capiscio
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 9 additions & 0 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎docs/concepts/index.md‎
Lines changed: 64 additions & 5 deletions b/‎docs/concepts/index.md‎
Lines changed: 64 additions & 5 deletions
diff --git a/‎docs/concepts/mcp-security.md‎
Lines changed: 150 additions & 0 deletions b/‎docs/concepts/mcp-security.md‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎docs/getting-started/index.md‎
Lines changed: 10 additions & 0 deletions b/‎docs/getting-started/index.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎docs/how-to/index.md‎
Lines changed: 11 additions & 0 deletions b/‎docs/how-to/index.md‎
Lines changed: 11 additions & 0 deletions
@@ -88,6 +88,15 @@ jobs:
           path: capiscio-rfcs
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout capiscio-mcp-python
+        uses: actions/checkout@v4
+        with:
+          repository: capiscio/capiscio-mcp-python
+          path: capiscio-mcp-python
+          ref: fix/rfc-links  # TODO: Remove after capiscio/capiscio-mcp-python#4 is merged
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Python
         uses: actions/setup-python@v5
 
@@ -9,7 +9,39 @@ Understand how CapiscIO works under the hood. These docs explain the **why** and
 
 ---
 
-## Core Concepts
+## Identity & Trust
+
+<div class="grid cards" markdown>
+
+-   :material-identifier:{ .lg .middle } **Identity & DIDs**
+
+    ---
+
+    Decentralized identifiers give your agent a permanent, cryptographically verifiable identity.
+
+    [:octicons-arrow-right-24: Learn about DIDs](../identity/index.md)
+
+-   :material-certificate:{ .lg .middle } **Trust Badges**
+
+    ---
+
+    Cryptographic credentials that attest to your agent's identity verification level (0-4).
+
+    [:octicons-arrow-right-24: Understanding Badges](../trust/index.md)
+
+-   :material-key:{ .lg .middle } **Trust Levels**
+
+    ---
+
+    The five-level verification hierarchy—from self-signed to extended validation.
+
+    [:octicons-arrow-right-24: Trust Levels](trust-model.md)
+
+</div>
+
+---
+
+## Validation & Scoring
 
 <div class="grid cards" markdown>
 
@@ -29,13 +61,13 @@ Understand how CapiscIO works under the hood. These docs explain the **why** and
 
     [:octicons-arrow-right-24: Understanding Scores](scoring.md)
 
--   :material-key:{ .lg .middle } **Trust Model**
+</div>
 
-    ---
+---
 
-    How Ed25519 keys, trust stores, and cryptographic verification work. The SSH-like model explained.
+## Runtime Security
 
-    [:octicons-arrow-right-24: Trust Model](trust-model.md)
+<div class="grid cards" markdown>
 
 -   :material-shield-check:{ .lg .middle } **Enforcement**
 
@@ -45,6 +77,30 @@ Understand how CapiscIO works under the hood. These docs explain the **why** and
 
     [:octicons-arrow-right-24: Enforcement](enforcement.md)
 
+-   :material-tools:{ .lg .middle } **MCP Security**
+
+    ---
+
+    RFC-006 (tool authorization) and RFC-007 (server verification) for Model Context Protocol.
+
+    [:octicons-arrow-right-24: MCP Security](mcp-security.md)
+
+</div>
+
+---
+
+## Infrastructure
+
+<div class="grid cards" markdown>
+
+-   :material-server:{ .lg .middle } **Agent Registry**
+
+    ---
+
+    The central registry for agent discovery, DID resolution, and badge verification.
+
+    [:octicons-arrow-right-24: Registry](../registry/index.md)
+
 </div>
 
 ---
@@ -91,6 +147,7 @@ Understand how CapiscIO works under the hood. These docs explain the **why** and
 | **[Scoring](scoring.md)** | "How good is this agent across compliance, trust, availability?" |
 | **[Trust Model](trust-model.md)** | "How do I manage who my agent trusts?" |
 | **[Enforcement](enforcement.md)** | "How do I protect my agent at runtime?" |
+| **[MCP Guard](../mcp-guard/index.md)** | "How do I secure MCP tools?" |
 
 ---
 
@@ -103,6 +160,8 @@ For the formal technical specifications, see the CapiscIO RFCs:
 | **[RFC-001](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/001-agcp.md)** | Agent Governance Control Plane (AGCP) | ✅ Approved |
 | **[RFC-002](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/002-trust-badge.md)** | Trust Badge Specification | ✅ Approved |
 | **[RFC-003](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/003-key-ownership-proof.md)** | Key Ownership Proof Protocol | ✅ Approved |
+| **[RFC-006](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/006-mcp-tool-authority-evidence.md)** | MCP Tool Authority Evidence | ✅ Approved |
+| **[RFC-007](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/007-mcp-server-identity-discovery.md)** | MCP Server Identity Discovery | ✅ Approved |
 
 [:octicons-arrow-right-24: Browse All RFCs](https://github.com/capiscio/capiscio-rfcs){ .md-button }
 
 
@@ -0,0 +1,150 @@
+# MCP Security
+
+The Model Context Protocol (MCP) enables powerful tool access for AI agents. CapiscIO's **MCP Guard** brings trust infrastructure to MCP with two complementary specifications.
+
+## The Problem
+
+MCP servers expose powerful tools to autonomous agents—file systems, databases, APIs, code execution. But MCP itself doesn't define:
+
+- **Who** is calling a tool (authentication)
+- **Whether** they should have access (authorization)
+- **What** happened for post-incident review (audit)
+
+## The Solution: Two RFCs
+
+MCP Guard implements two CapiscIO specifications:
+
+### RFC-006: MCP Tool Authority and Evidence
+
+**Server-side protection.** Define trust level requirements for individual tools.
+
+```python
+from capiscio_mcp import guard
+
+@guard(min_trust_level=2)
+async def read_database(query: str) -> list[dict]:
+    """Only Level 2+ agents can query the database."""
+    return await db.execute(query)
+
+@guard(min_trust_level=3)
+async def write_database(table: str, data: dict):
+    """Only Level 3+ (org-validated) agents can write."""
+    return await db.insert(table, data)
+```
+
+**Key features:**
+
+- **Trust level enforcement** — Require minimum verification level
+- **Evidence logging** — Cryptographic audit trail for every call
+- **Parameter hashing** — PII-safe evidence records
+- **Async and sync** — Both decorator styles supported
+
+[:octicons-arrow-right-24: RFC-006 Full Specification](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/006-mcp-tool-authority-evidence.md)
+
+---
+
+### RFC-007: MCP Server Identity Disclosure
+
+**Client-side verification.** Verify MCP server identity before connecting.
+
+```python
+from capiscio_mcp import verify_server, ServerState
+
+result = await verify_server(
+    server_did="did:web:mcp.example.com",
+    server_badge="eyJhbGc...",
+    transport_origin="https://mcp.example.com",
+)
+
+if result.state == ServerState.VERIFIED_PRINCIPAL:
+    print(f"✓ Trusted server at Level {result.trust_level}")
+else:
+    print("⚠ Server identity not verified")
+```
+
+**Key features:**
+
+- **Server identity verification** — Confirm who you're connecting to
+- **Transport binding** — Verify server controls the transport endpoint
+- **Trust level inspection** — Check server's verification level
+- **Three states** — VERIFIED_PRINCIPAL, DECLARED_PRINCIPAL, UNVERIFIED_ORIGIN
+
+[:octicons-arrow-right-24: RFC-007 Full Specification](https://github.com/capiscio/capiscio-rfcs/blob/main/docs/007-mcp-server-identity-discovery.md)
+
+---
+
+## How They Work Together
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                     MCP Security Flow                            │
+├─────────────────────────────────────────────────────────────────┤
+│                                                                  │
+│   MCP CLIENT                              MCP SERVER             │
+│   ┌─────────────┐                        ┌─────────────┐        │
+│   │  Agent A    │                        │  File Tool  │        │
+│   │  (Level 2)  │                        │  Server     │        │
+│   └─────────────┘                        └─────────────┘        │
+│         │                                       │                │
+│         │  1. Verify server identity            │                │
+│         │     (RFC-007)                         │                │
+│         │ ─────────────────────────────────────>│                │
+│         │                                       │                │
+│         │  2. Call tool with badge              │                │
+│         │ ─────────────────────────────────────>│                │
+│         │                                       │                │
+│         │                   3. Guard evaluates  │                │
+│         │                      (RFC-006)        │                │
+│         │                                       ▼                │
+│         │                              ┌─────────────┐           │
+│         │                              │ @guard(2)   │           │
+│         │                              │ → ALLOW     │           │
+│         │                              │ → log audit │           │
+│         │                              └─────────────┘           │
+│         │                                       │                │
+│         │  4. Return result                     │                │
+│         │ <─────────────────────────────────────│                │
+│                                                                  │
+└─────────────────────────────────────────────────────────────────┘
+```
+
+1. **Client verifies server** using RFC-007 before connecting
+2. **Client calls tool** with their trust badge attached
+3. **Server guard evaluates** the caller's trust level (RFC-006)
+4. **Evidence logged** regardless of allow/deny decision
+
+---
+
+## Trust Levels in MCP Context
+
+| Level | Server Use | Client Use |
+|:-----:|------------|------------|
+| **0** | Development servers | Anonymous tool access |
+| **1** | Personal project servers | Registered agents |
+| **2** | Production read-only tools | Domain-verified agents |
+| **3** | Write operations | Org-verified agents |
+| **4** | Admin tools | Enterprise agents |
+
+---
+
+## Next Steps
+
+<div class="grid cards" markdown>
+
+-   [:material-shield-check: **Protect Your Tools**](../../mcp-guard/guides/server-side/)
+
+    Add `@guard` to your MCP server tools
+
+-   [:material-check-decagram: **Verify Servers**](../../mcp-guard/guides/client-side/)
+
+    Implement server verification in your MCP client
+
+-   [:material-file-document: **Evidence Logging**](../../mcp-guard/guides/evidence/)
+
+    Set up cryptographic audit trails
+
+-   [:material-api: **API Reference**](../../reference/sdk-python/mcp/)
+
+    Complete MCP Guard API documentation
+
+</div>
@@ -53,6 +53,16 @@ npm install -g capiscio       # or: pip install capiscio
 
     [:octicons-arrow-right-24: Add Security](secure/1-intro.md)
 
+-   :material-tools:{ .lg .middle } **Protect MCP Tools**
+
+    ---
+
+    Add tool-level authorization to Model Context Protocol servers.
+
+    **10 minutes** · Intermediate
+
+    [:octicons-arrow-right-24: MCP Guard Quickstart](../mcp-guard/getting-started/quickstart.md)
+
 -   :material-pipe:{ .lg .middle } **CI/CD Integration**
 
     ---
 
@@ -47,6 +47,17 @@ Task-oriented guides for specific problems. Each guide is self-contained with co
 
 ---
 
+## :material-tools: MCP Guard
+
+| Guide | What You'll Do | Time |
+|-------|----------------|------|
+| [Protect MCP Tools](../mcp-guard/guides/server-side.md) | Add `@guard` decorator to MCP tools | 5 min |
+| [Verify MCP Servers](../mcp-guard/guides/client-side.md) | Verify server identity before connecting | 5 min |
+| [Evidence Logging](../mcp-guard/guides/evidence.md) | Log tool calls for compliance | 5 min |
+| [MCP SDK Integration](../mcp-guard/guides/mcp-integration.md) | Integrate with official MCP SDK | 10 min |
+
+---
+
 ## :material-pipe: CI/CD
 
 | Guide | What You'll Do | Time |