| Primary purpose | Security preflight and production approval for agent tool use. | Tool aggregation, routing, auth mediation, and operational access control. |
| Manifest review | Classifies dangerous verbs, sensitive data paths, external sinks, and approval boundaries. | May list, proxy, or restrict tools but does not necessarily score risk. |
| Tool-chain risk | Detects combinations such as database read to public Slack post or filesystem secrets to external webhook. | Usually evaluates tools individually at request or routing time. |
| Payment awareness | Checks x402 price, recipient, network, budget, receipt support, and settlement evidence. | Often not payment-aware unless custom logic is added. |
| Receipt output | Issues signed preflight receipts and evidence hashes. | Usually emits logs, traces, or gateway access records. |
| Best fit | Security teams asking whether an agent/tool/workflow can go to production. | Platform teams standardizing how agents connect to MCP servers. |