Finance-bot MCP fleet
Each bot calls a different MCP tool. Each tool has its own Guardian. Each session has its own economic ceiling.
What it does
- Bot A processes refunds via
stripe.create_refund. - Bot B drafts invoice reviews and routes anomalies to humans.
- Bot C runs monthly variance analysis against the data warehouse.
All three live behind the same Trinitite control plane and share the same identity model and ledger.
Where Trinitite plugs in
| Surface | What governs it |
|---|---|
| Each bot's own LLM call | A bot-specific Guardian (e.g. refund-tone-and-policy). |
| Each MCP tool call | A per-tool specialist Guardian — stripe-create-refund-guardian, invoice-readonly-guardian, warehouse-readonly-guardian. |
| Per-bot dollar ceiling | L3 economic session breaker — see Governance Controls. |
| Per-bot tool retry budget | L5 EX-2.7 retry limiter. |
| Cross-bot rate-limit | Tenant-wide rate limit at the proxy edge. |
| Audit | Per-bot NHI + per-call ledger receipt = full attribution from the dollar amount back to the prompt. |
Concrete failure modes governed
- Suspiciously huge refund amounts — caught by the schema-aware refund Guardian.
- Cross-tenant data egress in the warehouse query — caught at the post-call Guardian phase.
- Runaway refund loop — L3 trips the economic session breaker before the next refund executes.
What's next
→ MCP Gateway — per-tool specialist Guardian architecture.
→ Governance Controls — L0-L6 hierarchy.
→ Cookbook: MCP tool call — wire one Guardian to one tool.