Skip to content

Releases: diomonogatari/mcp-guard

mcp-guard 1.0.0

06 Jun 12:11
@diomonogatari diomonogatari
v1.0.0
d1fc8d3
This commit was signed with the committer’s verified signature.
diomonogatari
GPG key ID: 6FED93E3257C7476
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
mcp-guard 1.0.0 Latest
Latest

The first stable release of mcp-guard, a Roslyn analyzer that catches prompt-injection and tool-poisoning in your C# MCP server's tool descriptions at build time, before they ship.

Highlights

  • Full static rule catalog (MCPG001–MCPG013) over the MCP tool surface: instruction-style phrasing, hidden/zero-width Unicode, secret-file references, exfiltration directives and markdown/encoded-blob sinks, ANSI/terminal escapes, manipulative phrasing, capability mismatch, embedded markup, cross-tool shadowing, and whitespace hiding.
  • MCPG012, the multi-signal escalation: a secret reference plus an external sink on one description is a confirmed exfiltration payload, reported at Error so it fails the build.
  • MCPG013, the opt-in description-integrity baseline: pin each tool description's fingerprint to source and catch a rug-pull (a description changed after review) as a build signal.
  • Coverage of parameter and enum-member names (CyberArk full-schema poisoning) and base64/hex decode-and-rescan so obfuscated payloads still escalate.
  • IDE code fixes, a reusable GitHub Action to gate any consumer's CI, and VS Code support.

Quality

Backed by a known-attack corpus (payloads from public PoCs), benign false-positive controls, and live-server integration tests that prove a poisoned description reaches a client and demonstrate a runtime rug-pull. 126 analyzer + 3 integration tests on .NET 8 and .NET 10. The work was hardened through an adversarial multi-agent review.

See the coverage scorecard, the threat model (who this protects and why human review is not enough), and the changelog.

Install

<PackageReference Include="McpGuard.Analyzers" Version="1.0.0" PrivateAssets="all" />
Assets 2
Loading

mcp-guard 0.1.0

05 Jun 22:42
@diomonogatari diomonogatari
v0.1.0
b919f2d
This commit was signed with the committer’s verified signature.
diomonogatari
GPG key ID: 6FED93E3257C7476
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
mcp-guard 0.1.0

First release of mcp-guard — a Roslyn analyzer that catches prompt-injection and tool-poisoning in C# MCP servers' tool descriptions at build time, before they ship.

Rules

  • MCPG001 — prompt-injection / instruction-style phrasing in an MCP tool, parameter, or tool-type [Description] (e.g. "ignore previous instructions", "do not tell the user", "before answering, …").
  • MCPG002 — hidden / non-printable Unicode (zero-width spaces, bidirectional controls, byte-order marks, tag characters) in MCP tool descriptions.

Install

<PackageReference Include="McpGuard.Analyzers" Version="0.1.0" PrivateAssets="all" />

netstandard2.0 analyzer; loads on the .NET 8 and .NET 10 build hosts. Surfaces as IDE squiggles and build warnings, configurable per rule via .editorconfig. See the README and docs/rules/ for details.

Loading