docs(rust): add MCP security documentation, OWASP mapping, and examples

.cspell.json

@@ -1,50 +1,171 @@
-{
-  "version": "0.2",
-  "language": "en",
-  "useGitignore": true,
-  "dictionaries": ["repo-terms"],
-  "dictionaryDefinitions": [
-    {
-      "name": "repo-terms",
-      "path": "./.cspell-repo-terms.txt",
-      "addWords": true
-    }
-  ],
-  "words": [
-    "GitHub",
-    "Markdown",
-    "README",
-    "TypeScript",
-    "JavaScript",
-    "Python",
-    "PyPI",
-    "NuGet",
-    "OpenSSF",
-    "CodeQL",
-    "CORS",
-    "CSP",
-    "CLI",
-    "CI",
-    "CD",
-    "PR",
-    "MCP",
-    "A2A",
-    "HMAC",
-    "Merkle",
-    "backdoors",
-    "metacharacters",
-    "metacharacter",
-    "Blocklist"
-  ],
-  "ignorePaths": [
-    "**/node_modules/**",
-    "**/dist/**",
-    "**/build/**",
-    "**/.venv/**",
-    "**/.git/**",
-    "**/*.png",
-    "**/*.svg",
-    "**/*.json",
-    "**/*.lock"
-  ]
-}
+{
+  "version": "0.2",
+  "language": "en",
+  "useGitignore": true,
+  "dictionaries": [
+    "repo-terms"
+  ],
+  "dictionaryDefinitions": [
+    {
+      "name": "repo-terms",
+      "path": "./.cspell-repo-terms.txt",
+      "addWords": true
+    }
+  ],
+  "words": [
+    "A2A",
+    "Apgar",
+    "appsettings",
+    "asyncio",
+    "backdoors",
+    "backtests",
+    "BCBS",
+    "Behaviour",
+    "behavioural",
+    "biosimilar",
+    "Blocklist",
+    "bursty",
+    "bytecodes",
+    "carboplatin",
+    "CCPA",
+    "CD",
+    "cedarpy",
+    "CFTC",
+    "CHACHA",
+    "CI",
+    "CLI",
+    "cmdshell",
+    "codegen",
+    "CodeQL",
+    "comorbidities",
+    "CORS",
+    "CSP",
+    "cutover",
+    "dataclass",
+    "DBIR",
+    "deque",
+    "DPIA",
+    "drawdowns",
+    "DSAR",
+    "DSPM",
+    "EMTALA",
+    "EUAI",
+    "execve",
+    "exfil",
+    "FHIR",
+    "FINRA",
+    "FIPS",
+    "formularies",
+    "GitHub",
+    "gitops",
+    "gomod",
+    "GPAI",
+    "gvisor",
+    "hepatically",
+    "hepatotoxicity",
+    "HITRUST",
+    "HMAC",
+    "Humira",
+    "IMDS",
+    "JavaScript",
+    "Kata",
+    "keyctl",
+    "keypair",
+    "keypairs",
+    "Klaviyo",
+    "levetiracetam",
+    "libsodium",
+    "lockfiles",
+    "LOINC",
+    "LULD",
+    "Markdown",
+    "maxlen",
+    "MCP",
+    "MediatR",
+    "meds",
+    "Merchantlife",
+    "Merkle",
+    "metacharacter",
+    "metacharacters",
+    "Mgmt",
+    "microarchitectural",
+    "Micromedex",
+    "mispricings",
+    "myregistry",
+    "NBBO",
+    "nephrotoxic",
+    "Newtonsoft",
+    "NIHSS",
+    "NPSG",
+    "NSCLC",
+    "NuGet",
+    "Omnichannel",
+    "OpenSSF",
+    "OPRA",
+    "paclitaxel",
+    "pemetrexed",
+    "pids",
+    "Ponemon",
+    "Portkey",
+    "Poshmark",
+    "PR",
+    "pseudonymized",
+    "pydantic",
+    "PyPI",
+    "Pytest",
+    "Python",
+    "quickstarts",
+    "README",
+    "readv",
+    "recordkeeping",
+    "rego",
+    "retinopathy",
+    "Rowhammer",
+    "runsc",
+    "sandboxed",
+    "sandboxing",
+    "SARIF",
+    "scikit",
+    "screenshotting",
+    "seccomp",
+    "Serilog",
+    "setuptools",
+    "Shapley",
+    "SIEM",
+    "SNOMED",
+    "SPIFFE",
+    "sulfasalazine",
+    "SVID",
+    "syscall",
+    "syscalls",
+    "sysrq",
+    "taskset",
+    "thiserror",
+    "thresholding",
+    "thrombectomy",
+    "timestamping",
+    "TOCTOU",
+    "TWAP",
+    "TypeScript",
+    "underlyings",
+    "unredacted",
+    "unwired",
+    "userspace",
+    "VADP",
+    "vitrectomy",
+    "VWAP",
+    "Vyvanse",
+    "wardrobing"
+  ],
+  "ignorePaths": [
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/build/**",
+    "**/.venv/**",
+    "**/.git/**",
+    "**/*.png",
+    "**/*.svg",
+    "**/*.json",
+    "**/*.lock"
+  ]
+}

CHANGELOG.md

@@ -11,6 +11,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- **.NET MCP Protocol Support** — Full Model Context Protocol governance layer multi-targeting .NET 8.0 and .NET 10.0 with 11/12 OWASP MCP Security Cheat Sheet coverage
+  - `McpGateway`: 5-stage pipeline (deny-list → allow-list → sanitization → rate-limiting → human approval)
+  - `McpSecurityScanner`: 6-threat detection (tool poisoning, rug-pull, cross-server, description injection, schema abuse, protocol attacks)
+  - `McpSessionAuthenticator`: Cryptographic session binding with TTL and TOCTOU-safe concurrency
+  - `McpMessageSigner`: HMAC-SHA256 message integrity + ML-DSA-65 post-quantum signing on .NET 10+ (NIST FIPS 204)
+  - `McpResponseScanner`: Output validation (HTML tags, imperatives, credential leakage, data exfiltration)
+  - `CredentialRedactor`: 10 credential pattern redaction (API keys, tokens, PEM, connection strings)
+  - `McpSlidingRateLimiter`: Per-agent sliding window rate limiting
+  - ASP.NET Core integration: `AddMcpGovernance()`, `UseMcpGovernance()`, `MapMcpGovernance()`
+  - `IConfiguration` binding, `ILogger<T>` structured logging, `IHealthCheck` implementation
+  - gRPC server interceptor (all 4 handler types)
+  - `[McpTool]` attribute for auto-discovery with `McpToolRegistry`
+  - OpenTelemetry: 4 MCP-specific counters (decision, threat, rate-limit, scan)
+  - `AgentGovernance.ModelContextProtocol` adapter sub-package for official MCP SDK integration
+  - 2 sample apps: ASP.NET Core full-stack and Official MCP SDK integration
+  - K8s MCP server hardening guide (`docs/deployment/mcp-server-hardening.md`)
+
 ### Security
 - **Hardened CLI Error Handling** — standardized sanitized JSON error output across all 7 ecosystem tools to prevent internal information disclosure (CWE-209).
 - **Audit Log Whitelisting** — implemented strict key-whitelisting in `agentmesh audit` JSON output to prevent accidental leakage of sensitive agent internal state.

README.md

@@ -111,6 +111,8 @@ Still have questions? File a [GitHub issue](https://github.com/microsoft/agent-g
   - [Agent SRE](packages/agent-sre/) | [Observability integrations](packages/agent-hypervisor/src/hypervisor/observability/)
 - **MCP Security Scanner**: Detect tool poisoning, typosquatting, hidden instructions, and rug-pull attacks in MCP tool definitions
   - [MCP Scanner](packages/agent-os/src/agentos/mcp_security.py) | [CLI](packages/agent-os/src/agentos/cli/mcp_scan.py)
+- **.NET MCP Protocol Support**: Full governance pipeline for .NET 8.0 — 5-stage gateway, 6-threat scanner, session auth, message signing, credential redaction (11/12 OWASP MCP sections)
+  - [.NET MCP SDK](packages/agent-governance-dotnet/) | [Official MCP SDK Adapter](packages/agent-governance-dotnet/src/AgentGovernance.ModelContextProtocol/)
 - **Trust Report CLI**: `agentmesh trust report` — visualize trust scores, task success/failure, and agent activity
   - [Trust CLI](packages/agent-mesh/src/agentmesh/cli/trust_cli.py)
 - **Secret Scanning & Fuzzing**: Gitleaks workflow, 7 fuzz targets covering policy, injection, sandbox, trust, and MCP