Working notes from shipping agent systems into regulated environments. Each piece is a pattern I've watched succeed or fail in production.
Four identity options — app-only, on-behalf-of, federated credentials, managed identity — mapped to the audit-trail decision an agent designer is making whether they realize it or not. Plus the five gotchas the wizard doesn't surface.
A pre-flight checklist for shipping AI agents into regulated environments. Five layers, yes/no items, decision tree — the same review I run during a Discovery engagement, distilled to a self-serve PDF.
Five architecture decisions the wizard quietly assumes you've made — identity (API key vs. OBO), DLP zone, generative orchestration, Streamable transport, tenant scoping — plus the threat model that isn't in the docs.
A five-layer architecture distilled from shipping three agent systems in regulated environments — identity, credential broker, scoped tools, policy gating, audit. Skip a layer and the review fails.
An MCP server is a security boundary, not a convenience layer. Six rules that keep tool surfaces narrow enough to defend without making them too narrow to use.