Five enforcement layers anchored to documented production incidents. Permission scoping, dry-run gates, deletion protection, blast radius scoring, and audit trails the agent cannot reach. Built before you need them, not after the first escape.
Third-party MCP servers run inside your agent's reasoning loop with privileged tool access. Most teams added them without a review process. A 0-100 scorecard across provenance, scope, code, network, and runtime — gated in CI before they ship.