{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig6fawwr44m2sxenqrnqac5fwxozjaxinhlhczs6soqy2nczyhz3q",
    "uri": "at://did:plc:chkrm663c45x2s5jupaqxvs3/app.bsky.feed.post/3miustkioc3u2"
  },
  "path": "/mcp-governance-token-sprawl/",
  "publishedAt": "2026-04-06T00:00:00.000Z",
  "site": "https://avelino.run",
  "textContent": "My team adopted MCP fast. I encouraged it — the productivity gains were real and visible. Engineers connecting Sentry, Slack, Grafana, GitHub directly into their workflow, no friction. The kind of thing you want to happen organically.\n\nThen one day I asked a simple question: who has a Sentry token? Who has Slack? Grafana?\n\nThe answer was: everyone. Each engineer had generated their own. No inventory. No rotation policy. No single revocation point. We had traded operational security for developer experience — and nobody had made that trade explicitly. It just happened, one `mcp add` at a time.",
  "title": "The governance problem MCP created without asking"
}