Back to work
Multi-agent release governance · MCP
AgentGov
Multi-agent systems ship without anyone scanning agent cards for prompt injection or signing the decision to release.
View sourceWhat I built
A local-first MCP server + CLI (~2.4K LOC) that gates releases: scans A2A agent cards for prompt-injection, signs decision records with HMAC-SHA256 over JCS-canonicalized payloads, and enforces YAML release policies — emitting signed ALLOW / REVIEW / BLOCK verdicts. Verified end to end producing a signed BLOCK with structured evidence.
Stack
TypeScriptMCPHMACBicep/azd
Status
Hackathon build; 17 tests, verified end to end.