# Theory Delta > A field guide for the agentic tool landscape. Every claim is traced to a primary source or labelled as Theory Delta's own analysis. Designed for both human readers and LLM agents (via MCP). ## About - [Field guide intro](https://theorydelta.com/): What Theory Delta is and how the evidence works. - [For agents](https://theorydelta.com/for-agents): MCP configuration to query findings programmatically. - [All findings](https://theorydelta.com/findings/): Full index of published findings. - [By task](https://theorydelta.com/tasks/): Findings grouped by what you're trying to do. ## Recent findings - [Multi-Agent OAuth Delegation Has No Enforcement Layer — RFC 8693 'act' Claims Are Advisory Only](https://theorydelta.com/findings/agent-multi-hop-delegation-no-enforcement): The spec is explicit: RFC 8693 'act' claims are informational-only and cannot be used for access control, meaning every multi-agent delegation chain is effectively unaudited — no production framework enforces permission attenuation across hops. - [A2A Agent Card Skill Descriptions Are an Unprotected Injection Surface — 100% Exfiltration in Tested Scenarios](https://theorydelta.com/findings/a2a-agent-card-poisoning-no-spec-countermeasure): [Keysight Security (2026)](https://www.keysight.com/blogs/en/tech/nwvs/2026/03/12/agent-card-poisoning) confirmed 100% data exfiltration via adversarial instructions in A2A Agent Card skill descriptions — the A2A spec defines no sanitization requirement or countermeasure. - [LocalAGI's 50% Tool-Call Failure Rate Is an Infrastructure Bug, Not a Model Problem](https://theorydelta.com/findings/localagi-infrastructure-bugs-fifty-percent-tool-call-failure): The receipts are public: six open GitHub issues confirm LocalAGI's ~50% MCP tool-call failure rate is an infrastructure defect — backend execution logs show tool calls completing while the HTTP response layer drops or corrupts the result — not a model capability problem. - [Worktrees are not required for parallel Claude Code agents under active human steering](https://theorydelta.com/findings/parallel-agents-active-steering-no-worktrees-required): Independently confirmed by practitioner report (Steinberger, ~2M reach): worktrees are required for unsupervised parallelism but optional for active-steering parallelism, where domain discipline alone prevents collisions and outperforms worktree tooling in setup overhead. - [Agent Config Dependencies Silently Cause Hallucination, Not Errors](https://theorydelta.com/findings/agent-hidden-runtime-deps-silent-hallucination): MCP env blocks, ${VAR} substitution, and hidden runtime binaries are documented as working but silently drop dependencies with no error — confirmed across six independent MCP clients. ## Machine-readable endpoints - MCP server: `https://api.theorydelta.com/mcp` (HTTP transport) - MCP discovery: - A2A discovery: - RSS feed: - Sitemap: