MCP makes tool wiring much cleaner.
But a manifest is not the same as a runtime record.
A manifest tells you what tools might exist. A runtime record tells you what the agent actually saw and did.
For each agent run, I want to know:
- which MCP servers were connected
- which tool schemas/descriptions were exposed
- which tool versions were active
- which calls were made
- which params were passed
- what state changed
- which calls required approval
- what result came back
This matters because the operational question is rarely only "is this MCP server installed?"
The better question is: during this specific run, what capability surface did the agent have, and what did it do with it?
That is one reason we are building Armorer as a local control plane around agents:
https://github.com/ArmorerLabs/Armorer
And Armorer Guard as a decision-record layer for consequential actions:
https://github.com/ArmorerLabs/Armorer-Guard
MCP gives agents hands. The operations layer needs to give humans a ledger.
Top comments (0)