Which integrations are available for this server?

Provides blockchain anchoring on the Ethereum network to create immutable audit trails for compliance, verification, and audit reporting. Provides blockchain anchoring on the Solana Mainnet and Devnet to create immutable audit trails for compliance, verification, and audit reporting.

🕸️ Weave Protocol

Enterprise Security Suite for AI Agents

npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm npm License

A TypeScript monorepo providing security, encryption, compliance, and governance tools for AI agent systems. Built for the Model Context Protocol (MCP) ecosystem and the new generation of agent harness platforms (Antigravity, Claude Code, MDASH).

🚀 Get started in one command

npx @weave_protocol/cli init

The CLI detects your framework (LangChain, LlamaIndex, MCP, OpenAI, Anthropic), asks which Weave Protocol packages you want, and scaffolds the right security middleware for your stack. Or install everything at once:

npm install @weave_protocol/full

🆕 What's New

🛡️ WARD.md v0.1.0 — Agent Security Policy Standard

AGENTS.md tells your agent what to do. SKILL.md tells your agent how to do it. WARD.md tells your agent what it can't.

Agents are now infrastructure-as-code. They're defined in markdown files (AGENTS.md, SKILL.md), version-controlled, and shared across registries. WARD.md is the third file in that stack — a portable, declarative format for declaring the security policy of an AI agent.

npx @weave_protocol/ward init             # create a starter WARD.md
npx @weave_protocol/ward validate WARD.md # validate it (use in CI)
npx @weave_protocol/ward explain WARD.md  # human-readable policy summary

A WARD.md file declares ten policy domains: filesystem rules, network allowlists, capability gating, data egress boundaries, behavioral limits (iterations / runtime / cost / tokens), multi-agent trust chains, compliance frameworks, attestation requirements, threat model, and incident response. The format is portable across harness platforms.

See Ward README → · See the WARD.md spec →

🕸️ Weave CLI v0.1.0 + Full Bundle v0.1.0

The weave command-line tool is live. One command sets up framework-specific security middleware:

weave init           # detect framework, scaffold security middleware
weave audit          # scan dependencies (delegates to Tollere)
weave dashboard      # launch monitoring UI
weave doctor         # environment health check

See CLI README →

The @weave_protocol/full meta-package installs every Weave Protocol package in one shot:

import { mund, hord, tollere, hundredmen } from '@weave_protocol/full';

See Full README →

🛂 Tollere v0.2.2 — Multi-Channel Supply Chain Security

Old English tollere — the customs inspector who stood at the gate and examined every good crossing the boundary.

Catches typosquats, CVEs, compromised maintainers, Docker tag overwriting, IDE extension impersonation, and sandwich-pattern attacks before the install completes. Validated against the real-world Checkmarx KICS supply chain compromise (April 2026) — Tollere catches the v2.1.20 tag reassignment in real-time.

npx @weave_protocol/tollere scan                          # scan package.json
npx @weave_protocol/tollere docker checkmarx/kics:v2.1.20 # 🆕 Docker images
npx @weave_protocol/tollere ext ms-python.python vscode   # 🆕 IDE extensions
npx @weave_protocol/tollere sandwich some-package         # 🆕 sandwich pattern

Coverage: npm, PyPI, Cargo, Go, Maven, Docker Hub, VS Code Marketplace (covers Cursor + Windsurf), Open VSX (VSCodium/Gitpod), JetBrains Marketplace (IntelliJ/PyCharm/WebStorm/etc).

See Tollere README →

📊 Web Dashboard for Monitoring (API v1.0.12)

Real-time security monitoring UI bundled with the API package:

npx @weave_protocol/api
# → Open http://localhost:3000/dashboard

Or via the CLI:

npx @weave_protocol/cli dashboard

Live activity feed, threat intel status, compliance frameworks, MCP server reputation. See API README →

🐍 Python/LlamaIndex Integration (v0.1.0)

Security scanning for LlamaIndex applications:

from weave_protocol_llamaindex import WeaveSecurityHandler
from llama_index.core.callbacks import CallbackManager
from llama_index.core import Settings

Settings.callback_manager = CallbackManager([WeaveSecurityHandler()])
# All LlamaIndex operations now scanned - threats auto-blocked

See LlamaIndex README →

🔗 LangChain.js Integration (v1.0.1)

Drop-in security for LangChain.js applications:

import { WeaveSecurityCallback } from '@weave_protocol/langchain';

const chain = new LLMChain({
  llm: new ChatOpenAI(),
  prompt,
  callbacks: [new WeaveSecurityCallback({ action: 'block' })],
});

See LangChain README →

📦 Packages

Package	Version	Description
🕸️ @weave_protocol/cli	0.1.0	The `weave` CLI — `init`, `audit`, `dashboard`, `doctor`
📦 @weave_protocol/full	0.1.0	Bundle — installs all packages in one command
🛡️ @weave_protocol/ward	0.1.0	WARD.md — agent security policy standard (parser, validator, runtime checks)
🛡️ @weave_protocol/mund	0.2.2	Security scanner — secrets, PII, injection, MCP vetting, threat intel
🏛️ @weave_protocol/hord	0.1.6	Encrypted vault with Yoxallismus cipher
⚖️ @weave_protocol/domere	1.3.4	Compliance (PCI-DSS, ISO27001, SOC2, HIPAA, GDPR, CCPA) & verification
👥 @weave_protocol/witan	1.0.2	Multi-agent consensus & governance
🔍 @weave_protocol/hundredmen	1.0.6	Real-time MCP proxy — intercept, scan, gate tool calls
🛂 @weave_protocol/tollere	0.2.2	Supply chain security — npm, Docker images, IDE extensions, sandwich pattern detection
🔗 @weave_protocol/langchain	1.0.1	LangChain.js security callbacks & tool wrappers
🐍 weave-protocol-llamaindex	0.1.0	Python/LlamaIndex security callbacks & tools
🔌 @weave_protocol/api	1.0.12	REST API for all packages + dashboard

🤖 AI Agent Skills

Each package includes a SKILL.md file following the Claude Agent Skills specification. These teach AI agents how to use Weave Protocol tools effectively.

Package	Skill Name	Triggers
🕸️ CLI	`weave-cli`	set up Weave, init project, scaffold security, audit, dashboard, doctor
🛡️ Ward	`ward`	WARD.md, agent security policy, guardrails, lock down agent, define boundaries
🛡️ Mund	`security-scanning`	scan, detect secrets, check injection, vet MCP server, threat intel
🏛️ Hord	`encrypting-data`	encrypt, decrypt, vault, Yoxallismus, protect
⚖️ Domere	`compliance-auditing`	audit, checkpoint, SOC2, HIPAA, PCI-DSS, GDPR, CCPA, blockchain
👥 Witan	`consensus-governance`	consensus, vote, approve, policy, escalate
🔍 Hundredmen	`security-inspection`	intercept, drift, reputation, approve, block, live feed
🛂 Tollere	`supply-chain-security`	npm install, docker pull, install extension, dependency check, typosquat, CVE, sandwich pattern
🔗 Langchain	`langchain-security`	LangChain, callback, secure tool, RAG security, PII redaction
🔌 API	`weave-api-calling`	REST API, HTTP endpoint, curl, fetch

Installation:

git clone https://github.com/Tyox-all/Weave_Protocol.git
mkdir -p ~/.claude/skills/weave-protocol
cp Weave_Protocol/*/SKILL.md ~/.claude/skills/weave-protocol/

Once installed, Claude automatically invokes the appropriate skill for each task.

🚀 Quick Start

Option 1: Guided setup (recommended)

npx @weave_protocol/cli init

The CLI walks you through framework detection, package selection, and middleware scaffolding.

Option 2: Install everything

npm install @weave_protocol/full

Option 3: Install individual packages

npm install @weave_protocol/mund @weave_protocol/tollere @weave_protocol/ward

Claude Desktop Integration

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mund":       { "command": "npx", "args": ["-y", "@weave_protocol/mund"] },
    "hord":       { "command": "npx", "args": ["-y", "@weave_protocol/hord"] },
    "domere":     { "command": "npx", "args": ["-y", "@weave_protocol/domere"] },
    "hundredmen": { "command": "npx", "args": ["-y", "@weave_protocol/hundredmen"] },
    "tollere":    { "command": "npx", "args": ["-y", "@weave_protocol/tollere"] }
  }
}

✨ Package Details

🕸️ CLI — One Command for Everything

npx @weave_protocol/cli init        # detect framework, scaffold middleware
npx @weave_protocol/cli audit       # supply chain scan (Tollere)
npx @weave_protocol/cli dashboard   # launch monitoring UI
npx @weave_protocol/cli doctor      # environment health check
npx @weave_protocol/cli version     # show installed package versions

The CLI inspects package.json and source imports to detect your framework, then generates appropriate security middleware:

Framework	Generated middleware
LangChain.js	`WeaveSecurityCallback` ready to drop into any chain
MCP Server	`secureToolHandler()` wrapper for input/output scanning
OpenAI / Anthropic SDK	`secureChatCompletion()` / `secureMessages()` wrappers
Vercel AI SDK	OpenAI-style wrapper
Generic	Just installs packages and writes `.weaverc`

📄 Skill: weave-cli

🛡️ Ward — The Policy Standard

WARD.md files declare what an agent is allowed to do, version-controlled alongside AGENTS.md and SKILL.md.

my-agent-project/
├── AGENTS.md          # what the agent does
├── SKILL.md           # how the agent does it
└── WARD.md            # what the agent can't do

Section	Controls
Filesystem	Read/write/execute/delete/list rules with glob patterns
Network	Outbound HTTP allowlist with optional method restrictions
Capabilities	Tools the agent may invoke (with optional approval gating)
Data Boundaries	Egress classifications (PII, PHI, credentials...) and redaction
Behavioral Limits	Iterations, runtime, cost, tokens, tool calls
Multi-Agent	Trust chain, isolation level, semantic drift threshold
Compliance	SOC2 / HIPAA / GDPR / CCPA / ISO27001 / PCI-DSS
Verification	Attestation backend (Dōmere), blockchain, frequency
Threat Model	In-scope / out-of-scope threats
Incident Response	Actions on violation (log / alert / terminate / attest)

The format is portable across harness platforms — write once, enforce on Antigravity, Claude Code, MDASH, or any custom runtime.

📄 Skill: ward · 📋 Spec: WARD.md SPEC →

🛡️ Mund — The Guardian

Real-time security scanning for AI agents.

Category	Features
Secrets	API keys, tokens, passwords, certificates (30+ patterns)
PII	SSN, credit cards, emails, phone numbers, addresses
Injection	Prompt injection, jailbreak attempts, instruction override
Code	Dangerous patterns, eval/exec, SQL injection, XSS
MCP Servers	Malicious tool descriptions, typosquatting, dangerous permissions
Threat Intel	MITRE ATT&CK patterns, community feeds, auto-updates

📄 Skill: security-scanning

🏛️ Hord — The Vault

Encrypted storage with the Yoxallismus dual-tumbler cipher.

Category	Features
Encryption	AES-256-GCM, ChaCha20-Poly1305
Key Derivation	Argon2id with configurable parameters
Yoxallismus	Dual-layer tumbler/deadbolt obfuscation
Memory Safety	Secure buffer handling, auto-zeroing

📄 Skill: encrypting-data

⚖️ Domere — The Judge

Enterprise-grade verification, orchestration, compliance, and audit infrastructure.

Category	Features
Verification	Intent tracking, drift detection, execution replay
Compliance	SOC2, HIPAA, PCI-DSS, ISO27001, GDPR, CCPA
Blockchain	Solana & Ethereum anchoring for immutable audit trails

Blockchain Anchoring:

Solana Mainnet: 6g7raTAHU2h331VKtfVtkS5pmuvR8vMYwjGsZF1CUj2o
Solana Devnet: BeCYVJYfbUu3k2TPGmh9VoGWeJwzm2hg2NdtnvbdBNCj
Ethereum: 0xAA8b52adD3CEce6269d14C6335a79df451543820

📄 Skill: compliance-auditing

👥 Witan — The Council

Multi-agent consensus and governance.

Category	Features
Consensus	Unanimous, majority, weighted, quorum protocols
Policy	Rule enforcement, permission management, escalation
Communication	Agent bus, broadcast, point-to-point messaging

📄 Skill: consensus-governance

🔍 Hundredmen — The Watchers

Real-time MCP security proxy that intercepts, scans, and gates AI agent tool calls.

Category	Features
Interception	Proxy all MCP tool calls in real-time
Drift Detection	"Said X, doing Y" — catch unauthorized actions
Reputation	Server trust scores, community reports
Manual Gates	Require approval for high-risk operations

📄 Skill: security-inspection

🛂 Tollere — The Customs Inspector

Supply chain security for AI-generated code. Catches malicious packages, Docker images, and IDE extensions before they reach node_modules/, your container, or your editor.

Surface	Coverage
Packages	npm, PyPI, Cargo, Go, Maven (typosquats, CVEs, maintainer reputation)
Sandwich Pattern	Malicious code hidden between a clean "filling" version (Checkmarx attack pattern)
Docker Images	Tag overwrite detection, phantom tags (Docker Hub)
IDE Extensions	VS Code (Cursor, Windsurf), Open VSX (VSCodium, Gitpod), JetBrains (IntelliJ, PyCharm, WebStorm, etc.)

npx @weave_protocol/tollere scan
npx @weave_protocol/tollere docker checkmarx/kics:v2.1.20
npx @weave_protocol/tollere ext ms-python.python vscode

📄 Skill: supply-chain-security

🔗 Langchain — The Bridge

Security integration for LangChain.js applications.

Category	Features
Callbacks	Drop-in `WeaveSecurityCallback` for any chain/agent
Tool Wrappers	Wrap tools with threat scanning and approval gates
Retrievers	Scan RAG documents, auto-redact PII

📄 Skill: langchain-security

🏗️ Architecture

┌──────────────────────────────────────────────────────────────────────┐
│                         🕸️  weave init / audit                       │
│                       (front door — @weave_protocol/cli)             │
└────────────────────────────────┬─────────────────────────────────────┘
                                 │
            ┌────────────────────┴────────────────────┐
            │     🛡️  WARD.md  (policy standard)      │
            │     declares what the agent can't do    │
            └────────────────────┬────────────────────┘
                                 │
┌────────────────────────────────┴─────────────────────────────────────┐
│                          AI Agent System                             │
├──────────────────────────────────────────────────────────────────────┤
│                                                                      │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌──────────┐             │
│  │  🛡️ Mund │  │ 🏛️ Hord  │  │ ⚖️ Domere│  │ 👥 Witan │             │
│  │ Guardian │  │  Vault   │  │  Judge   │  │ Council  │             │
│  └────┬─────┘  └────┬─────┘  └────┬─────┘  └────┬─────┘             │
│       │             │             │             │                    │
│  Security      Encryption    Compliance     Consensus               │
│       │             │             │             │                    │
│       └─────────────┴─────────────┴─────────────┘                    │
│                           │                                          │
│  ┌──────────────┐  ┌──────┴──────┐  ┌──────────────┐                │
│  │🔍 Hundredmen │  │ 🛂 Tollere  │  │  🔌 API      │                │
│  │  Watchers    │  │   Customs   │  │  REST + UI   │                │
│  └──────────────┘  └─────────────┘  └──────────────┘                │
│        │                  │                  │                       │
│  Runtime Calls    Supply Chain        Universal Access               │
│        │                  │                  │                       │
│        └──────────────────┴──────────────────┘                       │
│                           │                                          │
│                    ┌──────┴───────┐                                  │
│                    │ 🔗 Langchain │                                  │
│                    │   Bridge     │                                  │
│                    └──────────────┘                                  │
│                                                                      │
└──────────────────────────────────────────────────────────────────────┘

🔐 Security Model

Defense-in-depth across the entire AI agent lifecycle:

🛡️ Ward declares what the agent can and can't do (policy-as-code)
🛂 Tollere inspects every dependency, image, and extension before it enters your project
🛡️ Mund scans all inputs for threats before processing
🏛️ Hord encrypts sensitive data at rest and in transit
⚖️ Domere logs all actions with tamper-evident checksums
👥 Witan requires consensus for high-risk operations
🔍 Hundredmen intercepts and gates tool calls in real-time
🔗 Langchain secures LangChain.js chains and agents

CORS Model Integration

CORS Layer	Weave Package	Function
Policy	🛡️ Ward	Declares allowed/denied actions, behavioral limits, attestation requirements
Supply Chain	🛂 Tollere	Vets dependencies, images, extensions before install
Origin Validation	🛡️ Mund	Validates input sources, detects injection
Context Integrity	🏛️ Hord	Protects data integrity through encryption
Deterministic Enforcement	⚖️ Domere	Ensures consistent policy application
Runtime Interception	🔍 Hundredmen	Gates tool calls, detects drift

🛠️ Development

git clone https://github.com/Tyox-all/Weave_Protocol.git
cd Weave_Protocol

# Build each package
for pkg in mund hord domere witan hundredmen tollere langchain api cli ward; do
  (cd $pkg && npm install && npm run build)
done

🗺️ Roadmap

Shipped

GDPR compliance framework
CCPA compliance framework
MCP server reputation scoring
Automated threat intelligence updates
LangChain.js integration package
Python/LlamaIndex integration
Web dashboard for monitoring
Supply chain security (Tollere) — npm, PyPI, Cargo, Go, Maven
Multi-channel supply chain — Docker images + IDE extensions + sandwich pattern detection
Bundle package + CLI (weave init) — adoption funnel
WARD.md agent security policy standard

H2 2026 Q3 — Adoption Quarter

Cross-platform harness adapters (Antigravity / Claude Code / MDASH)
Browser agent security (@weave_protocol/browser)
Dashboard v2 with orchestration visualization
State of AI Agent Security: Q3 Report

H2 2026 Q4 — Moat Quarter

Adversarial agents (@weave_protocol/adversary)
Yoxallismus v2 (multi-agent, memory-aware cipher)
Witan killer use case: autonomous spending caps
AgentSecBench (open benchmark + leaderboard)

🤝 Contributing

Bug reports and feature requests welcome via GitHub Issues.

For security issues, please see SECURITY.md.

For all other inquiries: TYox-all@tutamail.com

See CONTRIBUTING.md for guidelines.

📄 License

Apache 2.0 — See LICENSE

🔗 Links

GitHub: https://github.com/Tyox-all/Weave_Protocol
npm packages: https://www.npmjs.com/~tyox-all
PyPI: https://pypi.org/project/weave-protocol-llamaindex/
MCP Registry: https://registry.modelcontextprotocol.io (search "mund")

Built with ❤️ for the AI agent ecosystem.