jagmarques/asqav-mcp

v0.3.6 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 18d MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agent ai-agents ai-governance ai-security audit-trail claude

+11 more

claude-code claude-desktop compliance cursor eu-ai-act mcp mcp-server model-context-protocol policy-enforcement python quantum-safe

Affected surfaces

auth crypto_tls

Summary

AI summary

Added transparent MCP proxy, cryptographic counterparty binding verification, and comment-hygiene improvements.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Transparent MCP proxy with vendored sparfenyuk/mcp-proxy core captures MCP tool calls and responses without client code changes. Transparent MCP proxy with vendored sparfenyuk/mcp-proxy core captures MCP tool calls and responses without client code changes. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	`verify_counterparty_binding` cryptographic check on marker-supplied bindings, gated behind an allowlist environment variable. `verify_counterparty_binding` cryptographic check on marker-supplied bindings, gated behind an allowlist environment variable. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Adds a transparent MCP proxy using vendored sparfenyuk/mcp-proxy core. Adds a transparent MCP proxy using vendored sparfenyuk/mcp-proxy core. Source: granite4.1:30b@2026-05-22-audit Confidence: high	—
Feature	Medium	Introduces `verify_counterparty_binding` cryptographic check gated by an allowlist env var. Introduces `verify_counterparty_binding` cryptographic check gated by an allowlist env var. Source: granite4.1:30b@2026-05-22-audit Confidence: high	—
Feature	Medium	Emits two Compliance Receipts per call with capture_topology="mcp_proxy" and chain linkage via acknowledgment_for_receipt_id. Emits two Compliance Receipts per call with capture_topology="mcp_proxy" and chain linkage via acknowledgment_for_receipt_id. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Refactor	Medium	Extended comment-hygiene sweep across src/ test docstrings and proxy module. Extended comment-hygiene sweep across src/ test docstrings and proxy module. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

v0.3.6

Added

Transparent MCP proxy with a vendored sparfenyuk/mcp-proxy core. Captures MCP tool calls + responses from any MCP client without code change in the client. Surface: asqav-mcp-proxy console script plus ProxySignerHook. Emits two Compliance Receipts per call (originating + acknowledgment, or originating + abort) with capture_topology="mcp_proxy" and chain linkage via acknowledgment_for_receipt_id.
verify_counterparty_binding cryptographic check on marker-supplied bindings, gated behind an allowlist env var so the trust model is explicit rather than implicit.
Extended comment-hygiene sweep across src/ test docstrings and proxy module.

Notes

Optional proxy dependency group pins asqav>=0.4.0 for the proxy install variant.
Same wire vocabulary as cloud 0.3.6 series.

Install

pip install asqav-mcp==0.3.6
# or for proxy variant:
pip install "asqav-mcp[proxy]==0.3.6"

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jagmarques/asqav-mcp

Get notified when new releases ship.

About jagmarques/asqav-mcp

AI agent governance MCP server with policy enforcement, quantum-safe audit trails (ML-DSA), multi-party authorization, and compliance reporting. Check policies, sign actions, and verify signatures through MCP tools.

All releases →