Skip to content

jagmarques/asqav-mcp

v0.3.1 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 1mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agent ai-agents ai-governance ai-security audit-trail claude
+11 more
claude-code claude-desktop compliance cursor eu-ai-act mcp mcp-server model-context-protocol policy-enforcement python quantum-safe

Affected surfaces

auth rbac

Summary

AI summary

Three enforcement tiers (strong, bounded, policies) for tools are now fully operational.

Full changelog

What's new

Tool enforcement is the headline change. Three enforcement tiers are now fully operational.

Strong enforcement - enforced_tool_call acts as a non-bypassable proxy. The agent routes tool calls through the MCP server. If a tool_endpoint is configured, the server forwards the call and signs request + response as a bilateral receipt.

Bounded enforcement - gate_action + complete_action creates a pre/post audit pair. The gate approval and the outcome are cryptographically linked.

Tool policies - per-tool risk levels, rate limits, approval requirements, blocking, and hidden (stronger than blocked - tool appears not to exist).

Docker image - asqav-mcp is now available on Docker Hub. Pull and run with your API key, no Python required.

docker pull jagmarques/asqav-mcp
docker run -e ASQAV_API_KEY="sk_live_..." jagmarques/asqav-mcp

Install

pip install asqav-mcp==0.3.1

Or with Docker:

docker pull jagmarques/asqav-mcp:0.3.1

Full changelog

  • enforced_tool_call: strong enforcement proxy with bilateral receipt
  • gate_action / complete_action: bounded enforcement pair
  • create_tool_policy / list_tool_policies / delete_tool_policy: per-tool enforcement config
  • hidden policy option: tool appears non-existent to the agent
  • tool_endpoint: forward approved calls and capture response in signed receipt
  • Docker image published to Docker Hub
  • Fail-closed behavior: enforcement failures deny by default
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jagmarques/asqav-mcp

Get notified when new releases ship.

Sign up free

About jagmarques/asqav-mcp

AI agent governance MCP server with policy enforcement, quantum-safe audit trails (ML-DSA), multi-party authorization, and compliance reporting. Check policies, sign actions, and verify signatures through MCP tools.

All releases →

Related context

Beta — feedback welcome: [email protected]