A lot of the best tooling around AI we're seeing is adding deterministic gates that the probabilistic AI agents work with. This is why I'm using MCP over http. I'm happy for the the agent to use it's intelligence and creativity to help me solve problems, but for a range of operations, I want a gate past which actions run with the certainty of normal software functions. NanoClaw sells itself on using deterministic filtering of your WhatsApp messages before the agent gets to see them, and proxies API keys so the agent bever gets them - this is a similar type of deterministic gate that allows for more confidence when working with AI.

The boundary also needs to hold if the agent is compromised. Proxying keys is the right instinct. We took the same approach at the action layer: cryptographic warrants scoped to the task, delegation-aware, verified at the MCP tool boundary before execution. Open source core. https://github.com/tenuo-ai/tenuo

This resonates. The pattern I keep seeing is that the best AI tooling right now is about constraining the agent, not giving it more freedom. MCP gives you a clean boundary between what the AI decides and what the system executes deterministically. I use MCP servers with Claude Code and the biggest win is exactly what you described, the AI handles the creative problem solving but the actual actions go through predictable, auditable paths.