Skip to content

v0.3.0 — MCP server, web dashboard, expanded eBPF sensor

Latest

Choose a tag to compare

@ByteYellow ByteYellow released this 28 Jun 15:29
· 4 commits to main since this release

Builds on v0.2.0 (native eBPF sensor + hardened provenance gates).

Highlights

AI surface

  • Stdio MCP server (agentprov ai mcp, JSON-RPC 2.0) over the same internal/aitools catalog as the provider adapters — one contract, no drift.
  • Context-write tools (bind_scope, record_tool_call): an agent can assert its own app-side context, app-asserted only — never fabricating system events or signatures.

Web dashboard (agentprov dashboard serve)

  • Local, read-only, single-page view over the verifiable graph: the causality DAG (model intent → action → policy → risk → response) as the signature panel, plus verify/signature status, signals/risk, paged timeline, process tree, and egress (with resolved DNS). Embedded UI, no external assets.

Expanded native eBPF sensor (validated live on an arm64 lab VM)

  • Sensitive file readssecret_path (reading a credential file is no longer invisible).
  • Privilege escalation: setuid / setgid / ptrace; file tamper: rename / unlink.
  • DNS via getaddrinfo uprobe; TLS plaintext → privacy-safe HTTP metadata + llm_call pairing; process_exit closes correlation windows.
  • In-kernel noise filtering before ring-buffer reserve, fixing a containerd-teardown firehose that dropped real events.

Policy — privilege-escalation rules: ptrace and setuid/setgid-to-root → quarantine (without flagging the runtime's benign privilege drop).

Docs — refreshed README + architecture SVGs.

Known gaps / follow-ups (honest)

  • DNS: getaddrinfo (glibc) is validated; the universal UDP / musl path is partial.
  • ptrace probe loads but was not triggered in test.
  • Sensor is arm64 only; IPv6/UDP, HTTP/2 HPACK decode, and multi-arch (x86) are follow-ups.