Enforces authorize-before-execute for any MCP-compatible AI agent. Exposes atlasent_evaluate and atlasent_verify_permit tools so a protected tool call only runs after AtlaSent issues and verifies a signed, single-use permit — fail-closed on any error, timeout, or malformed response.