This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryIntroduces sint-scan security scanner CLI and RFC‑001 policy bundle specification.
Full changelog
What's in this release
🔍 sint-scan — MCP Security Scanner
Zero-dependency CLI to scan any MCP server for risky tools in seconds.
npx sint-scan --tools '[{"name":"bash","description":"runs shell commands"}]'
Maps tools to SINT approval tiers (T0–T3), detects OWASP ASI05 shell-exec risks, generates remediation recommendations. Works offline, no API keys.
📋 RFC-001 — Policy Bundle Specification
Normative open standard for machine-readable agent governance contracts. Covers session lifecycle, per-action enforcement, hash-chained receipts, APS identity integration, A2A task extension format, cascade revocation, and conformance test vectors.
→ docs/rfcs/RFC-001-policy-bundle.md
🏛 AAIF Submission
SINT Protocol submitted to the Agentic AI Foundation Technical Committee as a proposed governance standard.
→ aaif/project-proposals#12
🔗 Ecosystem integrations
- APS ↔ SINT handshake spec v1.0-draft (commit db8b122, 11 conformance tests)
- Enclave ↔ SINT capability token mapping (packages/bridge-a2a/src/enclave-mapping.ts)
- Vocabulary crosswalk: aeoess/agent-governance-vocabulary#11
- Three-vendor governance_attestation convergence: APS + MolTrust + SINT
📄 llms.txt
Machine-readable protocol documentation for AI agent discovery added to repo root.
Star the repo: https://github.com/sint-ai/sint-protocol
Full governance docs: https://sint.gg
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]