(no title)

curious about one gap though: how does pipelock handle agents that spawn other agents? in multi-agent setups, agent A might schedule agent B through a cron job, task queue, or even just writing a shell script that runs later. the integrity monitor catches file changes, but by the time you detect the new script, the spawned agent might already be running with inherited env vars and no proxy in front of it.

do you see the MCP proxy as the answer there — wrapping every possible execution path — or is there a different approach for controlling the blast radius of agent chains?