OVER-SERVE auditor: assert the tools a server actually exposes are a SUBSET of the declared reachable surface. Any served tool NOT in the surface is a WIDENING — the contract is no longer the source of truth for authz reach.
OVER-SERVE auditor: assert the tools a server actually exposes are a SUBSET of the declared reachable surface. Any served tool NOT in the surface is a WIDENING — the contract is no longer the source of truth for authz reach.