Don't Let AI Agents Improvise Against Production GraphQL

AI agents should not be given open-ended access to production GraphQL graphs due to governance and security risks, such as exposing unintended fields and executing unreviewed operations. In development, an open-world setup allows agents to explore and discover useful queries, but in production, it is crucial to restrict them to a safelist of named, reviewed operations. This approach prevents the creation of ungoverned "shadow MCP" servers and minimizes API sprawl by ensuring agents execute only pre-approved operations via the Cosmo Router MCP Gateway. The transition from development to production involves converting discovered behavior into reviewed software artifacts, which are then exposed as tools for agents. This closed-world model ensures a manageable and auditable interface between agents and the graph, supporting operational controls like rate limits and anomaly detection.