Author here. I've been working on action-level governance for AI agents, the main problem is that safety frameworks today operate on intent and content, but supply chain attacks make the action itself indistinguishable from normal behavior. npm install axios is the same command whether the package is clean or compromised. We built an open trust registry that agents can query before executing dependency actions. The MCP server means any Claude Code or Cursor user gets coverage with a config change. Happy to discuss the architecture or the underlying research (CRAG) - links in the piece.