Hi — came across this repo while cross-referencing OWASP agentic security work. Sharing the SINT Protocol's conformance fixture pack in case it's useful for the red-teaming research here.
SINT Protocol: https://github.com/sint-ai/sint-protocol
An open-source capability-token enforcement gateway for agentic AI. Every tool call passes through a single PolicyGateway.intercept() choke point with Ed25519 capability tokens, T0–T3 approval tiers, a hash-chained evidence ledger, and circuit breaker stop button.
What we published this week
30 machine-readable test vectors covering ASI01–ASI10 — each with an attack case (expected: deny/escalate) and a safe baseline (expected: allow):
https://github.com/sint-ai/sint-protocol/blob/main/packages/conformance-tests/fixtures/security/owasp-asi-conformance.v1.json
Mapping doc linking each ASI to the exact enforcement checkpoint, plugin class, and event emitted:
https://github.com/sint-ai/sint-protocol/blob/main/docs/conformance/owasp-asi-mapping.md
Gaps we've documented explicitly
- ASI05: forbidden-combo detection blocks
write→exec sequences, but no semantic analysis of tool arguments for code injection
- ASI06: history anomaly detection (repetition, privilege claims, timestamp rollback) but no embedding-layer or cross-session analysis
Documenting the gaps honestly is deliberate — we want the fixture format to be reusable for projects that have stronger coverage in those areas too.
If you're building red-team test cases for AAI001-AAI008 (from issue #13), the SINT fixture schema might be worth adapting — the request/expected format is portable across different enforcement implementations.
Hi — came across this repo while cross-referencing OWASP agentic security work. Sharing the SINT Protocol's conformance fixture pack in case it's useful for the red-teaming research here.
SINT Protocol: https://github.com/sint-ai/sint-protocol
An open-source capability-token enforcement gateway for agentic AI. Every tool call passes through a single
PolicyGateway.intercept()choke point with Ed25519 capability tokens, T0–T3 approval tiers, a hash-chained evidence ledger, and circuit breaker stop button.What we published this week
30 machine-readable test vectors covering ASI01–ASI10 — each with an attack case (expected: deny/escalate) and a safe baseline (expected: allow):
https://github.com/sint-ai/sint-protocol/blob/main/packages/conformance-tests/fixtures/security/owasp-asi-conformance.v1.json
Mapping doc linking each ASI to the exact enforcement checkpoint, plugin class, and event emitted:
https://github.com/sint-ai/sint-protocol/blob/main/docs/conformance/owasp-asi-mapping.md
Gaps we've documented explicitly
write→execsequences, but no semantic analysis of tool arguments for code injectionDocumenting the gaps honestly is deliberate — we want the fixture format to be reusable for projects that have stronger coverage in those areas too.
If you're building red-team test cases for AAI001-AAI008 (from issue #13), the SINT fixture schema might be worth adapting — the request/expected format is portable across different enforcement implementations.