Skip to content

Claude/eloquent davinci x bhdz#68

Merged
killertcell428 merged 3 commits into
masterfrom
claude/eloquent-davinci-XBhdz
May 19, 2026
Merged

Claude/eloquent davinci x bhdz#68
killertcell428 merged 3 commits into
masterfrom
claude/eloquent-davinci-XBhdz

Conversation

@killertcell428
Copy link
Copy Markdown
Owner

@killertcell428 killertcell428 commented May 19, 2026

Summary

Closes #

Changes

Type of change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • New detection pattern
  • Breaking change (fix or feature that would cause existing behaviour to change)
  • Documentation update
  • Refactor / performance improvement

Testing

  • pytest tests/ -v passes locally
  • New tests added for the change
  • Existing tests updated if needed (explain why)

For new detection patterns, confirm both:

  • Positive test — the pattern correctly detects a malicious input
  • Negative test — the pattern does NOT fire on legitimate input

Checklist

  • Code follows the style of the project (ruff check passes)
  • Type annotations are correct (mypy aigis/ passes)
  • Public API changes are reflected in docs/api-reference.md
  • CHANGELOG.md updated under [Unreleased]
  • I have read CONTRIBUTING.md

Screenshots / output

aigis auto-improvement added 2 commits May 19, 2026 13:41
@killertcell428
release: v1.1.7 — auto-improvement cycle 1 (agent-tool-abuse)
484ccfc 
Two new MCP security detectors:
- mcp_mpma_tool_displacement (score 60): catches MPMA DPMA competitive tool
  displacement — rogue tool description names a legitimate tool as superseded
  or deprecated to hijack LLM selection (arxiv:2505.11154, AAAI 2026)
- mcp_oauth_endpoint_shellexec (score 85): catches CVE-2025-6514 (CVSS 9.6)
  OS command injection via shell metacharacters in authorization_endpoint URLs
  returned by malicious MCP servers (JFrog Security Research, May 2025)

Also: ii_css_font_injection (from cycle 0) included in v1.1.7 release.
21 new tests, all pass. 1572 total passing, 19 pre-existing failures unchanged.

https://claude.ai/code/session_01QUN4VyiQZVC72d2TeGYWxg
Signed-off-by: killertcell428 <killertcell428@gmail.com>
@killertcell428
chore: update uv.lock for v1.1.7 version bump
d9cc70e 
https://claude.ai/code/session_01QUN4VyiQZVC72d2TeGYWxg
Signed-off-by: killertcell428 <killertcell428@gmail.com>
@killertcell428 killertcell428 force-pushed the claude/eloquent-davinci-XBhdz branch from 340aa2d to d9cc70e Compare May 19, 2026 04:41
@killertcell428 killertcell428 merged commit 776e86b into master May 19, 2026
14 checks passed
@killertcell428 killertcell428 deleted the claude/eloquent-davinci-XBhdz branch May 19, 2026 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@killertcell428