Skip to content

feat: add Shadow AI Discovery integration pairing AGT with cmcp catalog #9

Closed
#10
Closed
feat: add Shadow AI Discovery integration pairing AGT with cmcp catalog#9
#10

Description

@imran-siddique
imran-siddique
opened on Jun 25, 2026

Summary

The sentinel integration monitors known agents via TRACE claims. The missing piece is discovering unknown agents — processes making MCP tool calls without a registered Agent Manifest. AGT Shadow AI Discovery provides this. Pairing it with cmcp's catalog.json gives a complete picture of agent activity.

What to add

  1. New integration entry: integrations/shadow-ai/ — wires AGT Shadow AI Discovery against cmcp's tool catalog.
  2. Flags any MCP tool call from an agent identity not present in catalog.json as an unregistered agent.
  3. Emits a structured discovery event (JSON) with: agent identity, tool called, timestamp, session context.
  4. Optional: emit a TRACE record stub for the unregistered agent so the event appears in TRACE audit infrastructure.
  5. README for the integration explaining the sentinel (known) + shadow-ai (unknown) pairing.

Why

Sovereign mandates (UAE federal AI mandate, EU AI Act public sector) require that every agent touching regulated data be registered and governed. A ministry running cMCP gets enforcement on known agents. Shadow AI Discovery adds detection of unregistered agents — completing the picture. Without it, an unregistered agent can make MCP calls that are invisible to governance infrastructure.

Architecture

cmcp catalog.json          AGT Shadow AI Discovery
(known agents)             (unknown agents)
       |                          |
       +----------+---------------+
                  |
          unified agent inventory
                  |
        sentinel behavioral monitoring

Acceptance criteria

  • integrations/shadow-ai/ directory with integration manifest
  • Scanner that compares agent identity on each MCP call against cmcp catalog.json
  • Structured discovery event on unknown agent detection
  • Unit tests: known agent (no event), unknown agent (event), missing catalog (graceful)
  • Integration test: end-to-end with cmcp in dev mode
  • README explaining sentinel + shadow-ai pairing

Related

  • AGT Shadow AI Discovery module
  • cmcp catalog.json and catalog scanner
  • UAE sovereign mandate: every agent touching federal data must be registered
  • Part of AGT dependency gap analysis: Platform/agt-dependency-gaps.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions