MCP

Multi-agent architecture: Chat.Api with Microsoft Agent Framework, Reporting.Api with GitHub Copilot SDK, connected via Entra Agent Identity.

Building a Multi-Agent System in .NET using the Microsoft Agent Framework, GitHub Copilot SDK, and Entra Agent ID

My side project (Biotrackr) started as a Fitbit data tracker and has gradually evolved into a full multi-agent system. Currently, it tracks my health data from Fitbit including sleep patterns, activity levels, food intake, and weight. I’ve recently built a chat agent that allows me to ask questions about my health data through the UI. However, I wanted to take this a step further and use another agent to build charts and graphs to visualize my data. ...

April 8, 2026 · 13 min · Will Velida
Preventing OWASP MCP01 Token Mismanagement and Secret Exposure in a .NET MCP server with Key Vault, telemetry redaction, and runtime injection.

Preventing Token Mismanagement and Secret Exposure in MCP Servers

When building an MCP server for my side project (Biotrackr), one of the first things I had to think about was how to manage secrets. The MCP server needs an APIM subscription key to call downstream health data APIs, and it also exposes an API key for clients connecting to it. That’s two secrets that need to be stored, distributed, and protected and if either one leaks, the blast radius could extend across the entire platform. ...

March 23, 2026 · 12 min · Will Velida
Migrating a .NET AI agent from function tools to MCP client integration, showing the architectural shift from duplicated HTTP tool classes to a single MCP Server.

From Function Tools to MCP: Migrating an AI Agent to the Model Context Protocol

When I first built an AI Agent for my personal health platform Biotrackr, I used the Microsoft Agent Framework’s function tool pattern with 12 tools decorated with [Description] attributes, registered via AIFunctionFactory.Create(). This wasn’t ideal as I already had an MCP Server exposing the same 12 tools to VS Code and other MCP clients. The natural approach would have been to make the Chat API another MCP client. But there was a blocker. The Anthropic provider in Microsoft Agent Framework (Microsoft.Agents.AI.Anthropic) didn’t support Local MCP Tools. If I wanted to use Claude as the LLM backend (which I did), function tools were the only option. So I duplicated all 12 tool implementations in the Chat API, complete with their own models, validation logic, and API call code. ...

March 22, 2026 · 16 min · Will Velida
Preventing OWASP ASI07 Insecure Inter-Agent Communication in a .NET AI agent with mutual authentication, signed messages, anti-replay, typed contracts, and protocol pinning.

Preventing Insecure Inter-Agent Communication in AI Agents

Biotrackr is a single-agent system. One agent, twelve tools, one identity. That is an architectural choice that eliminates an entire vulnerability class Insecure Inter-Agent Communication (ASI07). But what happens when the system grows? Imagine Biotrackr evolves into a multi-agent platform: a Data Retrieval Agent that fetches health records, a Health Advisor Agent that provides wellness recommendations based on trends, and an Orchestrator Agent that coordinates them. Suddenly, agents are talking to each other, passing data, delegating tasks, sharing context. Every message between them is a potential attack surface. ...

March 12, 2026 · 29 min · Will Velida