From 21a9762634dea250524cc7d25a292a522c6bcd28 Mon Sep 17 00:00:00 2001
From: confirmxxx <235901389+confirmxxx@users.noreply.github.com>
Date: Fri, 24 Apr 2026 15:33:50 -0400
Subject: [PATCH] =?UTF-8?q?Add=20Swanlake=20=E2=80=94=20defense-in-depth?=
 =?UTF-8?q?=20primitives=20for=20Claude=20Code=20+=20agentic=20apps?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Swanlake is an Apache-2.0 collection of small, composable primitives
aimed at hardening Claude Code and similar agentic harnesses against
prompt injection, confused-deputy MCP abuse, and exfiltration via
fetched content. It fits Hooks and Guardrails because its pieces run
at the guardrail layer rather than as post-hoc scanners:

- Zero-trust surface beacons — every fetchable surface (workspace page,
  repo README, DB row, search hit) carries a Part A operating-rules
  preamble and a Part B canary pair, so any leaked content is visibly
  attributable back to the surface it came from.
- Per-surface canary attribution with shape + subtle-phrase tokens,
  registered locally and matched against tool inputs/outputs.
- Trust-zone MCP scoping so sub-agents inherit restrictions and never
  widen scope.
- Reflex-purity AST lint for the hot path.
- Hardened research-dispatch discipline for sub-agent delegation.

Signed commits, no duplicate coverage of the existing Hooks and
Guardrails entries.

Signed-off-by: confirmxxx <235901389+confirmxxx@users.noreply.github.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 98e2dfc..015e10d 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,7 @@
 - [claude-code-hooks-multi-agent-observability](https://github.com/disler/claude-code-hooks-multi-agent-observability) - Real-time monitoring for multi-agent Claude Code sessions via hook event tracking.
 - [claude-code-showcase](https://github.com/ChrisWiles/claude-code-showcase) - Comprehensive project configuration example with hooks, skills, agents, commands, and GitHub Actions workflows.
 - [NeMo Guardrails](https://github.com/NVIDIA-NeMo/Guardrails) - NVIDIA's toolkit for programmable LLM guardrails with Colang language for dialog flow control. ~4.5k stars.
+- [Swanlake](https://github.com/confirmxxx/Swanlake) - Defense-in-depth primitives for Claude Code and agentic apps: zero-trust surface beacons with per-surface canary attribution, trust-zone MCP scoping, reflex-purity AST lint, hardened research-dispatch discipline. Apache 2.0.
 
 ## 🔌 MCP Security