Summary

The existing > [!WARNING] block correctly states that reference servers are educational examples and that developers must evaluate their own security requirements. This PR makes that guidance actionable by adding a concrete integration guide.

What's added:

1. docs/security-middleware.md — a 5-minute integration guide covering:

   • The authorization gap in plain MCP deployments (no authz, no audit, no human-in-the-loop)
   • SINT PolicyGateway integration pattern (wraps MCP clients, intercepts tool calls)
   • Tier table: readFile → T0 auto-allow; deleteFile → T2 human review; bash/exec → T3 explicit sign-off
   • Performance: p50 < 2ms, p99 < 10ms intercept overhead
   • Coverage for OWASP Agentic AI Top-10 (ASI01-10), regression-tested suite

2. README.md — adds 4 lines under the existing Security section pointing to the guide

About SINT Protocol

• GitHub: https://github.com/sint-ai/sint-protocol
• License: MIT
• Language: TypeScript (zero-dependency crypto via @noble/ed25519)
• Tests: 1,105 tests across 31 packages, including 10-test MCP attack surface conformance suite
• Bridges: MCP, ROS 2, MAVLink, A2A, IoT (MQTT/CoAP)

Why this matters for MCP

MCP intentionally separates capability from authorization. Without a security layer, agentic deployments have:

• No per-agent scoping of which tools can be called
• No audit trail for incident response
• No human-in-the-loop for irreversible operations (deleteFile, bash, etc.)
• No rate limiting for runaway agents

This is not a criticism of MCP — it's the correct layering. The gap is in the deployment ecosystem. This PR adds one concrete reference for closing it.

What this is NOT

• Not proposing to add SINT as a reference server in src/
• Not replacing the existing WARNING — the warning is correct and important
• This is purely documentation, adding docs/security-middleware.md (new file) + 4 README lines

cc @jspahrsummers — happy to revise the framing if you'd prefer a different approach to documenting security deployment patterns.