feat(go): add standalone MCP governance package

[jackbatzner]

Description

Add a standalone Go MCP governance package (packages/agent-mesh/packages/mcp-governance-go) that re-exports MCP security primitives without requiring the full AgentMesh SDK. Enables lightweight adoption for teams that only need MCP governance.

What's Included

• Go module wrapper re-exporting core MCP primitives from the SDK
• Independent go.mod with minimal dependencies
• Unit tests validating the re-export surface
• MIT license headers on all source files

Type of Change

• New feature (non-breaking change that adds functionality)

Package(s) Affected

• packages/agent-mesh/packages/mcp-governance-go
• packages/agent-mesh/sdks/go (dependency)

Checklist

• I have read the CONTRIBUTING guide
• My code follows the style guidelines of this project
• I have added tests that prove my fix/feature works
• New and existing tests pass locally
• I have added MIT license headers to all new source files
• My changes generate no new warnings

Stacked PRs

This is PR 2 of 3 (Package). Merge order:

1. feat(go): add MCP protocol support with full OWASP coverage #832 — Core MCP primitives (merge first)
2. This PR — Standalone package wrapper
3. Documentation and examples (targets jb/go-mcp-docs)

Related Issues

Part of the multi-language MCP OWASP parity effort.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request introduces a new Go package, mcp-governance-go, which provides a standalone wrapper for the MCP (Microsoft Compliance Platform) security primitives. The package is designed to allow lightweight adoption of MCP governance features without requiring the full AgentMesh SDK. The PR includes the Go module, its dependencies, unit tests, and documentation.

The implementation appears well-structured and adheres to the project's coding standards. However, there are some areas that require attention, particularly around security, backward compatibility, and potential improvements.

---

🔴 CRITICAL

1. Hardcoded Cryptographic Key in McpMessageSigner:

   signer, err := NewMcpMessageSigner(McpMessageSignerConfig{Key: []byte("0123456789abcdef0123456789abcdef")})

   • Issue: The cryptographic key is hardcoded in the NewMcpGateway function. This is a critical security vulnerability as it exposes sensitive information in the source code.
   • Impact: Hardcoded keys can be easily extracted, leading to potential compromise of the cryptographic operations.
   • Action: Replace the hardcoded key with a secure key management mechanism. Use environment variables, a secure vault, or a configuration file that is not checked into version control.

2. Fail-Closed Mechanism in InterceptToolCall:

   if g == nil {
       return McpGatewayDecision{}, fmt.Errorf("%w: gateway is nil", ErrMcpFailClosed)
   }

   • Issue: While the fail-closed mechanism is implemented, the error handling does not provide sufficient context or logging for debugging.
   • Impact: In production, it may be challenging to diagnose the root cause of failures.
   • Action: Enhance the error message with more context, such as the state of the gateway or the request.

3. Regex Denial-of-Service (ReDoS) Risk in CredentialRedactor:

   • Issue: The CredentialRedactor uses regex patterns for redaction, which could be susceptible to ReDoS attacks if an attacker crafts malicious input. Although a timeout mechanism is implemented, it is not a foolproof solution.
   • Impact: A ReDoS attack could exhaust server resources, leading to denial of service.
   • Action: Use regex libraries that support timeouts or implement additional safeguards to detect and mitigate ReDoS attacks.

---

🟡 WARNING

1. Potential Breaking Changes in Public API:

   • The new Go package re-exports MCP primitives from the agent-mesh/sdks/go package. If the underlying SDK changes its API, it could break the mcp-governance-go package.
   • Action: Clearly document the dependency on the agent-mesh/sdks/go package and consider version pinning to avoid unexpected breaking changes.

2. Backward Compatibility:

   • The PR introduces a new package but does not explicitly address backward compatibility with existing Go SDK users.
   • Action: Ensure that the new package does not introduce breaking changes to the existing agent-mesh/sdks/go package. If changes are required, document them clearly in the release notes.

---

💡 SUGGESTIONS

1. Enhanced Unit Test Coverage:

   • While the provided unit tests cover basic functionality, additional tests should be added to cover edge cases, such as:
     • Invalid configurations for McpGatewayConfig.
     • Edge cases for CredentialRedactor, such as empty strings, very large inputs, and inputs with overlapping patterns.
     • Stress tests for CredentialRedactor to ensure the timeout mechanism works as expected under high load.

2. Documentation Improvements:

   • The README provides a good overview of the package, but it could benefit from:
     • A section on security best practices, such as key management.
     • Examples of how to configure and use custom redaction patterns.
     • A clear disclaimer about the potential for breaking changes due to the dependency on the agent-mesh/sdks/go package.

3. Thread Safety:

   • The CredentialRedactor and McpGateway implementations do not appear to have explicit thread-safety mechanisms.
   • Action: Review the code for potential race conditions, especially in shared resources like McpMetrics and AuditLogger. Use synchronization primitives like mutexes if necessary.

4. Error Handling in CredentialRedactor:

   • The Redact function uses a recover block to handle panics, but this approach could mask underlying issues.
   • Action: Consider using more granular error handling to avoid relying on recover for normal operation.

5. Performance Optimization:

   • The CredentialRedactor iterates over all patterns for every input. For large inputs or a high number of patterns, this could become a performance bottleneck.
   • Action: Investigate optimizing the redaction process, such as by using a more efficient pattern-matching algorithm or pre-compiling patterns into a single regex.

---

Conclusion

The PR introduces a valuable addition to the microsoft/agent-governance-toolkit repository, enabling lightweight adoption of MCP governance features in Go. However, the identified critical issues, particularly the hardcoded cryptographic key and potential ReDoS vulnerabilities, must be addressed before merging. Additionally, the suggestions provided can help improve the robustness, security, and maintainability of the code.

[github-actions]

🤖 AI Agent: security-scanner — Security Review of PR: feat(go): add standalone MCP governance package

Security Review of PR: feat(go): add standalone MCP governance package

Summary

This PR introduces a standalone Go package for MCP governance, re-exporting core MCP security primitives from the AgentMesh SDK. While the changes aim to provide a lightweight alternative for teams needing only MCP governance, the critical nature of this repository necessitates a thorough security review.

---

Findings

1. Prompt Injection Defense Bypass

Rating: 🔴 CRITICAL
Issue: The PR does not include any explicit mention of prompt injection defenses in the Go package. Given that this package re-exports MCP primitives, it is critical to ensure that the exported functions include robust protections against prompt injection attacks. The absence of such protections could allow malicious actors to craft inputs that bypass policy guards, potentially compromising downstream applications.
Attack Vector: An attacker could craft malicious inputs that exploit the lack of sanitization or validation in the re-exported functions, leading to unauthorized actions or data leakage.
Recommendation:

• Ensure that all re-exported functions include prompt injection defenses, such as input sanitization and validation.
• Add unit tests specifically designed to test for prompt injection vulnerabilities.
• Include documentation on how to use the package securely, emphasizing the importance of input validation.

---

2. Policy Engine Circumvention

Rating: 🟠 HIGH
Issue: The PR does not provide details on how the policy engine is integrated into the Go package. If the integration is not robust, there is a risk that policies could be skipped or weakened.
Attack Vector: An attacker could exploit gaps in the policy enforcement mechanism to bypass security controls, leading to unauthorized actions.
Recommendation:

• Clearly document how the policy engine is integrated and ensure that it cannot be bypassed.
• Add tests to verify that policies are consistently enforced across all re-exported functions.
• Consider implementing a fail-closed mechanism to ensure that any errors in policy evaluation result in a denial of the action.

---

3. Trust Chain Weaknesses

Rating: 🟠 HIGH
Issue: The PR does not mention any mechanisms for SPIFFE/SVID validation or certificate pinning. These are critical for ensuring the integrity of the trust chain in secure communications.
Attack Vector: An attacker could exploit weaknesses in the trust chain to impersonate a trusted entity, potentially leading to unauthorized access or data breaches.
Recommendation:

• Implement SPIFFE/SVID validation for all secure communications.
• Use certificate pinning to prevent man-in-the-middle attacks.
• Add tests to verify the integrity of the trust chain.

---

4. Credential Exposure

Rating: 🟡 MEDIUM
Issue: The PR does not include any mention of safeguards against credential exposure in logs, error messages, or debug output.
Attack Vector: Sensitive credentials could be inadvertently exposed in logs or error messages, leading to unauthorized access.
Recommendation:

• Ensure that all logging and error handling mechanisms redact sensitive information.
• Add tests to verify that sensitive information is not exposed in logs or error messages.

---

5. Sandbox Escape

Rating: 🔵 LOW
Issue: The PR does not introduce any new sandboxing mechanisms or mention existing ones. While this is not a direct issue, it is worth noting that the absence of sandboxing increases the risk of process isolation breakouts.
Attack Vector: If the Go package is used in an environment without proper sandboxing, a compromised process could potentially escape and affect other parts of the system.
Recommendation:

• Document the importance of running the package in a sandboxed environment.
• Provide examples of how to configure sandboxing for the Go package.

---

6. Deserialization Attacks

Rating: 🟠 HIGH
Issue: The PR does not specify how data is deserialized in the Go package. Unsafe deserialization could lead to code execution or data tampering.
Attack Vector: An attacker could craft malicious serialized data to exploit vulnerabilities in the deserialization process, leading to arbitrary code execution or data corruption.
Recommendation:

• Use safe deserialization libraries that validate input before processing.
• Add tests to ensure that the deserialization process is secure and handles malformed data gracefully.

---

7. Race Conditions

Rating: 🟡 MEDIUM
Issue: The PR does not address potential race conditions in policy checks or trust evaluations.
Attack Vector: An attacker could exploit race conditions to perform unauthorized actions before a policy check is completed.
Recommendation:

• Implement locks or other synchronization mechanisms to prevent race conditions.
• Add tests to simulate concurrent access and verify that the system behaves as expected.

---

8. Supply Chain Risks

Rating: 🟠 HIGH
Issue: The PR introduces a new Go module with minimal dependencies but does not specify how these dependencies are vetted for security.
Attack Vector: Dependency confusion or typosquatting attacks could introduce malicious code into the project.
Recommendation:

• Use tools like go mod verify to ensure the integrity of dependencies.
• Pin dependencies to specific versions and avoid using latest tags.
• Regularly audit dependencies for known vulnerabilities using tools like gosec or snyk.

---

Additional Observations

1. Documentation: The PR includes extensive documentation for the .NET MCP governance layer but lacks equivalent documentation for the Go package. This could lead to misuse or misconfiguration by developers.
   Recommendation: Add comprehensive documentation for the Go package, including examples and best practices for secure usage.

2. Testing: While the PR mentions unit tests, it does not provide details on the scope of these tests.
   Recommendation: Ensure that the tests cover all critical security aspects, including prompt injection, policy enforcement, and deserialization.

---

Final Assessment

• Overall Risk Level: 🔴 CRITICAL
• Blocking Issues: Yes
• Recommended Actions: Address the critical and high-severity issues identified above before merging this PR. Specifically, focus on implementing prompt injection defenses, ensuring robust policy engine integration, and securing the trust chain.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This PR introduces a new standalone Go package, mcp-governance-go, which re-exports MCP security primitives from the AgentMesh SDK. The goal is to provide a lightweight option for teams that only need MCP governance functionality without requiring the full AgentMesh SDK. The PR includes the new package, its dependencies, and unit tests.

The implementation appears to be well-structured and adheres to the project's style guidelines. However, there are some areas that require attention, including potential security issues, missing test cases, and opportunities for improvement.

---

🔴 CRITICAL

1. Credential Redactor Timeout Behavior:

   • The CredentialRedactor.Redact method uses a timeout mechanism to prevent excessive resource consumption during regex operations. However, the timeout handling relies on a recover block to catch panics. This approach is risky because it assumes that all panics are caused by timeouts, which may not always be the case.
   • Recommendation: Use a more robust timeout mechanism, such as a context with a deadline or a separate goroutine with a timeout channel, to handle timeouts explicitly. Avoid relying on recover for control flow.

2. Regex Denial of Service (ReDoS):

   • The buildMcpRedactionPatterns function uses regexp.MustCompile to compile regex patterns. While this ensures that invalid patterns are caught at initialization, it does not protect against catastrophic backtracking, which can lead to ReDoS attacks.
   • Recommendation: Use a regex library that supports timeouts or limits on backtracking, such as regexp2 (a Go port of .NET's regex engine). Alternatively, ensure that all regex patterns are carefully reviewed for potential ReDoS vulnerabilities.

3. Default Policy Fail-Closed Behavior:

   • The McpGateway relies on a default policy (DefaultMcpPolicy) if no custom policy is provided. However, there is no explicit test to verify that the default policy enforces a fail-closed behavior (e.g., denies access when no explicit allow rule matches).
   • Recommendation: Add unit tests to ensure that the default policy is fail-closed and does not inadvertently allow unauthorized actions.

---

🟡 WARNING

1. Breaking Changes in Public API:
   • The introduction of the mcp-governance-go package re-exports MCP primitives from the agent-mesh/sdks/go package. While this is intended to be a lightweight wrapper, any future changes to the agent-mesh/sdks/go package could inadvertently break the mcp-governance-go package.
   • Recommendation: Clearly document the versioning strategy for mcp-governance-go and how it will handle changes in the underlying SDK. Consider using semantic versioning to communicate breaking changes.

---

💡 SUGGESTIONS

1. Unit Test Coverage:

   • While the PR includes unit tests for the CredentialRedactor and some other components, additional test cases are needed to cover edge cases and failure scenarios. For example:
     • Test cases for invalid custom regex patterns in CredentialRedactor.
     • Test cases for McpGateway with incomplete configurations (e.g., missing Authenticator, RateLimiter, etc.).
     • Test cases for McpGateway to validate the behavior of the Policy component.
   • Recommendation: Increase test coverage to include edge cases and failure scenarios.

2. Error Handling:

   • The NewCredentialRedactor function returns an error if buildMcpRedactionPatterns fails, but this error is not logged or handled in the calling code.
   • Recommendation: Ensure that errors returned by functions like NewCredentialRedactor and NewMcpGateway are logged or handled appropriately.

3. Documentation:

   • The README.md file provides a good overview of the package, but it could benefit from additional details, such as:
     • A section on how to configure custom redaction patterns.
     • Examples of how to use the McpGateway with different configurations.
   • Recommendation: Expand the documentation to include more detailed usage examples and configuration options.

4. Thread Safety:

   • The CredentialRedactor uses a map[string]struct{} to track seen threats during redaction. However, this map is not protected by a mutex or other synchronization mechanism, which could lead to race conditions in concurrent use cases.
   • Recommendation: Use a thread-safe data structure, such as sync.Map, or add a mutex to protect access to the seen map.

5. Backward Compatibility:

   • The mcp-governance-go package introduces a new Go module that depends on the agent-mesh/sdks/go package. While this is not a breaking change for existing Python users, it introduces a new dependency that could affect future compatibility.
   • Recommendation: Monitor changes to the agent-mesh/sdks/go package to ensure that they do not break the mcp-governance-go package. Consider adding integration tests to verify compatibility between the two packages.

6. Security Scanner:

   • The McpSecurityScanner is mentioned in the documentation but is not covered in the provided test cases.
   • Recommendation: Add unit tests for the McpSecurityScanner to ensure its correctness and robustness against potential bypasses.

7. Error Messages:

   • Some error messages in the code are generic and may not provide enough context for debugging (e.g., "credential redaction failed closed").
   • Recommendation: Include more specific details in error messages to aid debugging and incident response.

---

Final Assessment

The PR introduces a useful feature that aligns with the project's goals of providing lightweight MCP governance functionality for Go developers. However, the identified critical issues related to security and error handling must be addressed before merging. Additionally, the suggested improvements will enhance the robustness, maintainability, and usability of the new package.

• Action Required: Address the 🔴 CRITICAL issues before merging.
• Optional: Consider implementing the 🟡 WARNING and 💡 SUGGESTION items to improve the overall quality of the package.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This PR introduces a new Go package, mcp-governance-go, which re-exports MCP security primitives from the AgentMesh SDK. The goal is to provide a lightweight option for teams that only need MCP governance features without requiring the full SDK. The PR includes a new Go module, unit tests, and documentation.

The implementation appears to be well-structured, and the provided code adheres to Go best practices. However, there are several areas that require attention, particularly around security, backward compatibility, and potential improvements.

---

🔴 CRITICAL

1. Credential Redaction Timeout Handling

   • The CredentialRedactor.Redact function uses a defer statement to handle panics caused by timeout. While this is a good fallback mechanism, it is not sufficient for ensuring that the redaction process always completes within the specified timeout. The current implementation relies on a custom clock and manually checks elapsed time, which is error-prone and can lead to inconsistencies.
   • Recommendation: Use a context with a timeout to enforce the time limit more robustly. This will allow you to cancel the redaction process if it exceeds the allowed time, ensuring that the function fails safely and predictably.

2. Regex Denial of Service (ReDoS)

   • The buildMcpRedactionPatterns function uses regexp.MustCompile to compile regular expressions. While this is convenient, it does not account for the potential risk of ReDoS attacks, especially since some of the patterns (e.g., (?s)-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY-----) are highly permissive and could be exploited with malicious input.
   • Recommendation: Use a library or approach that supports timeouts for regex matching, such as regexp2 (a Go library that supports timeouts for regex operations). This will help mitigate the risk of ReDoS attacks.

3. Fail-Closed Behavior

   • The CredentialRedactor.Redact function attempts to fail closed by returning a sanitized string (mcpRedactedScanTimeout) when a timeout occurs. However, this behavior is not consistent across all potential failure scenarios (e.g., if the Redact function is called with a nil receiver, it will panic).
   • Recommendation: Add additional safeguards to ensure that the function always fails closed, regardless of the failure scenario.

4. Error Handling in NewCredentialRedactor

   • The NewCredentialRedactor function does not validate the RegexTimeout value. If an invalid value (e.g., negative duration) is passed, it could lead to undefined behavior.
   • Recommendation: Add validation for the RegexTimeout value and return an error if it is invalid.

---

🟡 WARNING

1. Backward Compatibility

   • The introduction of a new Go module (mcp-governance-go) that re-exports MCP primitives from the AgentMesh SDK could potentially lead to breaking changes if the underlying SDK changes in the future.
   • Recommendation: Clearly document the versioning strategy for the new module and ensure that changes to the SDK are reflected in the wrapper module. Consider using semantic versioning to communicate breaking changes to consumers.

2. Error Handling in NewMcpGateway

   • The NewMcpGateway function truncates the McpSessionAuthenticatorConf struct in the diff. If this function does not validate its input parameters (e.g., Authenticator, RateLimiter, etc.), it could lead to runtime panics or undefined behavior.
   • Recommendation: Ensure that all required fields in the McpGatewayConfig struct are validated, and return an error if any required field is missing or invalid.

---

💡 SUGGESTIONS

1. Unit Test Coverage

   • The provided unit tests for CredentialRedactor are a good start, but additional test cases should be added to cover edge cases, such as:
     • Inputs with no sensitive data.
     • Inputs with overlapping patterns.
     • Inputs with invalid UTF-8 sequences.
     • Inputs with very large size (to test performance and timeout behavior).
   • Recommendation: Expand the test suite to cover these scenarios and ensure comprehensive test coverage.

2. Documentation Improvements

   • The README for the new Go module is clear and well-structured. However, it would be helpful to include:
     • A section on how to handle errors returned by the MCP primitives.
     • Examples of how to extend the McpPolicy for custom use cases.
     • A note on the potential for breaking changes due to the dependency on the AgentMesh SDK.
   • Recommendation: Expand the documentation to include these details.

3. Logging and Metrics

   • The McpGateway implementation includes an AuditLogger and McpMetrics, but the provided diff does not show how these components are used. Proper logging and metrics are critical for monitoring and debugging.
   • Recommendation: Ensure that all critical operations (e.g., authentication, rate limiting, scanning) are logged and instrumented with metrics. Provide examples in the documentation on how to configure and use these components.

4. Default Patterns in CredentialRedactor

   • The default patterns in the CredentialRedactor are comprehensive, but they may not cover all possible sensitive data formats (e.g., custom API keys, proprietary token formats).
   • Recommendation: Allow users to easily extend or override the default patterns. This could be achieved by providing a configuration option to disable specific default patterns or to add new ones.

5. Concurrency Considerations

   • The McpGateway and CredentialRedactor components may be used in concurrent environments. It is unclear from the provided code whether these components are thread-safe.
   • Recommendation: Review the implementation of these components to ensure thread safety. If they are not thread-safe, document this limitation clearly.

---

Summary of Actionable Feedback

🔴 CRITICAL

1. Use a context with a timeout in CredentialRedactor.Redact to enforce time limits more robustly.
2. Address potential ReDoS vulnerabilities in regex patterns by using a library or approach that supports regex timeouts.
3. Ensure consistent fail-closed behavior in CredentialRedactor.Redact for all failure scenarios.
4. Add validation for the RegexTimeout value in NewCredentialRedactor.

🟡 WARNING

1. Document the versioning strategy for the new Go module to manage potential breaking changes.
2. Validate all required fields in McpGatewayConfig during the creation of McpGateway.

💡 SUGGESTIONS

1. Expand unit test coverage for CredentialRedactor to include edge cases.
2. Enhance the README with error-handling guidance, custom policy examples, and notes on versioning.
3. Ensure proper logging and metrics instrumentation in McpGateway.
4. Allow users to extend or override default redaction patterns in CredentialRedactor.
5. Verify and document the thread safety of McpGateway and CredentialRedactor.

---

Let me know if you need further clarification or assistance!

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request introduces a new standalone Go package, mcp-governance-go, that re-exports MCP security primitives from the AgentMesh SDK. The goal is to provide a lightweight package for teams that only need MCP governance functionality without the full SDK. The PR includes the Go module, a go.mod file, a README.md, and unit tests for the new package. Additionally, it introduces a CredentialRedactor implementation in the agent-mesh/sdks/go package.

The implementation appears to be well-structured and adheres to the project's coding standards. However, there are several areas that require attention, especially concerning security, thread safety, and potential breaking changes.

---

🔴 CRITICAL

1. Regex Denial-of-Service (ReDoS) Risk in Credential Redactor

   • The CredentialRedactor uses multiple regex patterns for credential redaction. While there is a timeout mechanism to prevent infinite loops, the regex patterns themselves are not analyzed for susceptibility to ReDoS attacks. For example, patterns like (?s)-----BEGIN RSA PRIVATE KEY-----.*?-----END RSA PRIVATE KEY----- could potentially be exploited with crafted input.
   • Action: Use a regex library that supports timeout or backtracking limits (e.g., Google's re2 library) to mitigate ReDoS risks. Alternatively, pre-validate the regex patterns for ReDoS vulnerabilities.

2. Fail-Closed Behavior in Credential Redactor

   • The Redact method attempts to fail closed by returning a redacted string (mcpRedactedScanTimeout) when an error or timeout occurs. However, this approach could result in data loss or unintended behavior if the redaction process is interrupted.
   • Action: Log the original input securely before applying redaction, and ensure that the fail-closed behavior is well-documented and tested to avoid accidental data loss.

3. Credential Redaction Coverage

   • The CredentialRedactor does not appear to handle all possible credential formats, such as JWTs, OAuth tokens, or other proprietary formats.
   • Action: Expand the default regex patterns to include common credential formats like JWTs (eyJ...) and OAuth tokens. Consider allowing users to configure additional patterns dynamically.

4. Concurrency Safety

   • The CredentialRedactor does not explicitly address thread safety. If multiple goroutines use the same CredentialRedactor instance, race conditions could occur.
   • Action: Document whether CredentialRedactor is thread-safe. If it is not, ensure that users are aware of this limitation. Alternatively, make the implementation thread-safe by using synchronization primitives where necessary.

---

🟡 WARNING

1. Breaking Changes in agent-mesh/sdks/go

   • The introduction of CredentialRedactor and its associated types in the agent-mesh/sdks/go package could potentially break existing consumers of the SDK if they rely on overlapping functionality or naming conventions.
   • Action: Clearly document the new functionality in the SDK's changelog and ensure that it does not conflict with existing APIs.

2. Public API Stability

   • The mcp-governance-go package is marked as a "public preview," and its APIs may change before GA. This could lead to breaking changes for early adopters.
   • Action: Clearly communicate the potential for breaking changes in the documentation and consider versioning the package appropriately (e.g., using semantic versioning).

---

💡 SUGGESTIONS

1. Improved Documentation

   • The README.md for the mcp-governance-go package is comprehensive but could benefit from additional details:
     • Add a section on thread safety, especially for components like CredentialRedactor and McpSessionAuthenticator.
     • Include a note on the potential for breaking changes during the public preview phase.
     • Provide more detailed examples for each exported primitive, including edge cases and error handling.

2. Unit Test Coverage

   • The unit tests for CredentialRedactor are a good start, but they could be expanded:
     • Test edge cases, such as empty input, very large input, and input with overlapping patterns.
     • Add tests for the fail-closed behavior to ensure it works as intended.
     • Include tests for thread safety if the CredentialRedactor is intended to be used concurrently.

3. Error Handling

   • The Redact method uses recover to handle panics, but this approach could mask underlying issues.
   • Action: Consider using more granular error handling mechanisms to differentiate between expected and unexpected errors.

4. Performance Testing

   • The CredentialRedactor relies heavily on regex operations, which can be computationally expensive. While a timeout mechanism is in place, it would be beneficial to conduct performance testing to identify any bottlenecks or inefficiencies.
   • Action: Benchmark the Redact method with various input sizes and patterns to ensure it performs well under load.

5. Backward Compatibility

   • While the mcp-governance-go package is new, its reliance on the agent-mesh/sdks/go package means that changes to the latter could impact the former.
   • Action: Establish clear guidelines for maintaining backward compatibility between the SDK and the standalone package.

---

Additional Notes

• The use of regexp.MustCompile in mustCompileMcpPattern could cause the application to panic if an invalid regex is provided. While this is mitigated by pre-compiling the regex patterns, it may still be worth considering a more robust error-handling mechanism.
• The mcp-governance-go package appears to be a thin wrapper around the agent-mesh/sdks/go package. While this is acceptable for a standalone package, consider whether additional functionality or abstractions could be added to justify its existence.

---

Final Recommendation

• Address the critical issues related to regex safety, fail-closed behavior, and concurrency.
• Ensure that the potential for breaking changes is clearly communicated to users.
• Expand test coverage and documentation to cover edge cases and provide more usage examples.
• Conduct performance testing to identify and address any potential bottlenecks.

Once these issues are resolved, the PR will be in a strong position for approval.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary for PR: feat(go): add standalone MCP governance package

This pull request introduces a standalone Go MCP governance package that re-exports core MCP security primitives from the AgentMesh SDK. Below are the detailed observations and recommendations based on the focus areas outlined.

---

🔴 CRITICAL Issues

1. Credential Handling:

   • The CredentialRedactor is mentioned in the README, but there is no explicit mention of how sensitive data is handled during the session creation and tool call interception. Ensure that all sensitive data (e.g., session tokens, API keys) are adequately redacted before being logged or returned in responses.

2. Error Handling:

   • The code snippets in the README show that errors are ignored (e.g., authenticator, _ := mcpgovernance.NewMcpSessionAuthenticator(...)). This can lead to security vulnerabilities if the application proceeds with invalid states. Ensure that all errors are handled appropriately to prevent security bypasses.

---

🟡 WARNING Issues

1. Public Preview Notice:

   • The README states that the module is in public preview and that APIs may change before GA. This could lead to breaking changes for users who adopt the library early. Ensure that this is communicated clearly in the documentation and consider versioning strategies to manage expectations.

2. Dependency Management:

   • The go.mod file specifies v0.0.0 for the SDK dependency. This could lead to issues if the SDK is updated without proper versioning. Consider using a specific version or a versioning strategy that aligns with semantic versioning.

---

💡 SUGGESTION Improvements

1. Unit Tests:

   • While unit tests are mentioned, it would be beneficial to include tests that specifically validate the security primitives, such as ensuring that the McpMessageSigner correctly implements HMAC signing and nonce replay protection. Consider adding tests that simulate various attack vectors to validate the robustness of the security features.

2. Documentation:

   • The README could be enhanced by providing more detailed examples, especially around error handling and edge cases. This will help users understand how to properly implement the package in a secure manner.

3. Type Safety and Validation:

   • Ensure that all configurations (e.g., McpSessionAuthenticatorConfig, McpGatewayConfig) are validated properly. Consider using Pydantic or similar libraries to enforce type safety and validation rules, which can help prevent misconfigurations.

4. Thread Safety:

   • If the package is intended for concurrent use, ensure that all shared resources are properly synchronized. Consider documenting any concurrency guarantees or limitations in the README.

5. OWASP Compliance:

   • The README mentions OWASP MCP coverage but does not detail how each component addresses specific OWASP concerns. Consider providing a mapping of how the implemented features align with the OWASP Agentic Top 10 to enhance transparency and trust.

---

Conclusion

Overall, the introduction of the standalone MCP governance package is a valuable addition to the AgentMesh ecosystem. Addressing the critical issues and considering the warnings and suggestions will enhance the security and usability of the package. Please ensure that the feedback is taken into account before merging the PR.

[jackbatzner]

CI Status Summary ✅

All CI checks pass except:

• Maintainer approval gate — awaiting review

Standalone mcp-governance-go Go package. Slimmed to 5 files.

⚠️ Depends on #832 (Core) merging first. Merge order: #832 → #833 → #834.

[github-actions]

🤖 AI Agent: code-reviewer

Review of Pull Request: feat(go): add standalone MCP governance package

General Observations

The addition of a standalone Go MCP governance package is a valuable enhancement that allows for lightweight adoption of MCP security primitives. The implementation appears to be well-structured, with appropriate documentation and unit tests included.

Actionable Feedback

🔴 CRITICAL: Security Considerations

1. Error Handling: In the provided example code, errors returned from functions like NewMcpSessionAuthenticator, CreateSession, and NewMcpGateway are ignored. This can lead to security vulnerabilities if the application proceeds without proper session management or gateway configuration. Ensure that all errors are handled appropriately to avoid potential security bypasses.

   Recommendation: Implement error handling to check for and respond to errors appropriately. For example:

   authenticator, err := mcpgovernance.NewMcpSessionAuthenticator(...)
   if err != nil {
       // Handle error (e.g., log and exit)
   }

2. Session Management: Ensure that the session management logic (creation, validation, and revocation) is robust against attacks such as session fixation or replay attacks. The use of nonces for replay protection is a good start, but ensure that the implementation is thoroughly tested against these vectors.

🟡 WARNING: Potential Breaking Changes

1. Public Preview Notice: The README states that this module is in public preview and that APIs may change before GA. This could lead to breaking changes for users who adopt the package early. Consider providing a clear versioning strategy or a changelog to inform users of any changes.

2. Dependency Versioning: The go.mod file specifies v0.0.0 for the dependency on the SDK. This could lead to issues if the SDK undergoes breaking changes. It is advisable to specify a version constraint that aligns with semantic versioning practices.

   Recommendation: Update the dependency version to a specific version or use a version range that ensures compatibility.

💡 SUGGESTION: Documentation and Usability

1. Detailed Error Messages: Enhance the documentation to include potential error messages that users might encounter when using the package. This will help users troubleshoot issues more effectively.

2. Examples and Use Cases: While the quick start section is helpful, consider adding more comprehensive examples that cover various use cases, including error handling scenarios. This will improve the usability of the package for developers.

3. Testing Guidelines: Provide guidelines on how to run tests and what to expect from them. This can help contributors and users understand how to validate their implementations.

4. Performance Considerations: If applicable, include information about the performance characteristics of the primitives, especially in high-load scenarios. This will help users make informed decisions about using the package in production environments.

Conclusion

Overall, the addition of the MCP governance package is a positive step towards enhancing the security capabilities of the AgentMesh ecosystem. Addressing the critical security concerns and considering the warnings and suggestions will help ensure that the package is robust, user-friendly, and secure.

[github-actions]

🤖 AI Agent: code-reviewer

Feedback on PR: feat(go): add standalone MCP governance package

🔴 CRITICAL

1. Insufficient Documentation on Security Implications:

   • The PR introduces a standalone Go MCP governance package, but there is no documentation or README file explaining the security implications of using this package. Given that this repository is security-focused, it is critical to provide clear guidance on how to securely use this package and its limitations.
   • Action: Add a detailed README.md file in the mcp-governance-go package directory. Include:
     • A description of the package's purpose.
     • Security considerations and best practices for using the package.
     • Examples of how to integrate the package securely.

2. Lack of Cryptographic Validation:

   • The PR mentions re-exporting MCP security primitives but does not provide details on how cryptographic operations (e.g., HMAC, signing, verification) are handled. Improper handling of cryptographic operations can lead to vulnerabilities.
   • Action: Ensure that cryptographic operations are implemented securely and document the algorithms, key management, and any assumptions made. Include tests to verify the correctness of cryptographic operations.

3. No Validation of Re-exported Primitives:

   • There is no evidence in the PR that the re-exported MCP primitives have been validated for correctness and security.
   • Action: Add tests to verify that the re-exported primitives function as expected and are secure. Include tests for edge cases and potential misuse.

4. Potential for Sandbox Escape:

   • The PR does not address sandboxing or isolation mechanisms for the Go package. If the package interacts with untrusted input or executes external commands, this could lead to sandbox escape vulnerabilities.
   • Action: Review the package for any potential sandbox escape vectors and document how the package ensures isolation and security.

🟡 WARNING

1. Potential Breaking Changes:
   • The PR introduces a new package that re-exports MCP primitives. If the underlying MCP primitives are updated or changed in the future, it could lead to breaking changes for users of this package.
   • Action: Clearly document the versioning strategy for the standalone package and how it will handle updates to the underlying MCP primitives.

💡 SUGGESTIONS

1. Add Type Annotations:

   • Ensure that all exported functions in the Go package have clear type annotations. This will improve type safety and make the package easier to use.
   • Action: Review the package code and add type annotations where missing.

2. Backward Compatibility Tests:

   • Add tests to ensure that the standalone package remains backward compatible with previous versions of the MCP primitives.
   • Action: Create a test suite that verifies compatibility with older versions of the MCP primitives.

3. OWASP Agentic Top 10 Compliance:

   • The PR does not mention compliance with the OWASP Agentic Top 10. This is a critical aspect of the repository's focus.
   • Action: Add tests or documentation demonstrating how the package aligns with the OWASP Agentic Top 10.

4. Thread Safety:

   • If the package is intended to be used in concurrent environments, ensure that all operations are thread-safe.
   • Action: Review the code for potential race conditions and add tests to verify thread safety.

5. Integration Tests:

   • The PR includes unit tests but does not mention integration tests with the full AgentMesh SDK.
   • Action: Add integration tests to verify that the standalone package works correctly with the full SDK.

6. License Headers:

   • While the PR mentions that MIT license headers have been added to all source files, this should be verified.
   • Action: Confirm that all new source files include the correct MIT license headers.

7. Minimal Dependencies:

   • The PR states that the Go module has minimal dependencies, but it does not list them.
   • Action: Include a list of dependencies in the PR description or the package's README file.

8. Changelog Update:

   • The changelog mentions .NET updates but does not include details about the new Go package.
   • Action: Update the changelog to include details about the new Go package.

9. Code Style and Linting:

   • Ensure that the new Go package adheres to the project's coding standards and passes all linting checks.
   • Action: Run the Go code through a linter and address any issues.

10. Testing Coverage:

    • The PR mentions unit tests but does not provide details about the coverage.
    • Action: Include a code coverage report for the new package to ensure adequate test coverage.

Summary

The PR introduces a useful feature by creating a standalone Go MCP governance package. However, it lacks critical documentation, security validation, and tests to ensure the correctness and security of the re-exported MCP primitives. Addressing these issues is essential to maintain the security and reliability of the repository.

[github-actions]

🤖 AI Agent: docs-sync-checker — Issues Found

📝 Documentation Sync Report

Issues Found

• ❌ McpGovernanceExtensions.AddMcpGovernance() in packages/agent-governance-dotnet/src/AgentGovernance/Mcp/McpGovernanceExtensions.cs — missing docstring. This public method needs a detailed explanation of its purpose, parameters, return values, and possible exceptions.
• ⚠️ packages/agent-governance-dotnet/README.md — the new .NET MCP Protocol Support section is added, but it lacks detailed examples for McpGovernanceExtensions.AddMcpGovernance and its parameters. Consider adding a more comprehensive example.
• ⚠️ CHANGELOG.md — no entry for the newly added .NET MCP Protocol Support feature. This should be documented under the "Added" section with a clear description of the new functionality.
• ⚠️ docs/deployment/mcp-server-hardening.md — the new file is added, but it does not include a reference to the .NET MCP Protocol Support feature. Consider adding a cross-reference to this feature for better discoverability.
• ⚠️ packages/agent-governance-dotnet/samples/ — no new examples are provided for the .NET MCP Protocol Support feature. Ensure that the examples directory includes usage samples for the new API.

Suggestions

• 💡 Add a docstring for McpGovernanceExtensions.AddMcpGovernance(kernelOptions: GovernanceOptions, mcpOptions: McpGovernanceOptions, agentId: str) -> Tuple[GovernanceKernel, McpGateway, McpSecurityScanner, McpMessageHandler]. Include details about the parameters (kernelOptions, mcpOptions, agentId), return values, and exceptions.
• 💡 Update the README.md to include a detailed example of how to use McpGovernanceExtensions.AddMcpGovernance with real-world parameter values.
• 💡 Add a CHANGELOG entry under the "Added" section for the .NET MCP Protocol Support feature, summarizing its capabilities (e.g., 5-stage pipeline, 6-threat scanner, JSON-RPC handler).
• 💡 Add a cross-reference in docs/deployment/mcp-server-hardening.md to the .NET MCP Protocol Support section in the README.md.
• 💡 Provide usage examples for .NET MCP Protocol Support in the packages/agent-governance-dotnet/samples/ directory to help users understand how to integrate the new API.

Summary

The PR introduces significant new functionality with the .NET MCP Protocol Support feature but requires additional documentation updates and examples to ensure consistency and usability. Addressing the above issues will bring the documentation in sync with the code changes.

[github-actions]

🤖 AI Agent: breaking-change-detector — Summary

🔍 API Compatibility Report

Summary

This pull request introduces a new standalone Go MCP governance package. It does not modify any existing Python packages within the repository. Therefore, there are no breaking changes to the Python APIs published to PyPI.

Findings

Severity	Package	Change	Impact
✅	N/A	No changes to Python APIs	No impact

Migration Guide

No migration steps are required as there are no breaking changes to the Python APIs.

[github-actions]

🤖 AI Agent: code-reviewer

Review Summary

This pull request introduces a standalone Go MCP governance package that re-exports MCP security primitives without requiring the full AgentMesh SDK. While the PR is well-documented and adheres to the project's contribution guidelines, there are several areas that require attention, particularly regarding security, backward compatibility, and potential improvements.

---

🔴 CRITICAL

1. Cryptographic Operations in Go Package

   • The PR does not provide sufficient details about how cryptographic operations (e.g., signing, verification) are handled in the Go package. If cryptographic primitives are re-exported, ensure that:
     • They use secure defaults (e.g., HMAC-SHA256, Ed25519).
     • Constant-time comparison is used for secret validation.
     • Deprecated or insecure algorithms are not included.
   • Action Required: Add unit tests to validate cryptographic operations and ensure they meet OWASP standards.

2. Sandbox Escape Vectors

   • The PR introduces a new Go package but does not explicitly address sandboxing or isolation for untrusted inputs. If the package interacts with untrusted data (e.g., tool definitions, JSON-RPC messages), it must include:
     • Input sanitization.
     • Validation against schema abuse and injection attacks.
   • Action Required: Add input validation and sanitization mechanisms to the Go package, and document these in the README.

3. Concurrency and Thread Safety

   • If the Go package is intended to be used in concurrent agent execution scenarios, ensure that:
     • Shared state is protected using synchronization primitives (e.g., sync.Mutex, sync.RWMutex).
     • There are no race conditions in critical sections.
   • Action Required: Add tests to simulate concurrent usage and verify thread safety.

---

🟡 WARNING

1. Backward Compatibility

   • While this PR introduces a new package, it depends on packages/agent-mesh/sdks/go. Any changes to the SDK could potentially break the new package.
   • Action Required: Ensure that the Go SDK maintains backward compatibility or document breaking changes clearly.

2. Dependency Management

   • The new Go module introduces minimal dependencies, but the dependency versions are not pinned in go.mod. This could lead to unexpected behavior if upstream dependencies introduce breaking changes.
   • Action Required: Pin dependency versions in go.mod and add a go.sum file.

---

💡 SUGGESTIONS

1. OWASP Agentic Top 10 Compliance

   • The PR does not explicitly mention compliance with the OWASP Agentic Top 10. Consider adding documentation or tests to verify compliance with:
     • A1: Prompt Injection.
     • A3: Credential Leakage.
     • A7: Schema Abuse.
   • Suggestion: Add a checklist in the documentation to map the Go package's features to OWASP Agentic Top 10 sections.

2. Type Safety

   • While the Go language is statically typed, ensure that all exported functions and methods have clear type annotations. Avoid using interface{} unless absolutely necessary.
   • Suggestion: Add type assertions and validations to ensure robustness.

3. Documentation

   • The documentation for the Go package is sparse compared to the .NET SDK. For consistency, consider adding:
     • A detailed README with examples of usage.
     • A section on security best practices for using the package.
     • A list of supported MCP primitives and their use cases.

4. Testing

   • While the PR mentions unit tests, it does not provide details about the test coverage. Ensure that tests cover:
     • Edge cases for all exported functions.
     • Error handling and fallback mechanisms.
     • Performance under concurrent usage.
   • Suggestion: Use a code coverage tool to ensure comprehensive test coverage.

5. Versioning

   • The PR does not specify how the new Go package will be versioned. Since this is a new package, it should start with a v0.x version to indicate that it is in active development.
   • Suggestion: Add versioning guidelines to the documentation.

6. Integration Tests

   • The PR does not mention integration tests for the Go package with the rest of the AgentMesh ecosystem.
   • Suggestion: Add integration tests to verify that the Go package works seamlessly with other components.

---

Additional Notes

• The MCP Server Hardening Guide is a valuable addition and aligns well with OWASP guidelines. However, ensure that these recommendations are also applicable to the Go package if it includes server-side components.
• The .NET MCP Protocol Support section in the README is comprehensive and serves as a good reference for documenting the Go package.

---

Recommended Next Steps

1. Address the critical issues related to cryptographic operations, sandbox escape vectors, and concurrency.
2. Ensure backward compatibility and pin dependency versions.
3. Enhance documentation and testing for the Go package.
4. Add integration tests to verify compatibility with the AgentMesh ecosystem.

Once these issues are resolved, the PR will be ready for approval.

[github-actions]

🤖 AI Agent: code-reviewer

Code Review Feedback for Pull Request: feat(go): add standalone MCP governance package

General Observations

The addition of a standalone Go MCP governance package is a valuable enhancement that allows teams to adopt MCP governance without the overhead of the full AgentMesh SDK. The implementation appears to be well-structured, with a focus on security and minimal dependencies.

Security Review

1. Policy Engine Correctness: Ensure that the re-exported MCP security primitives maintain the integrity of the original policy engine. Any discrepancies could lead to false negatives, allowing security bypasses. Consider adding comprehensive tests that validate the behavior of the re-exported primitives against known security scenarios.

2. Cryptographic Operations: Verify that all cryptographic operations in the re-exported primitives are implemented correctly. Pay special attention to key management and ensure that sensitive data is handled securely. If any cryptographic functions are exposed, ensure they are resistant to common vulnerabilities (e.g., timing attacks).

3. Sandbox Escape Vectors: Assess the potential for sandbox escape in the context of the MCP governance package. Ensure that any execution environments for tools are properly isolated and that there are no vectors for escaping the intended execution context.

4. Thread Safety: If the MCP governance package will be used in a concurrent environment, ensure that all shared resources are properly synchronized to prevent race conditions. Consider using thread-safe data structures or mechanisms to manage state.

5. OWASP Compliance: Ensure that the new package adheres to the OWASP Agentic Top 10 guidelines. Conduct a thorough review of the implementation to identify any potential vulnerabilities that could be exploited.

Type Safety and Validation

• Type Safety: Ensure that all types used in the Go package are well-defined and that any interfaces or structs are properly validated. Consider using Go's type system to enforce constraints where applicable.
• Pydantic Model Validation: If any data models are being used, ensure that they are validated correctly. Although Pydantic is primarily a Python library, ensure that similar validation principles are applied in Go.

Backward Compatibility

• Public API Changes: Since this is a new feature, ensure that it does not introduce breaking changes to existing consumers of the AgentMesh SDK. Document any changes clearly in the changelog.

Documentation

• Documentation and Examples: Ensure that the documentation for the new package is comprehensive and includes examples of usage. This will help users understand how to integrate the new package into their workflows effectively.

Actionable Feedback

• 🔴 CRITICAL: Validate the correctness of the policy engine and ensure that there are no false negatives in the re-exported primitives.
• 💡 SUGGESTION: Add more unit tests that cover edge cases and potential security scenarios to ensure robustness.
• 🟡 WARNING: Ensure that the new package does not introduce breaking changes to existing consumers of the AgentMesh SDK.
• 💡 SUGGESTION: Provide detailed documentation and usage examples to facilitate adoption by teams.

Overall, the PR appears to be a solid addition to the project, but attention to the highlighted areas will be crucial for maintaining security and reliability.

[github-actions]

🤖 AI Agent: code-reviewer

Pull Request Review for feat(go): add standalone MCP governance package

🔴 CRITICAL

1. Lack of Cryptographic Validation in Go Wrapper:

   • The standalone Go MCP governance package re-exports MCP security primitives but does not explicitly validate cryptographic operations (e.g., HMAC, Ed25519, or post-quantum signatures). Ensure that the Go wrapper includes tests and validation for cryptographic operations to prevent potential misuse or vulnerabilities.
   • Action: Add unit tests to validate cryptographic operations and ensure they conform to the expected security standards.

2. Missing SPIFFE/SVID Integration:

   • The PR does not mention any integration with SPIFFE/SVID for identity and trust management. This is a critical gap, as the MCP governance package should support secure identity verification.
   • Action: Integrate SPIFFE/SVID support for identity verification in the Go wrapper and include tests to validate its functionality.

3. Sandbox Escape Vectors:

   • The PR introduces a new package but does not mention any measures to prevent sandbox escape vulnerabilities. This is particularly concerning if the package is used in environments where untrusted code or inputs are processed.
   • Action: Ensure that the Go package includes mechanisms to prevent sandbox escapes, such as input validation, output sanitization, and secure execution environments.

🟡 WARNING

1. Potential Breaking Changes in .cspell.json:

   • The .cspell.json file has been significantly modified, with many new terms added. While this is not a direct breaking change, it could lead to inconsistencies or unexpected behavior in spell-checking workflows.
   • Action: Review the added terms to ensure they are necessary and relevant. Consider splitting the dictionary into multiple files for better maintainability.

2. Backward Compatibility of Go Wrapper:

   • The PR does not provide details on how the standalone Go MCP governance package ensures backward compatibility with the existing Go SDK.
   • Action: Add documentation and tests to confirm that the new package does not introduce breaking changes for existing users of the Go SDK.

💡 SUGGESTIONS

1. Add Documentation for Go Wrapper:

   • The PR does not include detailed documentation for the standalone Go MCP governance package. This could hinder adoption and proper usage.
   • Action: Add a README file for the Go package, including usage examples, API documentation, and integration guides.

2. Enhance Unit Test Coverage:

   • While the PR mentions that unit tests are included, it does not provide details on the test coverage. Ensure that all critical functionalities, especially security-related ones, are thoroughly tested.
   • Action: Provide a test coverage report and ensure that all critical paths are covered.

3. Align with OWASP Agentic Top 10:

   • The PR does not explicitly mention compliance with the OWASP Agentic Top 10. This is an important consideration for a security-focused package.
   • Action: Review the Go package against the OWASP Agentic Top 10 and document compliance.

4. Add Benchmarking for Performance:

   • The PR does not mention performance benchmarks for the Go package. This is important for users who need lightweight adoption.
   • Action: Add benchmarks to measure the performance of the Go package and optimize if necessary.

5. Include Examples in Documentation:

   • The PR does not include examples of how to use the Go MCP governance package in real-world scenarios.
   • Action: Add examples to the documentation, such as integrating the package with an existing Go application.

6. Add CI/CD Validation for Go Package:

   • The PR does not mention any updates to the CI/CD pipeline to validate the new Go package.
   • Action: Update the CI/CD pipeline to include linting, testing, and security scanning for the Go package.

Summary

• The PR introduces a useful feature by creating a standalone Go MCP governance package, but it has critical gaps in cryptographic validation, identity management, and sandboxing.
• Address the critical issues to ensure the package is secure and aligns with the project's security goals.
• Consider the suggestions to improve usability, maintainability, and performance.

Let me know if you need further assistance!

[imran-siddique]

Thank you for this work, @jackbatzner — the MCP governance implementation across multiple languages is impressive and clearly well-thought-out.

After reviewing the full series, we've decided to take a hybrid approach (Decision C): keep MCP core logic in agent-os/agent-mesh and provide thin standalone re-export packages for enterprise repackaging — similar to what we shipped in PR #910 for Python.

We're closing this PR because we'll implement the Go standalone package in-house following this architecture. Your work directly informed our approach — the OWASP mapping methodology, the gateway/rate-limiter/session-auth pattern, and the trust proxy design all carry forward.

We're keeping your documentation PRs open for review as they add independent value. Thank you for the sustained contribution effort across the entire MCP governance surface.