Show HN: AgentArmor – AI 에이전트를 위한 오픈 소스 8계층 보안 프레임워크

Comprehensive open-source security framework for agentic AI applications. AgentArmor provides 8-layer defense-in-depth security for AI agents, covering every point in the data flow where data is at rest, in transit, or in use. Built to address the OWASP Top 10 for Agentic Applications (2026). - 🎯 L4: Param-Aware Risk Scoring — Risk scoring now considers the target of an action, not just the verb. read.file /etc/shadow correctly scores higher thandelete.file /tmp/cache.json . See CHANGELOG.md. - ⏱️ L7: Time-Based Trust Decay — TrustScorer.decay_rate is now actually applied. Dormant agents lose trust over time:effective_trust = stored_trust × (decay_rate ^ days_idle) . Newget_trust_debug_info() for analytics. - 🚀 MCP Server Plugin — AgentArmor now ships as a native MCP server. Claude Code, OpenClaw, Cursor, Windsurf, and any MCP-compatible agent can call AgentArmor's security tools directly — zero Python code required. - 🛠️ 6 MCP Tools — armor_register_agent ,armor_scan_input ,armor_intercept ,armor_scan_output ,armor_scan_mcp_server ,armor_get_status - ⚡ One-command setup — setup_claude_code.sh auto-configures Claude Code with AgentArmor - 📖 New agentarmor-mcp CLI entry point for stdio transport - 🔒 TLS Certificate Validation — Validates MCP server TLS certificates: version, cipher suite, expiry, weak cipher detection - 🔑 OAuth 2.1 Compliance Checker — Verifies OAuth 2.1 compliance with PKCE S256 support, Protected Resource Metadata, and Authorization Server Metadata - 🛡️ Full Security Scan — MCPGuard.full_security_scan() combines TLS + OAuth + tool analysis in a single call - 🔐 OpenClaw Identity Guard — Encrypts OpenClaw agent identity files with AES-256-GCM + BLAKE3 integrity - 🔍 MCP Server Scanner — Scans MCP servers for dangerous tools, rug-pulls, and transport security Every existing security tool is a point solution — output validators, prompt injection scanners, or policy engines in isolation. AgentArmor is the first unified framework that secures the entire agentic architecture end-to-end. | Layer | Name | What It Protects | |---|---|---| | L1 | Ingestion | Input scanning, prompt injection detection, source verification | | L2 | Storage | Encryption at rest (AES-256-GCM), data classification, integrity (BLAKE3) | | L3 | Context | Instruction-data separation, canary tokens, prompt hardening | | L4 | Planning | Action plan validation, risk scoring, chain depth limits | | L5 | Execution | Rate limiting, network egress control, human approval gates | | L6 | Output | PII redaction (Presidio), DLP, sensitivity filtering | | L7 | Inter-Agent | Mutual auth (HMAC), trust scoring, delegation depth control | | L8 | Identity | Agent identity, JIT permissions, credential rotation | # Using uv (recommended) uv add agentarmor-core # With MCP server support (for Claude Code, OpenClaw, etc.) uv add "agentarmor-core[mcp]" # With all optional features uv add "agentarmor-core[all]" # Available extras: proxy, pii, otel, mcp, oauth, all, dev # For development git clone https://github.com/Agastya910/agentarmor.git cd agentarmor uv sync --all-extras --dev import asyncio from agentarmor import AgentArmor, ArmorConfig async def main(): armor = AgentArmor() # Register your agent identity, token = armor.l8_identity.register_agent( agent_id="my-agent", permissions={"read.*", "search.*"}, ) # Intercept tool calls result = await armor.intercept( action="read.file", params={"path": "/data/notes.txt"}, agent_id="my-agent", input_data="Read the file please", ) print(f"Safe: {result.is_safe}") print(f"Verdict: {result.final_verdict.value}") asyncio.run(main()) @armor.shield(action="database.query") async def query_database(sql: str) -> dict: return db.execute(sql) agentarmor serve --config agentarmor.yaml --port 8400 curl -X POST http://localhost:8400/v1/intercept \ -H "Content-Type: application/json" \ -d '{"action": "read.file", "agent_id": "my-agent", "input_data": "Hello"}' AgentArmor runs as a native MCP server that any MCP-compatible coding agent can call directly — no Python code changes needed in your project. Setup for Claude Code — add to ~/.claude/claude_desktop_config.json : { "mcpServers": { "agentarmor": { "command": "uv", "args": ["run", "agentarmor-mcp"], "cwd": "/path/to/your/project" } } } Or run the one-command setup: bash setup_claude_code.sh Available MCP Tools: | Tool | What It Does | |---|---| armor_register_agent | Register an agent with a permission set | armor_scan_input | Scan text for prompt injection, jailbreaks, DAN attacks | armor_intercept | Run a tool call through all 8 security layers | armor_scan_output | Redact PII (emails, SSNs, API keys) from output | armor_scan_mcp_server | Full TLS + OAuth 2.1 + rug-pull scan of any MCP server | armor_get_status | Health check: version, layers, registered agents | 📖 Full setup guide: docs/claude_code_setup.md from agentarmor import MCPGuard guard = MCPGuard() result = guard.full_security_scan("https://api.example.com/mcp") print(result["overall_risk"]) # "low" /