Following the techniques data/ registry that landed via #48 → #68, proposing a parallel structure for detection coverage maintained by upstream projects.
Context: I opened PR #187 in March with the wrong shape, cross-cutting README edits inside several technique folders that would have mixed external detection references into SAFE-MCP-owned content. I self-closed it on 2026-05-12 because that form would have made SAFE-MCP responsible for upstream rule correctness, which is the wrong boundary. This issue proposes a different shape.
The ask
A new top-level detections/ directory. One YAML file per SAFE-T ID that has external detection coverage, listing upstream rule references with maintainer-of-record:
# detections/SAFE-T1102.yaml
safe_t_id: SAFE-T1102
detections:
- project: atr
rule_id: ATR-2026-00125
version: ">=2.2.0"
maintainer: eeee2345
last_validated: 2026-05-16
- project: sigma
rule_id: <sigma-rule-id>
version: ">=1.0.0"
maintainer: <github-handle>
last_validated: <date>SAFE-MCP records the pointer. Upstream projects own correctness. A short validator script checks links resolve and versions are valid semver ranges.
Why this is low-risk for the project
SAFE-MCP does not maintain upstream rule correctness, only the listing. Each entry carries a GitHub handle as maintainer-of-record, so stale entries have an owner to bump or remove. Semver ranges make version drift visible. The validator can run in CI on every PR to detections/. New entries do not block taxonomy releases. ATR itself is MIT-licensed throughout, so the listed references carry no IP friction; other contributing projects would self-declare their license in the entry if needed.
Preparation
ATR has shipped rule packs to: Microsoft Agent Governance Toolkit (PRs #908 and #1277, both merged), Cisco AI Defense skill-scanner (PRs #79 and #99, both merged), MISP/CIRCL (misp-taxonomies #323 and misp-galaxy #1207, both merged by @adulau), Gen Digital Sage (PR #33, merged by @vaclavbelak), OWASP Agent-Security-Regression-Harness (PR #74, merged by @mertsatilmaz), precize Agentic Top10 (PR #14, merged). Current state: v2.2.2 / 425 rules / npm 30-day downloads 4,664. Existing cross-mapping to SAFE-MCP at https://github.com/Agent-Threat-Rule/agent-threat-rules/blob/main/docs/SAFE-MCP-MAPPING.md covers 78/85 techniques.
Offer
If the shape works, I will draft the directory schema + validator PR, replicating the #48 → #68 pattern. I can populate the initial entries from the existing 78-technique mapping, marked clearly as community-contributed and not blocking SAFE-MCP releases.
If this is not a fit, that is fine. The ATR namespace is stable so any future link from SAFE-MCP resolves cleanly. No further bumps from me.
@fkautz, flagging since the data/ registry pattern from #48 came from your input.
Following the techniques data/ registry that landed via #48 → #68, proposing a parallel structure for detection coverage maintained by upstream projects.
Context: I opened PR #187 in March with the wrong shape, cross-cutting README edits inside several technique folders that would have mixed external detection references into SAFE-MCP-owned content. I self-closed it on 2026-05-12 because that form would have made SAFE-MCP responsible for upstream rule correctness, which is the wrong boundary. This issue proposes a different shape.
The ask
A new top-level
detections/directory. One YAML file per SAFE-T ID that has external detection coverage, listing upstream rule references with maintainer-of-record:SAFE-MCP records the pointer. Upstream projects own correctness. A short validator script checks links resolve and versions are valid semver ranges.
Why this is low-risk for the project
SAFE-MCP does not maintain upstream rule correctness, only the listing. Each entry carries a GitHub handle as maintainer-of-record, so stale entries have an owner to bump or remove. Semver ranges make version drift visible. The validator can run in CI on every PR to
detections/. New entries do not block taxonomy releases. ATR itself is MIT-licensed throughout, so the listed references carry no IP friction; other contributing projects would self-declare their license in the entry if needed.Preparation
ATR has shipped rule packs to: Microsoft Agent Governance Toolkit (PRs #908 and #1277, both merged), Cisco AI Defense skill-scanner (PRs #79 and #99, both merged), MISP/CIRCL (misp-taxonomies #323 and misp-galaxy #1207, both merged by @adulau), Gen Digital Sage (PR #33, merged by @vaclavbelak), OWASP Agent-Security-Regression-Harness (PR #74, merged by @mertsatilmaz), precize Agentic Top10 (PR #14, merged). Current state: v2.2.2 / 425 rules / npm 30-day downloads 4,664. Existing cross-mapping to SAFE-MCP at https://github.com/Agent-Threat-Rule/agent-threat-rules/blob/main/docs/SAFE-MCP-MAPPING.md covers 78/85 techniques.
Offer
If the shape works, I will draft the directory schema + validator PR, replicating the #48 → #68 pattern. I can populate the initial entries from the existing 78-technique mapping, marked clearly as community-contributed and not blocking SAFE-MCP releases.
If this is not a fit, that is fine. The ATR namespace is stable so any future link from SAFE-MCP resolves cleanly. No further bumps from me.
@fkautz, flagging since the data/ registry pattern from #48 came from your input.