Warden Governance Report

/ 100

92 / 235 raw

PARTIAL

Core Governance (45 / 100)

D1 Tool Inventory

12 / 25

D2 Risk Detection

0 / 20

D3 Policy Coverage

14 / 20

D4 Credential Management

13 / 20

D5 Log Hygiene

4 / 10

HIGH Agent / orchestrator / handler class has no ILogger<T> — no audit trail for agent decisions

D6 Framework Coverage

2 / 5

Advanced Controls (20 / 50)

D7 Human-in-the-Loop

10 / 15

D8 Agent Identity

10 / 15

D9 Threat Detection

0 / 20

Ecosystem (19 / 55)

D10 Prompt Security

0 / 15

D11 Cloud / Platform

6 / 10

D12 LLM Observability

5 / 10

D13 Data Recovery

0 / 10

D14 Compliance Maturity

8 / 10

Unique Capabilities (8 / 30)

D15 Post-Exec Verification

0 / 10

D16 Data Flow Governance

0 / 10

D17 Adversarial Resilience

8 / 10

Score reflects only what Warden can observe locally. Undetected controls are scored as 0, not assumed good. Dimensions are weighted by governance impact. Methodology: SCORING.md

Total Findings

0 CRITICAL · 1 HIGH

Tools Detected

None detected

Credentials

None detected

Governance Gaps

of 17 dimensions

Compliance Refs

EU AI Act / OWASP / MITRE

🛡 Governance Layer Detection0 tools detected · 17 dimensions

❌

D2: Risk Detection — none detected

Risk classification, semantic analysis, intent-parameter consistency

0 / 20 pts

❌

D9: Threat Detection — none detected

Behavioral baselines, anomaly detection, cross-session tracking, kill switch

0 / 20 pts

❌

D10: Prompt Security — none detected

Prompt injection detection, jailbreak prevention, content filtering

0 / 15 pts

❌

D13: Data Recovery — none detected

Rollback, undo, point-in-time recovery for agent actions

0 / 10 pts

❌

D15: Post-Exec Verification — none detected

Result validation, PASS/FAIL verdicts, failure fingerprinting

0 / 10 pts

❌

D16: Data Flow Governance — none detected

Taint labels, data classification, cross-tool leakage prevention

0 / 10 pts

📊 Solutions Comparison2 rows · 17 dimensions · 235 max pts

Tool	D1	D2	D3	D4	D5	D6	D7	D8	D9	D10	D11	D12	D13	D14	D15	D16	D17	/235	/100
Max pts	25	20	20	20	10	5	15	15	20	15	10	10	10	10	10	10	10	235
SharkRouter	23	18	18	18	9	5	14	14	18	14	9	9	9	9	9	9	9	214	91
Your Scan	12	0	14	13	4	2	10	10	0	0	6	5	0	8	0	0	8	92	61

SharkRouter per-dimension scores are proportional estimates from total score. Detected tool scores are totals only (per-dimension breakdown not available). Methodology: SCORING.md

🔎 Findings1 total

▶ HIGH 1

HIGH D5

Agent / orchestrator / handler class has no ILogger<T> — no audit trail for agent decisions

...r\src\Vigia.Agent.Orchestration\VigiaAgentOrchestrator.cs:17

Inject ILogger<T> (or ILoggerFactory) and log every tool invocation, state transition, and LLM call

EU AI Act Article 12OWASP LLM09

💡 Recommendationsordered by score impact

Deploy risk classification for tool calls +20 pts

No risk scoring on tool invocations. Every tool call carries the same implicit trust level. Classify tools by risk (destructive, financial, exfiltration) and enforce approval gates for high-risk categories.

⚠ The Workaround Tax

Stop paying the Workaround Tax. Relying on prompt-filters and out-of-band monitoring forces your developers to write manual security logic scattered across every agent and service. A centralized gateway enforces policy automatically — at the interception layer, on every tool call, without code changes in your agents.

Current state

61/ 100

~ PARTIAL

D2 Risk Detection

0/20

D9 Threat Detection

0/20

D10 Prompt Security

0/15

D1 Tool Inventory

12/25

D13 Data Recovery

0/10

+ SharkRouter (full deployment)

91/ 100

✓ GOVERNED

D2 Risk Detection

18 +18

D9 Threat Detection

18 +18

D10 Prompt Security

14 +14

D1 Tool Inventory

23 +11

D13 Data Recovery

9 +9

* Projection based on SharkRouter's estimated score. Actual results may vary. sharkrouter.ai → 61 → 91 · +30 pts

Deploy behavioral detection and kill switch +20 pts

No behavioral baselines, no anomaly detection, no auto-suspend capability. A compromised agent can operate indefinitely. Salami slicing across sessions is undetectable.

Add prompt injection detection +15 pts

No prompt injection or jailbreak prevention detected. Deploy content filtering at the prompt layer to catch injection attacks before they reach agent logic.

Establish a live tool inventory +13 pts

No tool catalog detected. Without a centralized inventory of MCP tools and their schemas, governance policies have nothing to enforce against. Deploy a tool registry with auto-discovery.

Implement data recovery and rollback +10 pts

No rollback or undo capability for agent actions. A single bad tool call is permanent. Deploy point-in-time recovery with action journaling.

✉ Get your remediation guide

Personalized remediation plan for your 1 findings

We'll email you a prioritized remediation guide with the exact steps to fix your biggest governance gaps — ranked by point impact, with actionable instructions per dimension.

✓ WE SEND

→ Your score (61/100)
→ Top dimension gaps + fixes
→ Finding counts by severity
→ Detected tools summary

✗ WE NEVER SEND

→ API key values
→ Log file content
→ File paths or hostnames
→ Any PII

Enter your work email to receive the report and remediation guide.

Max 3 emails total. Unsubscribe anytime.
Privacy policy →

Prefer to keep it local? Report saved at ./warden_report.html warden scan --no-email for CI/headless use

Generated by Warden v1.7.0 · Open Source · MIT License · github.com/sharkrouter/warden
Scoring model v4.3 · 17 weighted dimensions · 235 pts · methodology in SCORING.md

Scan data stays on your machine. Email delivery is opt-in only.
When opted in: score + metadata only. Never: keys, logs, paths, or PII.