Engineering notes on AI-generated agent PR review, capability-level merge verdicts, and the decisions behind agents-shipgate.https://threemoonslab.com/en-ushttps://threemoonslab.com/blog/mcp-tool-security-review/https://threemoonslab.com/blog/mcp-tool-security-review/Reviewing MCP tool surfaces before agents can call them. Wildcard exposure, scope creep, missing approval policies, schema strictness — what good and bad look like.Mon, 25 May 2026 00:00:00 GMTmcpsecurityrelease-readinesstutorialThree Moons Labhttps://threemoonslab.com/blog/ai-agent-deployment-checklist/https://threemoonslab.com/blog/ai-agent-deployment-checklist/An 18-item pre-flight for shipping AI agents to staging or production. Covers inventory, schemas, scopes, approvals, side effects, idempotency, and blast radius.Mon, 25 May 2026 00:00:00 GMTrelease-readinessdeployment-checklisttutorialplatform-engineeringThree Moons Labhttps://threemoonslab.com/blog/ai-agent-ci-cd-pipeline/https://threemoonslab.com/blog/ai-agent-ci-cd-pipeline/Adding agents-shipgate to your GitHub Actions workflow in four stages: advisory mode, baseline, strict mode, governance. Real YAML for each step.Mon, 25 May 2026 00:00:00 GMTci-cdgithub-actionsrelease-readinesstutorialplatform-engineeringThree Moons Labhttps://threemoonslab.com/blog/healthcare-for-agents/https://threemoonslab.com/blog/healthcare-for-agents/Why tool-using AI agents need care across their lifecycle, not just an eval at release — and the discipline we are early in building to provide it.Sun, 17 May 2026 00:00:00 GMTthesishealthcare-for-agentsagent-lifecycle-readinessagent-governancephilosophyThree Moons Labhttps://threemoonslab.com/blog/from-cicd-to-agent-release-readiness/https://threemoonslab.com/blog/from-cicd-to-agent-release-readiness/CI/CD made code releases safe. Agent releases need an analogous shift — tool surface, scopes, and policies become release artifacts the same way code did.Mon, 27 Apr 2026 00:00:00 GMTrelease-readinessinfrastructurecategoryThree Moons Labhttps://threemoonslab.com/blog/agents-shipgate-vs-runtime-guardrails/https://threemoonslab.com/blog/agents-shipgate-vs-runtime-guardrails/Runtime guardrails enforce policy at call time. agents-shipgate enforces it at PR time. Both are necessary; neither replaces the other.Mon, 27 Apr 2026 00:00:00 GMTrelease-readinessguardrailsinfrastructureThree Moons Labhttps://threemoonslab.com/blog/mcp-tool-surfaces-need-release-review/https://threemoonslab.com/blog/mcp-tool-surfaces-need-release-review/MCP makes it trivial to expose dozens of tools to an agent. The exported tool surface is a release artifact — review wildcards, scopes, and undocumented actions before promotion.Mon, 27 Apr 2026 00:00:00 GMTmcptool-userelease-readinessThree Moons Labhttps://threemoonslab.com/blog/agents-shipgate-github-action-quickstart/https://threemoonslab.com/blog/agents-shipgate-github-action-quickstart/Drop a workflow into .github/workflows/, set advisory mode, and every PR gets a structured tool-surface review with severity counts and finding evidence.Mon, 27 Apr 2026 00:00:00 GMTtutorialgithub-actionsci-cdrelease-readinessThree Moons Labhttps://threemoonslab.com/blog/anthropic-claude-tool-use-release-gate/https://threemoonslab.com/blog/anthropic-claude-tool-use-release-gate/Anthropic's Messages API tool surface lives in a JSON tools array plus a system prompt. agents-shipgate scans both and produces release-readiness findings on every PR.Mon, 27 Apr 2026 00:00:00 GMTanthropicclaudetool-usetutorialrelease-readinessThree Moons Labhttps://threemoonslab.com/blog/openai-agents-sdk-release-gate/https://threemoonslab.com/blog/openai-agents-sdk-release-gate/If your agent is built with @function_tool decorators, agents-shipgate reads the source statically (no import) and produces release-readiness findings on every PR.Mon, 27 Apr 2026 00:00:00 GMTopenai-agents-sdktutorialrelease-readinessThree Moons Labhttps://threemoonslab.com/blog/tool-surface-release-gate/https://threemoonslab.com/blog/tool-surface-release-gate/Tools are release artifacts. Evals are not release gates. Once an agent can refund, email, or deploy, the tool surface itself needs a deterministic check before promotion.Mon, 27 Apr 2026 00:00:00 GMTagentsrelease-readinesstool-useinfrastructureThree Moons Labhttps://threemoonslab.com/blog/walking-a-release-readiness-report/https://threemoonslab.com/blog/walking-a-release-readiness-report/A real agents-shipgate report on a real Anthropic-published agent. Thirteen findings — what each one means and the manifest change that resolves it.Mon, 27 Apr 2026 00:00:00 GMTrelease-readinesstutorialexamplesThree Moons Labhttps://threemoonslab.com/blog/what-is-tool-use-readiness/https://threemoonslab.com/blog/what-is-tool-use-readiness/Tool-use readiness is the static check that an agent's tool surface can ship: inventory, schema, auth, approval, side effects, idempotency, blast radius.Mon, 27 Apr 2026 00:00:00 GMTrelease-readinessplatform-engineeringtool-useThree Moons Labhttps://threemoonslab.com/blog/why-evals-are-not-release-gates/https://threemoonslab.com/blog/why-evals-are-not-release-gates/Evals validate behavior on inputs you wrote. They don't answer the release question for a tool-using agent. Here's what each is for, and why conflating them ships bugs.Mon, 27 Apr 2026 00:00:00 GMTevalsrelease-readinessllmThree Moons Lab