This release adds 2 notable features for engineering teams evaluating rollout.
Published 1mo
AI Agents & Assistants
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
a2a
agent-security
agentic-ai
ai-governance
ai-safety
audit-log
+14 more
capability-tokens
industrial-iot
mavlink
mcp
mcp-security
opcua
open-standard
physical-ai
policy-engine
policy-gateway
protocol
robotics
ros2
runtime-security
Summary
AI summaryIntroduces sint‑scan security scanner and RFC‑001 policy bundle specification.
Full changelog
What's New
🔍 sint-scan — MCP Security Scanner
Scan any MCP server for risky tools in 10 seconds:
npx sint-scan --tools '[{"name":"bash","description":"runs shell commands"}]'
Maps every tool to SINT approval tiers (T0–T3), flags shell-exec risks, detects OWASP ASI05 violations.
📋 RFC-001: Policy Bundle Specification
The normative spec for SINT policy enforcement — machine-readable contracts governing agent tool calls.
docs/rfcs/RFC-001-policy-bundle.md
🌉 Integration Bridges
- A2A bridge: Enclave capability token mapping (
packages/bridge-a2a/src/enclave-mapping.ts) - MCP bridge: Policy-aware MCP client (
packages/bridge-mcp/)
📄 Standards Submissions
- AAIF project proposal: aaif/project-proposals#12
- Vocabulary crosswalk: aeoess/agent-governance-vocabulary#11
🤖 AI Discoverability
- Added
llms.txtfor AI agent discovery - Added
glama.jsonfor Glama.ai MCP listing
Links
- Docs: https://sint.gg
- npm:
npx sint-scan - RFC-001: https://github.com/sint-ai/sint-protocol/blob/main/docs/rfcs/RFC-001-policy-bundle.md
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]