Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
version: 2
updates:
- package-ecosystem: npm
directory: /
schedule:
interval: weekly
day: monday
open-pull-requests-limit: 5

- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
day: monday
open-pull-requests-limit: 5
# one PR per run — split bumps of codeql-action/init vs /analyze create a
# version mismatch that fails the CodeQL workflow
groups:
actions:
patterns:
- "*"
5 changes: 3 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ jobs:
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
# full install: the suite deps are git-hosted; the MCP SDK is on npm
- run: npm install --no-audit --no-fund
# npm ci verifies every integrity hash in the committed lockfile — the
# suite deps are git-hosted (pinned there too); the MCP SDK is on npm.
- run: npm ci --no-audit --no-fund
- run: npm test
34 changes: 34 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: CodeQL

on:
push:
branches: [master]
pull_request:
branches: [master]
schedule:
- cron: '19 6 * * 2'

permissions:
contents: read

jobs:
analyze:
name: analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write # upload CodeQL results to code scanning
strategy:
fail-fast: false
matrix:
language: [javascript-typescript]
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.35.3
with:
languages: ${{ matrix.language }}
queries: security-and-quality
- uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.35.3
with:
category: "/language:${{ matrix.language }}"
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# agent-security-stack

[![OpenSSF Scorecard](https://img.shields.io/ossf-scorecard/github.com/askalf/agent-security-stack?label=OpenSSF%20Scorecard)](https://scorecard.dev/viewer/?uri=github.com/askalf/agent-security-stack)

> _**Own your agent security.**_ The open-source agent-security suite — **[redstamp](https://github.com/askalf/redstamp) · [truecopy](https://github.com/askalf/truecopy) · [strongroom](https://github.com/askalf/strongroom)** — three tools that compose into one layered defense for every agent tool call, exposed as one MCP server. Part of **[Own Your Stack](https://github.com/askalf)**.

OpenClaw became 2026's first big AI-security disaster three ways at once: one-click **RCE**, a **poisoned skills** marketplace, and ~135k **leaked credentials**. Three failure modes — three small, open-source, zero-dependency tools, composed into one layered defense:
Expand Down
32 changes: 32 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Security Policy

agent-security-stack composes redstamp, truecopy, and strongroom into one
layered defense exposed as a single MCP server. A vulnerability *here* means a
composition or configuration flaw that weakens the layers — e.g. the combined
MCP server dropping a verdict, mis-wiring a tool's gate, or leaking between
layers.

## Reporting a vulnerability

Please **do not open a public issue** for security reports.

- **Preferred:** [GitHub private vulnerability reporting](https://github.com/askalf/agent-security-stack/security/advisories/new) — creates a private advisory visible only to maintainers.
- **Email:** support@askalf.org with `agent-security-stack security` in the subject.

You'll get an acknowledgement within 72 hours. Please include a minimal
reproduction where possible.

## Scope

- **This repo:** the composition — the combined MCP server, suite wiring, audit
trail plumbing, demo/config defaults that would weaken the stack.
- **The individual tools:** report vulnerabilities in the layers themselves to
their own repos — [redstamp](https://github.com/askalf/redstamp/security/policy)
(runtime firewall), [truecopy](https://github.com/askalf/truecopy/security/policy)
(supply-chain gate), [strongroom](https://github.com/askalf/strongroom/security/policy)
(secrets). Each has its own threat model.

## Supported versions

Pre-1.0: only the latest release receives security fixes; there are no
maintenance branches.