GetMCP: Zero Trust for AI agents

Just shipped v0.1.0 of something I've been building. Sharing because I haven't seen anyone solve this end-to-end as a self-hostable thing. The problem. AI agents (Claude, ChatGPT, Cursor, in-house bots) are starting to make real calls into production APIs. Most companies are handing them a single long-lived API key and praying. There's no per-request audit, no per-agent revocation, no policy layer, no human-in-the-loop for sensitive mutations. What GetMCP does: \- Generates two MCP servers from any OpenAPI spec: Internal (full surface) and External (scoped/customer-safe). LLM-classified, human-overridable per endpoint. \- Runs as a streaming proxy in front of them : auth, agent identity (revocable in 5s), 5 rule types (allowlist / block / audit / rate-limit / Slack approval). \- Tamper-evident audit log, every call writes one row to a per-org sha256 hash chain. GET /audit/verify walks it end-to-end. Property-tested with 200 random inserts + 50 random tampers, all detected. \- Slack approvals with HMAC-signed callbacks and an idempotent state machine. Stack: NestJS + Postgres + React. Apache 2.0. Single bash command to bootstrap (./deploy/scripts/bootstrap.sh) generates secrets, brings up Postgres + API + dashboard, seeds a demo org. Helm chart included for k8s. No telemetry, no phone-home, no license server. Looking for honest feedback especially from anyone who's tried to safely expose APIs to AI agents in their homelab or at work. What did I miss? Where's the ergonomics broken? PRs welcome.