This document serves as a record of all significant changes made to the Model Context Protocol (MCP) for Beginners curriculum. Changes are documented in reverse chronological order (newest changes first).
Module 05 - Advanced Topics
- Lesson 5.17: Adversarial Multi-Agent Reasoning with MCP (
05-AdvancedTopics/mcp-adversarial-agents/README.md): New comprehensive guide covering the adversarial debate pattern for multi-agent systems- Mermaid architecture diagram: two agents → shared MCP server → debate transcript → judge → verdict
- Shared MCP tool server (
web_search+run_python) implemented in Python and TypeScript - Opposing system prompts (FOR / AGAINST / Judge) with explicit tool-use requirements
- Debate orchestrator in Python, TypeScript, and C# managing rounds and routing arguments
- MCP
ClientSessionwiring for the orchestrator to real tool calls - Use-case table (hallucination detection, threat modeling, API design review, factual verification, tech selection)
- Security considerations: sandboxed execution, tool-call validation, rate limiting, audit logging
- Structured exercise with three practical scenarios (code review, architecture decision, content moderation)
Module 03 - Getting Started
- 05-stdio-server/README.md: Fixed incomplete TypeScript stdio server example — added missing transport instantiation (
new StdioServerTransport()) andserver.connect(transport)call to match the Python and .NET examples in the same section - 14-sampling/README.md: Fixed typo — corrected
"Sampling is an davanced features"→"Sampling is an advanced feature"
Main README.md
- Added entry 5.17 (Adversarial Multi-Agent Reasoning with MCP) to the curriculum table with a direct link to the new lesson
05-AdvancedTopics/README.md
- Added Lesson 5.17 row to the lessons table
study_guide.md
- Added Adversarial Multi-Agent Reasoning topic to the mind-map and prose description of Advanced Topics
Module 05 - Adversarial Agents (mcp-adversarial-agents)
- Security fix — command injection: Replaced
execSyncshell interpolation withexecFile+promisifyin the TypeScriptrun_pythontool, eliminating the command injection surface (LLM-controlled code is now passed as a literal argv element with no shell involvement) - MCP tool loop wiring: Updated the Python debate orchestrator to use
AsyncAnthropicclient (replacing blocking syncAnthropic), pass a liveClientSessiondirectly to each agent turn, fetch tool definitions viasession.list_tools()each turn, and dispatchtool_useblocks viasession.call_tool()in a loop until the model emits a final text response
- Bumped
honoto 4.12.12 across multiple packages (03-GettingStarted, 04-PracticalImplementation, 10-StreamliningAIWorkflows) - Bumped
@hono/node-serverfrom 1.19.11 to 1.19.13 in TypeScript packages - Bumped
cryptographyfrom 46.0.5 to 46.0.7 in Python packages (10-StreamliningAIWorkflows labs 3 and 4) - Bumped
lodashfrom 4.17.23 to 4.18.1 in 10-StreamliningAIWorkflows inspector
- Synced translations for 48+ languages with the latest source changes (i18n update)
Module 03 - Getting Started
-
12-mcp-hosts/README.md: New comprehensive guide for setting up MCP hosts
- Claude Desktop, VS Code, Cursor, Cline, Windsurf configuration examples
- JSON configuration templates for all major hosts
- Transport types comparison table (stdio, SSE/HTTP, WebSocket)
- Troubleshooting common connection issues
- Security best practices for host configuration
-
13-mcp-inspector/README.md: New debugging guide for MCP Inspector
- Installation methods (npx, npm global, from source)
- Connecting to servers via stdio and HTTP/SSE
- Testing tools, resources, and prompts workflows
- VS Code integration with MCP Inspector
- Common debugging scenarios with solutions
Module 04 - Practical Implementation
- pagination/README.md: New pagination implementation guide
- Cursor-based pagination patterns in Python, TypeScript, Java
- Client-side pagination handling
- Cursor design strategies (opaque vs. structured)
- Performance optimization recommendations
Module 05 - Advanced Topics
- mcp-protocol-features/README.md: New protocol features deep dive
- Progress notifications implementation
- Request cancellation patterns
- Resource templates with URI patterns
- Server lifecycle management
- Logging level control
- Error handling patterns with JSON-RPC codes
Main Module READMEs Now links to both first lesson AND next module
02-Security Sub-files
- All 5 supplementary security documents now have "What's Next" navigation:
09-CaseStudy Files
- All case study files now have sequential navigation:
10-StreamliningAI Labs Added What's Next section to Module 10 overview and Module 11
SDK and Dependency Updates
Fixed empty openai version to ^4.95.0
Updated SDK from ^1.8.0 to >=1.26.0
Updated mcp version pins to >=1.26.0
Code Fixes
Fixed invalid model gpt-4o-mini to gpt-4.1-mini
Content Fixes
Fixed broken link READMEmd → README.md, fixed curriculum header Module 1-3 → Module 0-3, fixed case-sensitive path
Removed corrupted duplicate Case Study 5 content
Beginner Guidance Improvements Added proper introduction, learning objectives, and prerequisites for beginners
Main README.md
- Added entries 3.12 (MCP Hosts), 3.13 (MCP Inspector), 4.1 (Pagination), 5.16 (Protocol Features) to curriculum table
Module READMEs Added lessons 12 and 13 to lesson list Added Practical Guides section with pagination link Added lessons 5.15 (Custom Transport) and 5.16 (Protocol Features)
study_guide.md
- Updated mindmap with all new topics: MCP Hosts Setup, MCP Inspector, Pagination Strategies, Protocol Features Deep Dive
- New Client Primitive - Roots: Added comprehensive documentation on the Roots client primitive, enabling servers to understand filesystem boundaries and access permissions
- Tool Annotations: Added documentation on tool behavioral annotations (
readOnlyHint,destructiveHint) for better tool execution decisions - Tool Calling in Sampling: Updated Sampling documentation to include
toolsandtoolChoiceparameters for model-driven tool invocation during sampling requests - URL Mode Elicitation: Added documentation on URL-based elicitation for server-initiated external web interactions
- Tasks (Experimental): Added new section documenting the experimental Tasks feature for durable execution wrappers and deferred result retrieval
- Icons Support: Noted that tools, resources, resource templates, and prompts can now include icons as additional metadata
- README.md: Added MCP Specification 2025-11-25 version reference and date-based versioning explanation
- study_guide.md: Updated curriculum map to include Tasks and Tool Annotations in Core Concepts section; updated document timestamp
- Protocol Version: Verified all documentation references current MCP Specification 2025-11-25
- Architecture Alignment: Confirmed two-layer architecture (Data Layer + Transport Layer) documentation accuracy
- Primitives Documentation: Validated server primitives (Resources, Prompts, Tools) and client primitives (Sampling, Elicitation, Logging, Roots)
- Transport Mechanisms: Verified STDIO and Streamable HTTP transport documentation accuracy
- Security Guidance: Confirmed alignment with current MCP Security Best Practices documentation
- OpenID Connect Discovery: Auth server discovery through OIDC
- OAuth Client ID Metadata Documents: Recommended client registration mechanism
- JSON Schema 2020-12: Default dialect for MCP schema definitions
- SDK Tiering System: Formalized requirements for SDK feature support and maintenance
- Governance Structure: Formalized Working Groups and Interest Groups in MCP governance
- New Hands-On Training Resource: Added comprehensive integration with the MCP Security Summit Workshop (Sherpa) throughout all security documentation
- Expedition Route Coverage: Documented the complete camp-to-camp progression from Base Camp to Summit
- OWASP Alignment: All security guidance now maps to OWASP MCP Azure Security Guide risks
- New Section: Added OWASP MCP Top 10 Security Risks table with Azure mitigations to main Security README
- Risk-Based Documentation: Updated mcp-security-controls-2025.md with OWASP MCP risk references for each security domain
- Reference Architecture: Linked to OWASP MCP Azure Security Guide reference architecture and implementation patterns
- README.md: Added Sherpa Workshop overview, expedition route table, OWASP MCP Top 10 risks summary, and hands-on training section
- mcp-security-controls-2025.md: Updated header to February 2026, added OWASP risk references (MCP01-MCP08), fixed spec version inconsistency
- mcp-security-best-practices-2025.md: Added Sherpa and OWASP resources section, updated timestamp
- mcp-best-practices.md: Added hands-on training section with Sherpa and OWASP links
- azure-content-safety-implementation.md: Added OWASP MCP06 reference, Sherpa Camp 3 alignment, and additional resources section
- MCP Security Summit Workshop (Sherpa)
- OWASP MCP Azure Security Guide
- OWASP MCP Top 10
- Individual OWASP MCP risk pages (MCP01-MCP10)
- SDK Documentation: Added Go SDK to official SDK list; updated all SDK references to align with MCP Specification 2025-11-25
- Transport Clarification: Updated STDIO and HTTP Streaming transport descriptions with explicit spec references
- SDK Updates: Added Go SDK; updated SDK list with specification version reference
- Authorization Spec: Updated MCP Authorization specification link to current 2025-11-25 version
- New Features: Added note about new MCP Specification 2025-11-25 features (Tasks, Tool Annotations, URL Mode Elicitation, Roots)
- Security Resources: Added OWASP MCP Top 10 and Sherpa workshop links to additional references
- SDK List: Added Swift and Rust SDKs; updated specification link to 2025-11-25
- Spec Reference: Updated MCP Specification link to direct specification URL
- Resource Updates: Added MCP Specification 2025-11-25 link and OWASP MCP Top 10 to additional resources
- Spec Version: Updated MCP Specification reference to 2025-11-25
- Security Resources: Added OWASP MCP Top 10 and Sherpa workshop to additional references
- Badge Update: Changed MCP version badge from SDK version (1.9.3) to specification version (2025-11-25)
- Resource Links: Updated MCP Specification link; added OWASP MCP Top 10
- Spec Reference: Updated MCP Specification link to 2025-11-25 version
- Security Resources: Added OWASP MCP Top 10 to official resources
- Protocol Version Update: Updated to reference latest MCP Specification 2025-11-25 (released November 25, 2025)
- Updated all specification version references from 2025-06-18 to 2025-11-25
- Updated document date references from August 18, 2025 to December 18, 2025
- Verified all specification URLs point to current documentation
- Content Validation: Comprehensive validation of security best practices against latest standards
- Microsoft Security Solutions: Verified current terminology and links for Prompt Shields (previously "Jailbreak risk detection"), Azure Content Safety, Microsoft Entra ID, and Azure Key Vault
- OAuth 2.1 Security: Confirmed alignment with latest OAuth security best practices
- OWASP Standards: Validated OWASP Top 10 for LLMs references remain current
- Azure Services: Verified all Microsoft Azure documentation links and best practices
- Standards Alignment: All referenced security standards confirmed current
- NIST AI Risk Management Framework
- ISO 27001:2022
- OAuth 2.1 Security Best Practices
- Azure security and compliance frameworks
- Implementation Resources: Validated all implementation guide links and resources
- Azure API Management authentication patterns
- Microsoft Entra ID integration guides
- Azure Key Vault secrets management
- DevSecOps pipelines and monitoring solutions
- Specification Compliance: Ensured all mandatory MCP security requirements (MUST/MUST NOT) align with latest specification
- Resource Currency: Verified all external links to Microsoft documentation, security standards, and implementation guides
- Best Practices Coverage: Confirmed comprehensive coverage of authentication, authorization, AI-specific threats, supply chain security, and enterprise patterns
- New Chapter Added: Introduced a comprehensive guide to advanced MCP server usage, covering both regular and low-level server architectures.
- Regular vs. Low-Level Server: Detailed comparison and code examples in Python and TypeScript for both approaches.
- Handler-Based Design: Explanation of handler-based tool/resource/prompt management for scalable, flexible server implementations.
- Practical Patterns: Real-world scenarios where low-level server patterns are beneficial for advanced features and architecture.
- New Chapter Added: Step-by-step guide to implementing simple authentication in MCP servers.
- Auth Concepts: Clear explanation of authentication vs. authorization, and credential handling.
- Basic Auth Implementation: Middleware-based authentication patterns in Python (Starlette) and TypeScript (Express), with code samples.
- Progression to Advanced Security: Guidance on starting with simple auth and advancing to OAuth 2.1 and RBAC, with references to advanced security modules.
These additions provide practical, hands-on guidance for building more robust, secure, and flexible MCP server implementations, bridging foundational concepts with advanced production patterns.
- Complete 13-Lab Learning Path: Added comprehensive hands-on curriculum for building production-ready MCP servers with PostgreSQL database integration
- Real-World Implementation: Zava Retail analytics use case demonstrating enterprise-grade patterns
- Structured Learning Progression:
- Labs 00-03: Foundations - Introduction, Core Architecture, Security & Multi-Tenancy, Environment Setup
- Labs 04-06: Building the MCP Server - Database Design & Schema, MCP Server Implementation, Tool Development
- Labs 07-09: Advanced Features - Semantic Search Integration, Testing & Debugging, VS Code Integration
- Labs 10-12: Production & Best Practices - Deployment Strategies, Monitoring & Observability, Best Practices & Optimization
- Enterprise Technologies: FastMCP framework, PostgreSQL with pgvector, Azure OpenAI embeddings, Azure Container Apps, Application Insights
- Advanced Features: Row Level Security (RLS), semantic search, multi-tenant data access, vector embeddings, real-time monitoring
- Comprehensive Documentation Update: Systematically updated all README files in 11-MCPServerHandsOnLabs to use "Lab" terminology instead of "Module"
- Section Headers: Updated "What This Module Covers" to "What This Lab Covers" across all 13 labs
- Content Description: Changed "This module provides..." to "This lab provides..." throughout documentation
- Learning Objectives: Updated "By the end of this module..." to "By the end of this lab..."
- Navigation Links: Converted all "Module XX:" references to "Lab XX:" in cross-references and navigation
- Completion Tracking: Updated "After completing this module..." to "After completing this lab..."
- Preserved Technical References: Maintained Python module references in configuration files (e.g.,
"module": "mcp_server.main")
- Visual Curriculum Map: Added new "11. Database Integration Labs" section with comprehensive lab structure visualization
- Repository Structure: Updated from ten to eleven main sections with detailed 11-MCPServerHandsOnLabs description
- Learning Path Guidance: Enhanced navigation instructions to cover sections 00-11
- Technology Coverage: Added FastMCP, PostgreSQL, Azure services integration details
- Learning Outcomes: Emphasized production-ready server development, database integration patterns, and enterprise security
- Lab-Based Terminology: Updated main README.md in 11-MCPServerHandsOnLabs to consistently use "Lab" structure
- Learning Path Organization: Clear progression from foundational concepts through advanced implementation to production deployment
- Real-World Focus: Emphasis on practical, hands-on learning with enterprise-grade patterns and technologies
- Hands-On Learning Emphasis: Reinforced practical, lab-based approach throughout documentation
- Enterprise Patterns Focus: Highlighted production-ready implementations and enterprise security considerations
- Technology Integration: Comprehensive coverage of modern Azure services and AI integration patterns
- Learning Progression: Clear, structured path from basic concepts to production deployment
- README.md: Major expansion with comprehensive GitHub MCP Registry case study
- GitHub MCP Registry Case Study: New comprehensive case study examining GitHub's MCP Registry launch in September 2025
- Problem Analysis: Detailed examination of fragmented MCP server discovery and deployment challenges
- Solution Architecture: GitHub's centralized registry approach with one-click VS Code installation
- Business Impact: Measurable improvements in developer onboarding and productivity
- Strategic Value: Focus on modular agent deployment and cross-tool interoperability
- Ecosystem Development: Positioning as foundational platform for agentic integration
- Enhanced Case Study Structure: Updated all seven case studies with consistent formatting and comprehensive descriptions
- Azure AI Travel Agents: Multi-agent orchestration emphasis
- Azure DevOps Integration: Workflow automation focus
- Real-Time Documentation Retrieval: Python console client implementation
- Interactive Study Plan Generator: Chainlit conversational web app
- In-Editor Documentation: VS Code and GitHub Copilot integration
- Azure API Management: Enterprise API integration patterns
- GitHub MCP Registry: Ecosystem development and community platform
- Comprehensive Conclusion: Rewritten conclusion section highlighting seven case studies spanning multiple MCP implementation dimensions
- Enterprise Integration, Multi-Agent Orchestration, Developer Productivity
- Ecosystem Development, Educational Applications categorization
- Enhanced insights into architectural patterns, implementation strategies, and best practices
- Emphasis on MCP as mature, production-ready protocol
- GitHub MCP Registry Case Study: New comprehensive case study examining GitHub's MCP Registry launch in September 2025
- Visual Curriculum Map: Updated mindmap to include GitHub MCP Registry in Case Studies section
- Case Studies Description: Enhanced from generic descriptions to detailed breakdown of seven comprehensive case studies
- Repository Structure: Updated section 10 to reflect comprehensive case study coverage with specific implementation details
- Changelog Integration: Added September 26, 2025 entry documenting GitHub MCP Registry addition and case study enhancements
- Date Updates: Updated footer timestamp to reflect latest revision (September 26, 2025)
- Consistency Enhancement: Standardized case study formatting and structure across all seven examples
- Comprehensive Coverage: Case studies now span enterprise, developer productivity, and ecosystem development scenarios
- Strategic Positioning: Enhanced focus on MCP as foundational platform for agentic system deployment
- Resource Integration: Updated additional resources to include GitHub MCP Registry link
- README.md: Complete implementation guide for custom MCP transport mechanisms
- Azure Event Grid Transport: Comprehensive serverless event-driven transport implementation
- C#, TypeScript, and Python examples with Azure Functions integration
- Event-driven architecture patterns for scalable MCP solutions
- Webhook receivers and push-based message handling
- Azure Event Hubs Transport: High-throughput streaming transport implementation
- Real-time streaming capabilities for low-latency scenarios
- Partitioning strategies and checkpoint management
- Message batching and performance optimization
- Enterprise Integration Patterns: Production-ready architectural examples
- Distributed MCP processing across multiple Azure Functions
- Hybrid transport architectures combining multiple transport types
- Message durability, reliability, and error handling strategies
- Security & Monitoring: Azure Key Vault integration and observability patterns
- Managed identity authentication and least privilege access
- Application Insights telemetry and performance monitoring
- Circuit breakers and fault tolerance patterns
- Testing Frameworks: Comprehensive testing strategies for custom transports
- Unit testing with test doubles and mocking frameworks
- Integration testing with Azure Test Containers
- Performance and load testing considerations
- Azure Event Grid Transport: Comprehensive serverless event-driven transport implementation
- README.md: Comprehensive exploration of context engineering as an emerging field
- Core Principles: Complete context sharing, action decision awareness, and context window management
- MCP Protocol Alignment: How MCP design addresses context engineering challenges
- Context window limitations and progressive loading strategies
- Relevance determination and dynamic context retrieval
- Multi-modal context handling and security considerations
- Implementation Approaches: Single-threaded vs. multi-agent architectures
- Context chunking and prioritization techniques
- Progressive context loading and compression strategies
- Layered context approaches and retrieval optimization
- Measurement Framework: Emerging metrics for context effectiveness evaluation
- Input efficiency, performance, quality, and user experience considerations
- Experimental approaches to context optimization
- Failure analysis and improvement methodologies
- Enhanced Module Structure: Updated curriculum table to include new advanced topics
- Added Context Engineering (5.14) and Custom Transport (5.15) entries
- Consistent formatting and navigation links across all modules
- Updated descriptions to reflect current content scope
- Naming Standardization: Renamed "mcp transport" to "mcp-transport" for consistency with other advanced topic folders
- Content Organization: All 05-AdvancedTopics folders now follow consistent naming pattern (mcp-[topic])
- MCP Specification Alignment: All new content references current MCP Specification 2025-06-18
- Multi-Language Examples: Comprehensive code examples in C#, TypeScript, and Python
- Enterprise Focus: Production-ready patterns and Azure cloud integration throughout
- Visual Documentation: Mermaid diagrams for architecture and flow visualization
- MCP-SECURITY-BEST-PRACTICES-2025.md: Complete rewrite aligned with MCP Specification 2025-06-18
- Mandatory Requirements: Added explicit MUST/MUST NOT requirements from official specification with clear visual indicators
- 12 Core Security Practices: Restructured from 15-item list to comprehensive security domains
- Token Security & Authentication with external identity provider integration
- Session Management & Transport Security with cryptographic requirements
- AI-Specific Threat Protection with Microsoft Prompt Shields integration
- Access Control & Permissions with principle of least privilege
- Content Safety & Monitoring with Azure Content Safety integration
- Supply Chain Security with comprehensive component verification
- OAuth Security & Confused Deputy Prevention with PKCE implementation
- Incident Response & Recovery with automated capabilities
- Compliance & Governance with regulatory alignment
- Advanced Security Controls with zero trust architecture
- Microsoft Security Ecosystem Integration with comprehensive solutions
- Continuous Security Evolution with adaptive practices
- Microsoft Security Solutions: Enhanced integration guidance for Prompt Shields, Azure Content Safety, Entra ID, and GitHub Advanced Security
- Implementation Resources: Categorized comprehensive resource links by Official MCP Documentation, Microsoft Security Solutions, Security Standards, and Implementation Guides
- MCP-SECURITY-CONTROLS-2025.md: Complete overhaul with enterprise-grade security framework
- 9 Comprehensive Security Domains: Expanded from basic controls to detailed enterprise framework
- Advanced Authentication & Authorization with Microsoft Entra ID integration
- Token Security & Anti-Passthrough Controls with comprehensive validation
- Session Security Controls with hijacking prevention
- AI-Specific Security Controls with prompt injection and tool poisoning prevention
- Confused Deputy Attack Prevention with OAuth proxy security
- Tool Execution Security with sandboxing and isolation
- Supply Chain Security Controls with dependency verification
- Monitoring & Detection Controls with SIEM integration
- Incident Response & Recovery with automated capabilities
- Implementation Examples: Added detailed YAML configuration blocks and code examples
- Microsoft Solutions Integration: Comprehensive coverage of Azure security services, GitHub Advanced Security, and enterprise identity management
- 9 Comprehensive Security Domains: Expanded from basic controls to detailed enterprise framework
- README.md: Complete rewrite for enterprise security implementation
- Current Specification Alignment: Updated to MCP Specification 2025-06-18 with mandatory security requirements
- Enhanced Authentication: Microsoft Entra ID integration with comprehensive .NET and Java Spring Security examples
- AI Security Integration: Microsoft Prompt Shields and Azure Content Safety implementation with detailed Python examples
- Advanced Threat Mitigation: Comprehensive implementation examples for
- Confused Deputy Attack Prevention with PKCE and user consent validation
- Token Passthrough Prevention with audience validation and secure token management
- Session Hijacking Prevention with cryptographic binding and behavioral analysis
- Enterprise Security Integration: Azure Application Insights monitoring, threat detection pipelines, and supply chain security
- Implementation Checklist: Clear mandatory vs. recommended security controls with Microsoft security ecosystem benefits
- Specification References: Updated all references to current MCP Specification 2025-06-18
- Microsoft Security Ecosystem: Enhanced integration guidance throughout all security documentation
- Practical Implementation: Added detailed code examples in .NET, Java, and Python with enterprise patterns
- Resource Organization: Comprehensive categorization of official documentation, security standards, and implementation guides
- Visual Indicators: Clear marking of mandatory requirements vs. recommended practices
- Protocol Version Update: Updated to reference current MCP Specification 2025-06-18 with date-based versioning (YYYY-MM-DD format)
- Architecture Refinement: Enhanced descriptions of Hosts, Clients, and Servers to reflect current MCP architecture patterns
- Hosts now clearly defined as AI applications coordinating multiple MCP client connections
- Clients described as protocol connectors maintaining one-to-one server relationships
- Servers enhanced with local vs. remote deployment scenarios
- Primitive Restructuring: Complete overhaul of server and client primitives
- Server Primitives: Resources (data sources), Prompts (templates), Tools (executable functions) with detailed explanations and examples
- Client Primitives: Sampling (LLM completions), Elicitation (user input), Logging (debugging/monitoring)
- Updated with current discovery (
*/list), retrieval (*/get), and execution (*/call) method patterns
- Protocol Architecture: Introduced two-layer architecture model
- Data Layer: JSON-RPC 2.0 foundation with lifecycle management and primitives
- Transport Layer: STDIO (local) and Streamable HTTP with SSE (remote) transport mechanisms
- Security Framework: Comprehensive security principles including explicit user consent, data privacy protection, tool execution safety, and transport layer security
- Communication Patterns: Updated protocol messages to show initialization, discovery, execution, and notification flows
- Code Examples: Refreshed multi-language examples (.NET, Java, Python, JavaScript) to reflect current MCP SDK patterns
- Standards Alignment: Full alignment with MCP Specification 2025-06-18 security requirements
- Authentication Evolution: Documented evolution from custom OAuth servers to external identity provider delegation (Microsoft Entra ID)
- AI-Specific Threat Analysis: Enhanced coverage of modern AI attack vectors
- Detailed prompt injection attack scenarios with real-world examples
- Tool poisoning mechanisms and "rug pull" attack patterns
- Context window poisoning and model confusion attacks
- Microsoft AI Security Solutions: Comprehensive coverage of Microsoft security ecosystem
- AI Prompt Shields with advanced detection, spotlighting, and delimiter techniques
- Azure Content Safety integration patterns
- GitHub Advanced Security for supply chain protection
- Advanced Threat Mitigation: Detailed security controls for
- Session hijacking with MCP-specific attack scenarios and cryptographic session ID requirements
- Confused deputy problems in MCP proxy scenarios with explicit consent requirements
- Token passthrough vulnerabilities with mandatory validation controls
- Supply Chain Security: Expanded AI supply chain coverage including foundation models, embeddings services, context providers, and third-party APIs
- Foundation Security: Enhanced integration with enterprise security patterns including zero trust architecture and Microsoft security ecosystem
- Resource Organization: Categorized comprehensive resource links by type (Official Docs, Standards, Research, Microsoft Solutions, Implementation Guides)
- Structured Learning Objectives: Enhanced learning objectives with specific, actionable outcomes
- Cross-References: Added links between related security and core concept topics
- Current Information: Updated all date references and specification links to current standards
- Implementation Guidance: Added specific, actionable implementation guidelines throughout both sections
- Completely redesigned the curriculum navigation in README.md
- Replaced
<details>tags with more accessible table-based format - Created alternative layout options in new "alternative_layouts" folder
- Added card-based, tabbed-style, and accordion-style navigation examples
- Updated repository structure section to include all latest files
- Enhanced "How to Use This Curriculum" section with clear recommendations
- Updated MCP specification links to point to correct URLs
- Added Context Engineering section (5.14) to the curriculum structure
- Completely revised the study guide to align with current repository structure
- Added new sections for MCP Clients and Tools, and Popular MCP Servers
- Updated the Visual Curriculum Map to accurately reflect all topics
- Enhanced descriptions of Advanced Topics to cover all specialized areas
- Updated Case Studies section to reflect actual examples
- Added this comprehensive changelog
- Added detailed information about MCP servers for image generation
- Added comprehensive section on using Claude in VSCode
- Added Cline terminal client setup and usage instructions
- Updated MCP client section to include all popular client options
- Enhanced contribution examples with more accurate code samples
- Organized all specialized topic folders with consistent naming
- Added context engineering materials and examples
- Added Foundry agent integration documentation
- Enhanced Entra ID security integration documentation
- Released first version of the MCP for Beginners curriculum
- Created basic structure for all 10 main sections
- Implemented Visual Curriculum Map for navigation
- Added initial sample projects in multiple programming languages
- Created first server implementation examples
- Added client development guidance
- Included LLM client integration instructions
- Added VS Code integration documentation
- Implemented Server-Sent Events (SSE) server examples
- Added detailed explanation of client-server architecture
- Created documentation on key protocol components
- Documented messaging patterns in MCP
- Initialized the repository with basic folder structure
- Created README files for each major section
- Set up translation infrastructure
- Added image assets and diagrams
- Created initial README.md with curriculum overview
- Added CODE_OF_CONDUCT.md and SECURITY.md
- Set up SUPPORT.md with guidance for getting help
- Created preliminary study guide structure
- Initial planning for MCP for Beginners curriculum
- Defined learning objectives and target audience
- Outlined 10-section structure of the curriculum
- Developed conceptual framework for examples and case studies
- Created initial prototype examples for key concepts