[Dream Cycle 2026-05-31] security: MCP auth gap + AIRGuard authorization propagation#2249
Draft
ruvnet wants to merge 1 commit into
Draft
[Dream Cycle 2026-05-31] security: MCP auth gap + AIRGuard authorization propagation#2249ruvnet wants to merge 1 commit into
ruvnet wants to merge 1 commit into
Conversation
…ard -85% + authorization propagation ADR-144 https://claude.ai/code/session_01CzRSPJ6bxyao61HWiinGrE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rotation
05bb9cf7ed1aa30313c42553ca7c49e7574af341Changes
v3/docs/adr/ADR-144-agent-authorization-propagation.md— new ADR:AgentAuthorizationPropagator+ MCP auth validatorv3/docs/adr/README.md— added ADR-144 rowv3/docs/research/dream-cycle-2026-05-31-security.md— SOTA report with witness stampADR
ADR-144 — Agent Authorization Propagation and MCP Authentication Enforcement (Status: Proposed)
Distinct from ADR-131 (ToolOutputGuardrail, content-layer screening):
Key targets:
v3/@claude-flow/security/src/authorization/propagator.tsv3/@claude-flow/cli/src/mcp/auth-validator.tsResearch Summary
Three Grade A findings tonight:
MCP auth gap (arXiv:2605.22333): 40.55% of 7,973 live MCP servers have zero auth; 96.6% of OAuth servers have ≥1 flaw. Ruflo currently has no runtime MCP server authentication validator.
AIRGuard (arXiv:2605.28914): Per-action least-privilege enforcement drops attack success 36.3% → 5.5% (−85%). Ruflo has session-level auth only.
Authorization propagation (arXiv:2605.05440): When agent A delegates to agent B via SendMessage, B can escalate to tools A was not authorized to call. Not solvable by RBAC/ABAC — scope must travel with the message.
Intelligence scan: Single-agent false-continue rate on infeasible tasks is 73.9% (arXiv:2605.28532, Grade A). Feasibility pre-check in
routehook is a zero-ADR fix.Swarm scan: Event-triggered consensus (arXiv:2604.06813, Grade A) reduces idle-agent token burn while maintaining ≥99% completion. Enhancement to ADR-132.
Gist / Witness
Research file:
v3/docs/research/dream-cycle-2026-05-31-security.mdIssue: #2248
Report SHA-256:
a7097af834cb47d04ec6c3a89b8698a90a003f82de746b82d78b6548abe24af2Witness stamp:
3e9b27fbe7f1bc645ce09a95dd015a325d2ecfb618ca2db7f49b25a4df8d08feMerge Policy
Do not self-merge. Leave for human review. This PR contains an architectural proposal (ADR-144) that requires deliberate evaluation before implementation begins.
Closes companion issue #2248.
Generated by Claude Code