docs: refresh all proposals — update status, add 5 new proposals

[imran-siddique]

Full refresh of proposals directory. Updated 8 existing proposal status fields (Dify->Shipped, MAF->Implemented, CSA-ATF->Active, etc). Created 5 new proposals for shipped/active engagements: Haystack, Oracle Agent Spec, Stripe MPP, Nexus Trust Exchange, A2A Trust Extensions. Updated README index with new Agent Infrastructure section. 14 files changed, 224 insertions — all documentation.

[github-actions]

🤖 AI Agent: security-scanner — Security Review Summary

Security Review Summary

This pull request primarily involves documentation updates and new proposals. While the changes are not directly related to the codebase, the proposals describe new integrations and features that could have security implications. Below is an analysis of potential risks and recommendations based on the provided diff.

---

Findings

1. Trust Chain Weaknesses in Nexus Trust Exchange

• Risk: The Nexus Trust Exchange proposal mentions a placeholder cryptographic implementation using XOR for Ed25519. XOR is not a secure cryptographic algorithm and is highly susceptible to attacks. This creates a significant risk of trust chain compromise, as the cryptographic foundation is not secure.
• Rating: 🔴 CRITICAL
• Attack Vector: An attacker could exploit the weak cryptographic implementation to forge trust signatures, manipulate reputation scores, or bypass escrow mechanisms, undermining the entire trust exchange system.
• Recommendation: Replace the placeholder XOR implementation with a robust cryptographic library, such as the Ed25519 implementation provided by libsodium or OpenSSL. Additionally, prioritize integrating with a secure key management solution like Azure Key Vault as mentioned in the proposal.

2. Policy Engine Circumvention in Haystack Integration

• Risk: The GovernancePolicyChecker component in the Haystack integration proposal mentions enforcing governance policies, including tool allowlist/blocklist, content pattern filtering, and rate limiting. However, the proposal does not specify how these policies are configured, updated, or protected from tampering.
• Rating: 🟠 HIGH
• Attack Vector: If the policy configuration is not securely managed, an attacker could modify or bypass the policies, allowing unauthorized actions or bypassing restrictions.
• Recommendation: Ensure that policy configurations are stored securely, preferably in an immutable or append-only format. Implement strong authentication and authorization for any updates to the policy configuration. Additionally, consider adding cryptographic signatures to validate the integrity of the policies.

3. Credential Exposure in Stripe MPP Integration

• Risk: The Stripe MPP integration proposal involves handling sensitive payment credentials and delegation chains. However, there is no mention of secure storage or transmission of these credentials.
• Rating: 🟠 HIGH
• Attack Vector: If payment credentials or delegation chains are exposed in logs, error messages, or insecure storage, attackers could misuse them to perform unauthorized transactions.
• Recommendation: Use secure storage mechanisms (e.g., Azure Key Vault or AWS Secrets Manager) for sensitive credentials. Ensure that logs and error messages do not expose sensitive information. Use secure communication protocols (e.g., HTTPS) for transmitting payment data.

4. Deserialization Risks in Nexus Trust Exchange

• Risk: The Nexus Trust Exchange proposal mentions JSONL export for audit logs. If these logs are later deserialized without proper validation, it could lead to deserialization attacks.
• Rating: 🟡 MEDIUM
• Attack Vector: An attacker could craft malicious JSONL data to exploit vulnerabilities in the deserialization process, potentially leading to remote code execution or data corruption.
• Recommendation: Use a secure JSON parsing library that prevents code execution during deserialization. Validate all input data before processing it.

5. Potential Supply Chain Risks

• Risk: The proposals mention dependencies on third-party libraries and SDKs, such as the Stripe MPP SDK and Haystack. There is no mention of a strategy to mitigate supply chain risks.
• Rating: 🟡 MEDIUM
• Attack Vector: If a malicious or compromised dependency is introduced, it could lead to unauthorized access, data exfiltration, or other security breaches.
• Recommendation: Implement a robust supply chain security strategy, including dependency scanning, version pinning, and verifying the integrity of third-party libraries using checksums or signatures.

---

General Recommendations

1. Threat Modeling: Conduct a thorough threat modeling exercise for each proposed integration to identify potential attack vectors and mitigate risks.
2. Security Reviews: Ensure that all new code and integrations undergo rigorous security reviews before implementation.
3. Testing: Implement automated security testing for new components, including tests for common vulnerabilities such as injection attacks, deserialization issues, and race conditions.
4. Documentation: Update the proposals to include detailed security considerations and mitigation strategies for the identified risks.

---

Conclusion

While this pull request primarily involves documentation updates, the proposed integrations introduce potential security risks that must be addressed during implementation. The most critical issue is the use of an insecure cryptographic placeholder in the Nexus Trust Exchange. This should be prioritized for immediate remediation. Other risks, such as policy engine circumvention and credential exposure, should also be carefully managed during development.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request focuses on updating the documentation for proposals, including status updates for existing proposals and the addition of five new proposals. While the changes are documentation-only, they touch on critical areas of the project, such as trust, cryptographic operations, and agent governance. Below is a detailed review of the changes.

---

🔴 CRITICAL Issues

1. Nexus Trust Exchange - Placeholder Cryptography

   • The Nexus Trust Exchange proposal mentions that cryptographic operations (Ed25519) are currently implemented using a placeholder XOR-based mechanism. This is a severe security risk as XOR is not cryptographically secure and can be trivially broken.
   • Action Required: Replace the placeholder cryptography with a secure implementation, such as Ed25519 using a trusted library (e.g., PyNaCl or cryptography). If hardware-backed security is required, integrate with Azure Key Vault HSM as planned.

2. Audit Logger - Tamper-Evident Logging

   • The Haystack integration proposal describes an audit logger with a SHA-256 hash chain for tamper-evident logging. However, there is no mention of how the hash chain is persisted or protected from tampering.
   • Action Required: Ensure the hash chain is stored in a secure, append-only medium (e.g., a write-once database or blockchain). Document the persistence mechanism to ensure audit integrity.

---

🟡 WARNING Issues

1. Breaking Changes in Agent Infrastructure

   • The Nexus Trust Exchange and A2A Trust Extensions proposals introduce new components and protocols (e.g., IATP Trust Handshake, VADP delegation chains). These may introduce breaking changes to existing agent interactions if not backward-compatible.
   • Action Required: Clearly document backward compatibility guarantees or provide migration paths for existing agents.

2. Stripe MPP Integration - Dependency on External SDK

   • The Stripe MPP proposal depends on an external SDK that was launched in March 2026. This introduces a risk of breaking changes or API instability in the dependency.
   • Action Required: Use version pinning for the Stripe MPP SDK and implement fallback mechanisms for unsupported features.

---

💡 Suggestions for Improvement

1. Agent Trust Scoring

   • The Haystack integration and Nexus Trust Exchange both implement trust scoring mechanisms. It would be beneficial to standardize the trust scoring model across components to avoid inconsistencies.
   • Suggestion: Define a central trust scoring API or module that can be reused across integrations.

2. Graceful Fallback Logic

   • The Haystack integration includes fallback logic for when the haystack library is not installed. While this ensures compatibility, the fallback logic is not covered by tests (# pragma: no cover).
   • Suggestion: Add test cases for the fallback logic to ensure it behaves as expected.

3. Proposal Status Updates

   • The proposal status updates are clear, but some statuses (e.g., "Pre-Alpha," "Planned") lack detailed timelines or next steps.
   • Suggestion: Add a "Next Steps" section to all proposals to provide clarity on future milestones.

4. Documentation Consistency

   • The README index now includes an "Agent Infrastructure & Protocols" section, but the formatting and categorization could be improved for better readability.
   • Suggestion: Use consistent formatting for all sections and consider grouping proposals by their maturity (e.g., "Shipped," "Active," "Planned").

5. OWASP Agentic Top 10 Compliance

   • While the proposals touch on critical areas like trust, cryptography, and auditability, there is no explicit mention of compliance with the OWASP Agentic Top 10.
   • Suggestion: Add a compliance mapping section to each proposal to ensure alignment with OWASP Agentic Top 10 guidelines.

---

Final Recommendation

• Merge Blocker: Address the 🔴 CRITICAL issues related to placeholder cryptography and audit logging before merging.
• Post-Merge Actions: Plan for addressing 🟡 WARNING issues and implement the 💡 suggestions in future updates.

By resolving these issues, the documentation will better support the project's goals of secure and trustworthy agent governance.