Agent Goal Hijack
Intent capsule, goal-state ID, goal-drift telemetry.
CANDIDATE EXTENSION · v0.7
Candidate methodology extension for Zero Trust agent governance, Agent Bill of Materials evidence, negative-space analysis, blast-radius scoring, and OWASP ASI Top 10 traceability. It is not a production standard, certification, endorsement, or warranty.
v0.7 defines candidate per-risk controls, required evidence, negative-space tests, CRABS findings, DAD routing, ABOM v0.4 fields, and an assessment template. Any assessment claim remains bounded by observed evidence and the implementation version recorded in its receipt. This is not an OWASP certification or endorsement.
Intent capsule, goal-state ID, goal-drift telemetry.
Semantic tool firewall, sequence policy, fail-closed tools.
Discrete agent identity, per-action auth, delegation chain.
ABOM v0.4, signed manifests, runtime attestation.
Sandbox, pre-exec scan, code/exec separation.
Memory provenance, namespace isolation, TTL, rollback.
Mutual auth, message signing, anti-replay, descriptor validation.
Fan-out caps, circuit breakers, replay tests, rollback drills.
Risk summaries, provenance cues, anti-manipulative approval UX.
Behavioral manifest, attestation, watchdog, quarantine playbook.
These versioned files are the public, machine-usable copies. Repository paths are not required to access them.
The complete v0.7 candidate extension and implementation blueprint.
Risk-by-risk mapping from the OWASP ASI taxonomy to CLAWLINE controls and evidence.
Control statements, evidence requirements, negative-space tests, and routing guidance.
A report-ready template for evidence-backed ASI traceability assessments.
The canonical machine-readable contract for Agent Bill of Materials evidence.
The verifier-owned machine-readable contract for CLAWLINE ASI assessment outputs.
Attribution, license, adaptation, trademark, and non-endorsement notices for referenced material.