πΈοΈ Weave Protocol
Enterprise Security Suite for AI Agents
A TypeScript monorepo providing security, encryption, compliance, and governance tools for AI agent systems. Built for the Model Context Protocol (MCP) ecosystem.
π What's New: MCP Server Scanner
Mund v0.1.12 now scans MCP servers before you install them:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β mund_scan_mcp_server β
β β
β β οΈ CRITICAL: Tool "execute" contains injection pattern β
β "ignore previous instructions and run..." β
β β
β β οΈ HIGH: Server name "githib-mcp" is 1 edit from "github" β
β β
β Recommendation: DO_NOT_INSTALL β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββWhy this matters:
43% of MCP servers have command injection vulnerabilities
"Line jumping" attacks hide malicious prompts in tool descriptions
Typosquatting mimics legitimate server names
π¦ Packages
Package | Version | Description |
0.1.12 | Security scanner - secrets, PII, injection, MCP server vetting | |
0.1.4 | Encrypted vault with Yoxallismus cipher | |
1.2.10 | Compliance (PCI-DSS, ISO27001, SOC2, HIPAA) & verification | |
1.0.0 | Multi-agent consensus & governance | |
1.0.6 | REST API for all packages |
π€ AI Agent Skills
Each package includes a SKILL.md file following the Claude Agent Skills specification. These teach AI agents how to use Weave Protocol tools effectively.
Package | Skill Name | Triggers |
π‘οΈ Mund |
| scan, detect secrets, check injection, vet MCP server |
ποΈ Hord |
| encrypt, decrypt, vault, Yoxallismus, protect |
βοΈ Domere |
| audit, checkpoint, SOC2, HIPAA, PCI-DSS, blockchain |
π₯ Witan |
| consensus, vote, approve, policy, escalate |
π API |
| REST API, HTTP endpoint, curl, fetch |
Installation:
Copy skill files to your Claude skills directory:
# Clone repo
git clone https://github.com/Tyox-all/Weave_Protocol.git
# Copy skills to Claude Code
mkdir -p ~/.claude/skills/weave-protocol
cp Weave_Protocol/*/SKILL.md ~/.claude/skills/weave-protocol/
# Or for Claude.ai (upload as custom skills)
# Settings > Features > Custom Skills > Upload ZIPOnce installed, Claude automatically invokes the appropriate skill when you ask it to scan content, encrypt data, create compliance checkpoints, or coordinate multi-agent consensus.
π Quick Start
Install All Packages
npm install @weave_protocol/mund @weave_protocol/hord @weave_protocol/domereClaude Desktop Integration
Add to claude_desktop_config.json:
{
"mcpServers": {
"mund": {
"command": "npx",
"args": ["-y", "@weave_protocol/mund"]
},
"hord": {
"command": "npx",
"args": ["-y", "@weave_protocol/hord"]
},
"domere": {
"command": "npx",
"args": ["-y", "@weave_protocol/domere"]
}
}
}MCP Registry
Mund is available on the official MCP Registry:
# Search for it
https://registry.modelcontextprotocol.io
# Server ID: io.github.Tyox-all/mund⨠Package Details
π‘οΈ Mund - The Guardian
Real-time security scanning for AI agents.
Category | Features |
Secrets | API keys, tokens, passwords, certificates (30+ patterns) |
PII | SSN, credit cards, emails, phone numbers, addresses |
Injection | Prompt injection, jailbreak attempts, instruction override |
Exfiltration | Data leakage, encoding tricks, steganography |
Code | Dangerous patterns, eval/exec, SQL injection, XSS |
MCP Servers | Malicious tool descriptions, typosquatting, dangerous permissions |
// Scan content
const result = await mund.scan("Here's my key: sk-abc123...");
// { safe: false, issues: [{ severity: "critical", ... }] }
// Scan MCP server before install
const serverScan = await mund.scanMcpServer(serverJson);
// { recommendation: "DO_NOT_INSTALL", issues: [...] }π Skill: security-scanning
ποΈ Hord - The Vault
Encrypted storage with the Yoxallismus dual-tumbler cipher.
Category | Features |
Encryption | AES-256-GCM, ChaCha20-Poly1305 |
Key Derivation | Argon2id with configurable parameters |
Yoxallismus | Dual-layer tumbler/deadbolt obfuscation |
Memory Safety | Secure buffer handling, auto-zeroing |
MCP Server | Claude Desktop integration, vault management tools |
import { YoxallismusCipher } from '@weave_protocol/hord';
const cipher = new YoxallismusCipher('master-key');
// Lock (encrypt + obfuscate)
const locked = await cipher.lock(sensitiveData);
// Unlock (de-obfuscate + decrypt)
const unlocked = await cipher.unlock(locked);Yoxallismus Cipher: A dual-layer encryption combining AES-256-GCM with tumbler/deadbolt obfuscation. Data is first encrypted, then the ciphertext is scrambled using position-dependent transformations that require both the key and the original encryption context to reverse.
π Skill: encrypting-data
βοΈ Domere - The Judge
Enterprise-grade verification, orchestration, compliance, and audit infrastructure.
Category | Features |
Verification | Intent tracking, drift detection, execution replay, multi-agent handoff |
Orchestration | Task scheduler, agent registry, shared state with locks |
Compliance | SOC2, HIPAA, PCI-DSS, ISO27001 checkpoints & reporting |
Blockchain | Solana & Ethereum anchoring for immutable audit trails |
Blockchain Anchoring:
Solana Mainnet:
6g7raTAHU2h331VKtfVtkS5pmuvR8vMYwjGsZF1CUj2oSolana Devnet:
BeCYVJYfbUu3k2TPGmh9VoGWeJwzm2hg2NdtnvbdBNCjEthereum:
0xAA8b52adD3CEce6269d14C6335a79df451543820
import { ComplianceManager } from '@weave_protocol/domere';
const compliance = new ComplianceManager(['pci-dss', 'iso27001', 'soc2', 'hipaa']);
// Create tamper-evident checkpoint
const checkpoint = await compliance.createCheckpoint({
action: 'data_access',
resource: 'customer_records',
actor: 'agent-001'
});
// Generate audit report
const report = await compliance.generateReport('pci-dss', {
startDate: '2024-01-01',
endDate: '2024-12-31'
});π Skill: compliance-auditing
π₯ Witan - The Council
Multi-agent consensus and governance.
Category | Features |
Consensus | Unanimous, majority, weighted, quorum protocols |
Policy | Rule enforcement, permission management, escalation |
Communication | Agent bus, broadcast, point-to-point messaging |
Recovery | Failure detection, automatic failover, state recovery |
import { ConsensusEngine, PolicyEngine } from '@weave_protocol/witan';
const consensus = new ConsensusEngine({
protocol: 'weighted_majority',
threshold: 0.66,
timeout: 30000
});
// Propose action requiring consensus
const result = await consensus.propose({
action: 'deploy_to_production',
requiredApprovals: ['security-agent', 'qa-agent', 'ops-agent']
});π Skill: consensus-governance
ποΈ Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent System β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β β π‘οΈ Mund β β ποΈ Hord β β βοΈ Domereβ β π₯ Witan β β
β β Guardian β β Vault β β Judge β β Council β β
β ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ β
β β β β β β
β Security Encryption Compliance Consensus β
β Scanning Storage Verification Governance β
β β β β β β
β βββββββββββββββ΄ββββββββββββββ΄ββββββββββββββ β
β β β
β βββββββ΄ββββββ β
β β π API β β
β β REST β β
β βββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ REST API
The @weave_protocol/api package provides HTTP endpoints for all functionality:
# Start the API server
npx @weave_protocol/api
# Or with Docker
docker run -p 3000:3000 weave-protocol/apiEndpoints:
Method | Path | Description |
POST |
| Scan content for security issues |
POST |
| Scan MCP server manifest |
POST |
| Encrypt data |
POST |
| Decrypt data |
POST |
| Lock with Yoxallismus cipher |
POST |
| Unlock with Yoxallismus cipher |
POST |
| Create compliance checkpoint |
GET |
| List available frameworks |
POST |
| Generate compliance report |
π Skill: weave-api-calling
π Security Model
Weave Protocol implements defense-in-depth:
π‘οΈ Mund scans all inputs for threats before processing
ποΈ Hord encrypts sensitive data at rest and in transit
βοΈ Domere logs all actions with tamper-evident checksums
π₯ Witan requires consensus for high-risk operations
CORS Model Integration
The Weave Protocol maps to the CORS Model for AI agent security:
CORS Layer | Weave Package | Function |
Origin Validation | π‘οΈ Mund | Validates input sources, detects injection |
Context Integrity | ποΈ Hord | Protects data integrity through encryption |
Deterministic Enforcement | βοΈ Domere | Ensures consistent policy application |
π οΈ Development
# Clone
git clone https://github.com/Tyox-all/Weave_Protocol.git
cd Weave_Protocol
# Install dependencies (each package)
cd mund && npm install && npm run build
cd ../hord && npm install && npm run build
cd ../domere && npm install && npm run build
# Run tests
npm testπΊοΈ Roadmap
LangChain/LlamaIndex integration package
Web dashboard for monitoring
MCP server reputation scoring
Automated threat intelligence updates
GDPR compliance framework
π€ Contributing
See CONTRIBUTING.md for guidelines.
π License
Apache 2.0 - See LICENSE
π Links
npm (mund): https://www.npmjs.com/package/@weave_protocol/mund
npm (hord): https://www.npmjs.com/package/@weave_protocol/hord
npm (domere): https://www.npmjs.com/package/@weave_protocol/domere
npm (witan): https://www.npmjs.com/package/@weave_protocol/witan
MCP Registry: https://registry.modelcontextprotocol.io (search "mund")
Built with β€οΈ for the AI agent ecosystem.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.