Security tests

Recall is only half of it. Agent tooling is an attack surface too.

MCP gives agents a real memory surface to write, reread, migrate and attack. These pages explain the security runs without forcing the reader to decode every raw log first.

3security stories

MCP isolation, Hermes prefetch boundaries and audit findings are separated from benchmark scoring.

MCP baseline31 runs

25 pass, 6 strict fail

Confirmed issues4

symlink cross-profile failures

Harness noise2

runner exception failures

0.4.17 retestmixed

fence fixed, symlinks open

Readable security layer

The failures stay visible, but the labels stay precise.

The baseline and retests are useful only if they separate confirmed product issues from harness failures, partial fixes and still-open families. This is the part of agent memory that a pure leaderboard usually hides.

Security

MCP isolation baseline: 31 strict runs, 4 confirmed symlink failures

25 PASS, 6 strict FAIL. Four failures are confirmed symlink/cross-profile isolation issues; two are harness exception failures.

Read security test

Security

Hermes retests: prompt fence improved, symlink and learning issues remain open

The 0.4.17 retest is mixed: selected prompt-boundary escapes are fixed, while symlink isolation, migrated secret prefetch and learning-reference cases still need patch confirmation.

Read security test

Security

Code quality and security audit: what is solid, what still needs work

1 high, 2 medium, 1 low. The code is considered well hardened for such a young project, but several points still need fixes.

Read security test