Principle II: Interoperability & Security
Source:
.specify/memory/constitution.md
Overview
Enterprise agents must be interoperable, secure by design, and integrate with enterprise tools through standardized protocols. Without standardized, secure integration patterns, organizations face expanded attack surfaces, prompt injection vulnerabilities, and compliance risks.
The Model Context Protocol (MCP) provides auditable, governed integration while security-by-design ensures agents meet enterprise security requirements from inception.
Non-Negotiable Rules
| Rule | Description |
|---|---|
| MCP Standard | All tool, resource, and prompt integrations use MCP |
| OAuth Identity | Unique identities with OAuth-based authentication and authorization |
| Least Privilege | Tools are least-privilege with typed schemas |
| Sandboxing | Lightweight virtualization and network controls for all agent execution |
| MCP Gateway | Centralized policy enforcement, rate limiting, and security controls |
| RBAC Enforcement | Data access respects enterprise RBAC and data sovereignty |
Security Architecture
Enterprise Feature
MCP server configurations, OAuth integration patterns, security control definitions, and checkpoint evidence requirements are available to enterprise consumers. Contact us for access.
Related Agents
- security-compliance-engineer — Primary agent for security implementation
- meta-engineering-expert — MCP integration governance