Agent identity & gateway controls — runtime security & MCP hardening

Claude/OpenAI tunnels, LiteLLM JWT, Scalekit IAM, ClawArmor RBAC/audit, Trust3 containment. Zero Trust MCP token exchange and credential isolation patterns; Microsoft RAMPART safety CI tests. New: Detectify MCP server adds security testing automation; 5-Tool Stack checklist for agent security basics.