

WARD.md files declare what an agent is allowed to do, version-controlled alongside AGENTS.md and SKILL.md.

Section Controls
Filesystem Read/write/execute/delete/list rules with glob patterns
Network Outbound HTTP allowlist with optional method restrictions
Capabilities Tools the agent may invoke (with optional approval gating)
Data Boundaries Egress classifications (PII, PHI, credentials...) and redaction
Behavioral Limits Iterations, runtime, cost, tokens, tool calls
Multi-Agent Trust chain, isolation level, semantic drift threshold
Compliance SOC2 / HIPAA / GDPR / CCPA / ISO27001 / PCI-DSS
Verification Attestation backend (Dōmere), blockchain, frequency
Threat Model In-scope / out-of-scope threats
Incident Response Actions on violation (log / alert / terminate / attest)

Enforced at runtime by five independent surfaces: Hundredmen (MCP), adapter-claudecode (Claude Code), adapter-antigravity (Antigravity), adapter-msaf (Microsoft Agent Framework), and browser (Browser agents).

📄 Skill: ward · 📋 Spec: WARD.md SPEC →


🛡️ The Harness Adapters

All four enforcement surfaces share the same WARD.md file. Pick the adapter(s) for your harness:

WARD resolution (all adapters): $WEAVE_WARD_PATH<cwd>/WARD.md<cwd>/.weave/WARD.md → harness-specific user-global location.


🛡️ Mund — The Guardian

Real-time security scanning for AI agents. Catches secrets (30+ patterns), PII, prompt injection, dangerous code, malicious MCP server descriptions. Threat intel auto-updates from community feeds.

📄 Skill: security-scanning


🏛️ Hord — The Vault

Encrypted storage with the Yoxallismus dual-tumbler cipher. AES-256-GCM, ChaCha20-Poly1305, Argon2id key derivation, secure memory handling.

📄 Skill: encrypting-data


⚖️ Domere — The Judge

Enterprise-grade verification, orchestration, compliance, and audit infrastructure. SOC2, HIPAA, PCI-DSS, ISO27001, GDPR, CCPA. Solana and Ethereum blockchain anchoring for immutable audit trails.

Blockchain Anchoring:

  • Solana Mainnet: 6g7raTAHU2h331VKtfVtkS5pmuvR8vMYwjGsZF1CUj2o
  • Solana Devnet: BeCYVJYfbUu3k2TPGmh9VoGWeJwzm2hg2NdtnvbdBNCj
  • Ethereum: 0xAA8b52adD3CEce6269d14C6335a79df451543820

📄 Skill: compliance-auditing


👥 Witan — The Council

Multi-agent consensus and governance. Unanimous, majority, weighted, and quorum protocols. Rule enforcement, escalation, agent bus.

New in v1.1.0 — autonomous spending caps. Per-window budgets on LLM cost, tokens, tool calls, and per-tool spend limits. Gated by three actions: block, require_approval, notify. Multi-provider LLM pricing built in (Anthropic, OpenAI, Google, local). Interactive TTY prompt or async callback for approval workflows. Safe defaults for non-interactive contexts.

npx @weave_protocol/witan spending caps        # inspect WARD.md spending caps
npx @weave_protocol/witan spending simulate    # dry-run scenarios
import { SpendingTracker } from '@weave_protocol/witan/spending';

const tracker = new SpendingTracker({
  caps: [{ window: 'day', budget: { usd: 5.00 }, onExceeded: 'require_approval' }],
});
const check = await tracker.checkAction({ kind: 'tool', tool: 'send_payment', amountUSD: 1000 });
if (check.blocked) throw new Error(check.reason);
if (check.requiresApproval && !(await check.approve!())) throw new Error('denied');

📄 Skill: consensus-governance


🔍 Hundredmen — The Watchers

Real-time MCP security proxy. v1.1.0 enforces WARD.md as the first gate in the decision flow, ahead of reputation, drift, and approval checks.

📄 Skill: security-inspection


🛂 Tollere — The Customs Inspector

Supply chain security for AI-generated code. Catches malicious packages, Docker images, and IDE extensions before they reach node_modules/, your container, or your editor. npm, PyPI, Cargo, Go, Maven, Docker Hub, VS Code Marketplace, Open VSX, JetBrains.

📄 Skill: supply-chain-security


⚔️ Adversary — The Red Team

Where the other packages defend, Adversary attacks. 68 documented and novel attacks across 5 categories: IPI (33), tool-use coercion (15), jailbreak (10), extraction (5), goal corruption (5). Three targets: pattern-mock (CI smoke tests, no API), real-LLM (--real via Anthropic API, ~$0.02/full run), and real-browser (Playwright with four breach signal channels: network, form, DOM, console). WARD-aware attack selection prioritizes probes against capabilities your policy claims to enforce.

npx @weave_protocol/adversary demo               # mock, ~50ms
npx @weave_protocol/adversary demo --real        # real LLM, ~$0.02
npx @weave_protocol/adversary attack --url=...   # real browser agent
npx @weave_protocol/adversary demo --real --redact-evidence   # shareable scorecard

Locked scorecard schema v1.0 — consumed unchanged by AgentSecBench.

📄 Skill: adversarial-testing


🎯 AgentSecBench — The Benchmark

The interpretation layer on top of Adversary. Locked, versioned attack suites that produce tier-graded reports. ASB-Browser-v1 (v1.0) is 40 curated attacks: all 33 IPI + 4 critical tool-coercion + 3 highest-impact extraction.

npx @weave_protocol/agentsecbench run                          # default suite, tier-graded report
npx @weave_protocol/agentsecbench run --measure-ward-delta     # quantify policy effectiveness
npx @weave_protocol/agentsecbench compare baseline.json new.json

Tier grades A–F, four trophy attacks (Atlan, EchoLeak, Brave/Comet, Forcepoint), category gap analysis, optional WARD delta, plain-English interpretation prose. Reports are paste-ready Markdown — for blog posts, RFP responses, vendor audits, internal reviews.

📄 Skill: security-benchmarking · 📋 Methodology: METHODOLOGY.md →


🔌 API + Operator Dashboard

npx @weave_protocol/api
# → http://localhost:3000/dashboard

Live monitoring across all five enforcement surfaces in one view. The dashboard renders WARD.md at the top of a hierarchy diagram, fanning out to your configured enforcers (Hundredmen + the three vendor adapters + browser). Surfaces you're not using appear dimmed, so it's instantly clear what's protecting your agent versus what's available.

Includes a live activity feed (allows / denies / IPI detections / approvals), a WARD policy panel, and 24-hour aggregate stats. Auto-refreshes every 5 seconds. Monochrome design — built for ops rooms, not marketing decks.

📄 Skill: weave-api-calling


🔗 Langchain — The Bridge

Security integration for LangChain.js applications. Drop-in callbacks, secured tool wrappers, RAG retriever scanning with PII redaction.

📄 Skill: langchain-security


🏗️ Architecture

flowchart TD
    CLI["🕸️ <b>weave init / audit</b><br/><i>front door — @weave_protocol/cli</i>"]
    WARD["🛡️ <b>WARD.md</b><br/><i>policy standard — declares what the agent can't do</i>"]
    CLI --> WARD

    WARD -.->|enforced at runtime by| HM
    WARD -.->|enforced at runtime by| CC
    WARD -.->|enforced at runtime by| AG
    WARD -.->|enforced at runtime by| MSAF
    WARD -.->|enforced at runtime by| BR

    HM["🔍 <b>Hundredmen</b><br/>MCP layer<br/><i>open standard</i>"]
    CC["🛡️ <b>adapter-claudecode</b><br/>Anthropic<br/>✅ Live"]
    AG["🛡️ <b>adapter-antigravity</b><br/>Google · desktop + agy + SDK<br/>✅ Live"]
    MSAF["🛡️ <b>adapter-msaf</b><br/>Microsoft · middleware<br/>✅ Live"]
    BR["🌐 <b>browser</b><br/>Browser agents<br/>✅ Live"]

    HM --> AGENT
    CC --> AGENT
    AG --> AGENT
    MSAF --> AGENT
    BR --> AGENT

    subgraph AGENT["🤖 AI Agent System"]
        direction TB
        subgraph CORE["Defense — Core security"]
            direction LR
            MUND["🛡️ Mund<br/>Guardian<br/><i>scanning</i>"]
            HORD["🏛️ Hord<br/>Vault<br/><i>encryption</i>"]
            DOMERE["⚖️ Domere<br/>Judge<br/><i>compliance</i>"]
            WITAN["👥 Witan<br/>Council<br/><i>consensus</i>"]
        end
        subgraph OPS["Operations"]
            direction LR
            TOLLERE["🛂 Tollere<br/>Customs<br/><i>supply chain</i>"]
            API["🔌 API + Dashboard<br/><i>REST + UI</i>"]
            LC["🔗 LangChain bridge"]
        end
        CORE --> OPS
    end

    subgraph OFFENSIVE["⚔️ Offensive — we attack what we defend"]
        direction LR
        ADV["⚔️ <b>Adversary</b><br/>68 attacks · 5 categories<br/><i>offensive engine</i>"]
        ASB["🎯 <b>AgentSecBench</b><br/>locked suites · tier A–F<br/><i>citable benchmark</i>"]
        ADV --> ASB
    end

    AGENT -.->|attacked by| OFFENSIVE
    OFFENSIVE -.->|scorecards inform| WARD

    classDef policy fill:#1f2937,stroke:#60a5fa,stroke-width:2px,color:#fff
    classDef enforcer fill:#064e3b,stroke:#10b981,stroke-width:2px,color:#fff
    classDef core fill:#312e81,stroke:#818cf8,stroke-width:1px,color:#fff
    classDef ops fill:#1e3a8a,stroke:#60a5fa,stroke-width:1px,color:#fff
    classDef offensive fill:#7f1d1d,stroke:#ef4444,stroke-width:2px,color:#fff

    class CLI,WARD policy
    class HM,CC,AG,MSAF,BR enforcer
    class MUND,HORD,DOMERE,WITAN core
    class TOLLERE,API,LC ops
    class ADV,ASB offensive

The diagram shows the loop. Defense surfaces enforce the policy at runtime. The offensive engine attacks the agent. Scorecards feed back into WARD as new evidence — what attacks land, which need new policy domains, what regressed since the last release. The loop is what makes the moat.


🔐 Security Model

Defense-in-depth across the entire AI agent lifecycle, validated continuously by an offensive engine that lives in the same monorepo:

  1. 🛡️ Ward declares what the agent can and can't do (policy-as-code)
  2. 🛡️ Harness adapters enforce WARD inside the IDE / CLI / framework:
    • adapter-claudecode for Claude Code (PreToolUse hooks)
    • adapter-antigravity for Google Antigravity (PreToolUse hooks across desktop/CLI/SDK)
    • adapter-msaf for Microsoft Agent Framework (middleware pipeline)
    • browser for browser-driving agents (runtime IPI scanning)
  3. 🛂 Tollere inspects every dependency, image, and extension before it enters your project
  4. 🛡️ Mund scans all inputs for threats before processing
  5. 🏛️ Hord encrypts sensitive data at rest and in transit
  6. ⚖️ Domere logs all actions with tamper-evident checksums and blockchain anchoring
  7. 👥 Witan requires consensus for high-risk operations
  8. 🔍 Hundredmen intercepts and gates tool calls in real-time — enforcing WARD policy at the MCP layer
  9. 🔗 Langchain / Python secures LangChain.js and LlamaIndex chains and agents
  10. ⚔️ Adversary attacks the entire stack with 68 documented and novel attacks
  11. 🎯 AgentSecBench scores it, grades it A–F, and reports it in a standardized, citable format

CORS Model Integration

CORS Layer Weave Package Function
Policy 🛡️ Ward Declares allowed/denied actions, behavioral limits, attestation requirements
Policy Enforcement (Claude Code) 🛡️ adapter-claudecode Reads WARD, gates Claude Code tool calls via hooks
Policy Enforcement (Antigravity) 🛡️ adapter-antigravity Reads WARD, gates Antigravity calls across desktop/CLI/SDK
Policy Enforcement (MSAF) 🛡️ adapter-msaf Reads WARD, gates Microsoft Agent Framework calls via middleware
Policy Enforcement (Browser) 🌐 browser Runtime IPI scanning for browser-driving agents
Policy Enforcement (MCP) 🔍 Hundredmen Reads WARD, gates tool calls at the MCP layer
Supply Chain 🛂 Tollere Vets dependencies, images, extensions before install
Origin Validation 🛡️ Mund Validates input sources, detects injection
Context Integrity 🏛️ Hord Protects data integrity through encryption
Deterministic Enforcement ⚖️ Domere Ensures consistent policy application
Adversarial Validation ⚔️ Adversary + 🎯 AgentSecBench Continuously tests every layer above

🛠️ Development

git clone https://github.com/Tyox-all/Weave_Protocol.git
cd Weave_Protocol

# Build each package
for pkg in mund hord domere witan hundredmen tollere langchain api cli ward \
           adapter-claudecode adapter-antigravity adapter-msaf browser \
           adversary agentsecbench; do
  (cd $pkg && npm install && npm run build)
done

🗺️ Roadmap

Shipped

  • GDPR / CCPA / SOC2 / HIPAA / PCI-DSS / ISO27001 compliance frameworks
  • MCP server reputation scoring
  • Automated threat intelligence updates
  • LangChain.js integration package
  • Python/LlamaIndex integration
  • Web dashboard for monitoring
  • Supply chain security (Tollere) — npm, PyPI, Cargo, Go, Maven, Docker images, IDE extensions, sandwich pattern detection
  • Bundle package + CLI (weave init)
  • WARD.md agent security policy standard
  • Hundredmen ↔ WARD enforcement integration (v1.1.0)
  • Claude Code harness adapter (Anthropic)
  • Google Antigravity harness adapter (Google)
  • Microsoft Agent Framework harness adapter (Microsoft)
  • Cross-platform thesis complete — same WARD.md works across all three major vendor harnesses + MCP

H2 2026 Q3 — Adoption Quarter

  • Browser agent security (@weave_protocol/browser)
  • Dashboard v2 with orchestration visualization
  • State of AI Agent Security: Q3 Report — Industry analysis of agent security trends, platform maturity, supply chain risks, and market gaps

H2 2026 Q4 — Moat Quarter

  • Adversarial agents (@weave_protocol/adversary v0.2.1) — 68 documented + novel attacks, real Playwright browser target, real-LLM demo mode
  • AgentSecBench (@weave_protocol/agentsecbench v0.1.0) — standardized benchmark, tier grades A–F
  • Witan autonomous spending caps (@weave_protocol/witan v1.1.0) — per-window budgets on LLM cost + tokens + tool calls, gated by block / approval / notify
  • Yoxallismus v2 (multi-agent, memory-aware, post-quantum cipher) — under-development / research, targeted for Q3 2027 release after external cryptographic review

🤝 Contributing

Bug reports and feature requests welcome via GitHub Issues.

For security issues, please see SECURITY.md.

For all other inquiries: [email protected]

See CONTRIBUTING.md for guidelines.


📄 License

Apache 2.0 — See LICENSE


🔗 Links


Built with ❤️ for the AI agent ecosystem. We attack what we defend.

from github.com/Tyox-all/Weave_Protocol

Установить Mund — MCP Security Scanner в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install mund-mcp-security-scanner

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add mund-mcp-security-scanner -- npx -y @weave_protocol/mund

FAQ

Mund — MCP Security Scanner MCP бесплатный?

Да, Mund — MCP Security Scanner MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Mund — MCP Security Scanner?

Нет, Mund — MCP Security Scanner работает без API-ключей и переменных окружения.

Mund — MCP Security Scanner — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Mund — MCP Security Scanner в Claude Desktop, Claude Code или Cursor?

Открой Mund — MCP Security Scanner на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Mund — MCP Security Scanner with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development