Case Study
Vatsal Shah
Vatsal Shah Published on June 18, 2026 Strategy Lead

How a Global Logistics Operator Connected 14 Internal Systems to Governed AI Agents via Private MCP

STRATEGIC OVERVIEW

Client Context & The Integration Deadlock The client runs hub-and-spoke distribution across North America, Western Europe, and Southeast Asia.

Client Context & The Integration Deadlock

The client runs hub-and-spoke distribution across North America, Western Europe, and Southeast Asia. SAP S/4HANA anchors orders and finance; a custom WMS handles high-velocity lanes; TMS tracks carrier events; ServiceNow-class ITSM manages exceptions. Dispatch supervisors touched six to eleven screens per stuck shipment.

Early copilots drafted emails but could not resolve exceptions—no governed tool execution existed. Inbound MCP proposals (public HTTPS into the DMZ) were rejected twice for lateral movement and weak audit attribution.

💡 Insight

Citation anchor: In regulated logistics, the blocker is rarely model quality—it is provable containment. Auditors ask whether an agent can exfiltrate shipment data or write under another user's identity. Without outbound tunnels, per-tool schemas, and HITL on writes, architecture review stops the program.

Private MCP mesh banner
Cinematic banner for the private MCP mesh program—outbound-only agent connectivity across logistics core systems.

Why Inbound MCP Exposure Failed Security Review

Security's red-team surfaced three show-stoppers familiar to AI agent ERP integration programs:

DimensionInbound MCP (Rejected)Outbound Private MCP Tunnel (Selected)
Firewall postureNew inbound allow rules per environmentEgress-only from MCP zone
Blast radiusDMZ compromise may pivot to internal APIsBroker enforces schema + OIDC per call
Audit attributionShared service account in logsPer-session agent JWT + supervisor HITL
Time to sign-offEst. 9–14 weeksPilot approved in 4 weeks

Target Architecture: Private MCP Mesh

The mesh has four planes:

  1. Orchestration — plans multi-step workflows, selects tools, enforces budgets.
  2. Tunnel — outbound SSE from enterprise MCP broker to orchestrator; no inbound initiation.
  3. Tool — on-prem MCP servers wrapping SAP OData, WMS REST, TMS events, ITSM tickets.
  4. Governance — OIDC for humans, machine identities for agents, immutable audit, HITL console for writes.

MCP mesh architecture overview
End-to-end private MCP mesh—orchestrator, outbound tunnel gateway, on-prem MCP servers, and centralized audit/HITL governance.

On-prem MCP server topology
On-prem topology—per-system MCP servers, message bus for async events, and broker cluster with active-active failover.

Exception Workflow: From Stuck Shipment to Resolved Ticket

Median resolution dropped from 4.2 hours to 38 minutes on 2,400 pilot exceptions.

Exception resolution workflow
Exception resolution workflow—TMS delay trigger, agent plan, read tools across ERP/WMS, HITL approval, audit close.

Trigger: TMS publishes SHIPMENT_DELAYED to Kafka with order ID and lane.

Plan: Orchestrator decomposes into ERP holds, WMS pick status, ITSM search, and proposed carrier rebook.

Write tools (erp.release_credit_hold, wms.reallocate_inventory, itsm.update_ticket) require HITL approval.

Shipment exception sequence
Sequence flow—TMS event, orchestrator, tunnel broker, MCP servers, HITL gate, and audit store.

Measured Outcomes & Before/After

MetricBeforeAfter (Pilot)
Median exception resolution4.2 hours38 minutes
Manual copy-paste hours / month~1,200~310
Systems connected via governed tools014
Critical policy violations (pilot window)0

Governance and audit dashboard
HITL console and audit trail—supervisor approval before any write tool executes.

Lessons for Platform & Engineering Leaders

  • Treat enterprise MCP integration as outbound tunnel architecture, not "expose APIs to Claude."
  • Version tool manifests in Git; security signs off on manifest diffs, not weekly firewall tickets.
  • Bind agent identity → tool allow-list → prompt hash at the gateway to kill confused-deputy risk.
  • Ship a two-week shadow study before broker code—swivel-chair tax quantifies ROI better than model benchmarks.

Frequently Asked Questions

How long did the pilot take?

Ninety days for scoped tools across two hubs, plus six weeks for broker hardening and HITL console UAT.

Did you use inbound MCP at all?

No public MCP endpoints. All connectivity is outbound-initiated from the enterprise MCP zone.

What orchestrator was used?

Hybrid Azure zone with vendor-neutral MCP manifests post-AAIF—details anonymized; pattern applies to any MCP-compliant host.

Agent Control Plane

Command Center
System Healthy
VS

⚡ Active Agents
3
▲ All running
📋 Tasks Today
247
▲ 99.2% accuracy
💰 Cost / Task
$0.04
▼ 18% vs last wk
🔁 Corrections
8
Self-healed
⏱ Avg Latency
1.4s
P99: 3.1s
Live Agent Fleet
Real-time status of all orchestrated agents
AgentRoleCurrent TaskStatusTasks DoneError Rate
Researcher-01ResearcherContract clause extraction #247Running980.8%
Auditor-01AuditorCompliance cross-check #246Running940.5%
Writer-01WriterLegal summary generation #245Running551.1%
Researcher-02ResearcherIdle420.0%
SupervisorOrchestratorRouting #247-249Orchestrating2470.2%
System Health
LangGraph DAG
98%
Pinecone Memory
76%
Tool Proxy API
100%
FastAPI Gateway
99.9% uptime

Agent Registry
Registered Agents
NameRoleModelToolsMemoryStatus
Researcher-01ResearcherGPT-4oPineconeSearch, DocParserLong+ShortActive
Auditor-01AuditorClaude 3.5 SonnetComplianceDB, RegCheckLong+ShortActive
Writer-01WriterGPT-4oDocGenerate, TemplateShort onlyActive
Researcher-02ResearcherGPT-4oPineconeSearch, WebSearchLong+ShortIdle
SupervisorOrchestratorGPT-4o (Router)AllAgentBusSessionOrchestrating

Task Queue
Task IDTypePriorityAssigned ToQueuedStatus
#T-248Clause ExtractionP1Researcher-010m agoProcessing
#T-249Compliance CheckP2Auditor-011m agoProcessing
#T-250Legal SummaryP3Unassigned2m agoQueued
#T-251Risk AssessmentP2Unassigned3m agoQueued
#T-252Entity ExtractionP3Researcher-024m agoPending
#T-253Doc GenerationP3Writer-015m agoPending

Active Run: Task #T-248
Running
LangGraph DAG Progress
09:14:22
Supervisor received task #T-248
09:14:23
Researcher-01 assigned
09:14:24
Pinecone semantic search (42 docs)
Auditor-01 cross-check
Writer-01 synthesize output
Supervisor validate & return
Task Type
Clause Extraction
Input Docs
3 PDF contracts (18 pages)
Active Agent
Researcher-01
Elapsed
1.4s
Tokens Used
1,847
Live Output Stream
[09:14:22] Supervisor → route to Researcher-01
[09:14:23] Researcher-01 initialized, tools: PineconeSearch
[09:14:24] PineconeSearch query: "indemnification clause"
[09:14:24] Retrieved 7 relevant chunks (avg score 0.91)
[09:14:24] Extracting clause boundaries…

Agent Inspector
Agent Profile
Active
Model
GPT-4o (2024-11)
Role
Document Researcher
Memory
Long-term + Short-term
Tools
PineconeSearch, DocParser, WebSearch
Context Window
28,400 / 128,000 tokens
Task Success
99.2%
Memory Usage
Long-term
2,847 vectors
Short-term
12 entries
Last 5 Actions
09:14:24
PineconeSearch("indemnification clause") → 7 results
09:11:18
DocParser(contract_247.pdf) → 6 pages parsed
09:08:45
PineconeSearch("liability cap") → 4 results
09:05:31
Corrective loop triggered (low confidence)
09:02:10
Task #T-245 completed → handed to Writer-01

Memory Explorer
Vector Store Results
2,847 vectors indexed
Vector IDAgentContent SnippetSimilarityStoredNamespace
v-89a3Researcher-01"Indemnification clause: Licensor shall defend…"0.972h agolong-term
v-76c1Researcher-01"Limitation of liability not to exceed 12 months…"0.943h agolong-term
v-55f2Auditor-01"GDPR Art.28 processor agreement required for…"0.915h agolong-term
v-34d8Researcher-01"Force majeure events include: pandemic, natural…"0.886h agolong-term
v-12b9Auditor-01"SOC 2 Type II audit evidence submitted Q3…"0.851d agolong-term

Tool Proxy Log
Total Calls
1,284
Today
Success Rate
99.1%
▲ 0.3%
Avg Latency
180ms
P99: 820ms
Hallucinations
0
100% elimination
TimeAgentToolInputLatencyStatus
09:14:24Researcher-01PineconeSearch"indemnification clause"142msOK
09:14:22SupervisorAgentBusroute(task_248,researcher_01)8msOK
09:11:18Researcher-01DocParsercontract_247.pdf1240msOK
09:08:45Researcher-01PineconeSearch"liability cap"138msOK
09:05:31Auditor-01ComplianceDBcheck_regulation(GDPR,Art28)298msOK
09:02:10Writer-01DocGeneratetemplate=legal_summary520msOK

Policy & Guardrails
Corrective Loop Settings
Confidence Threshold
0.85
Max Correction Iterations
Fallback Model
Output Validation Rules
Tool Call Allowlist
ToolAgentsRate LimitEnabled
PineconeSearchResearcher100/min
DocParserResearcher20/min
ComplianceDBAuditor50/min
DocGenerateWriter30/min
WebSearchResearcher10/min

Immutable Audit Log
TimestampEventAgentTask IDDetailsHash
09:14:24TOOL_CALLResearcher-01#T-248PineconeSearch executeda8f3b...
09:14:22TASK_STARTSupervisor#T-248Task dispatchedc2e9d...
09:08:12TASK_COMPLETEWriter-01#T-247Output generated 2,100 tokensf7a1c...
09:05:31CORRECTIONResearcher-01#T-246Low confidence, retry #13b8e2...
09:02:10TASK_COMPLETEWriter-01#T-245Legal summary deliveredd9f4a...
09:00:01AGENT_INITAllSystem startup1a7b3...

Analytics & Performance
✅ Task Accuracy
99.2%
▲ 0.4% vs baseline
🔁 Hallucinations
0%
100% eliminated
🏃 Tasks/Hour
28
▲ 85% reduction in manual
💸 Cost/Task
$0.04
▼ 22% vs month ago
⚠ Corrections
8
3.2% correction rate
Task Accuracy by Agent
Researcher-0199.2%
Auditor-0199.5%
Writer-0198.9%
Supervisor99.8%
Task Volume (Last 7 Days)
Mon
204
Tue
228
Wed
190
Thu
247
Fri
169
Sat
105
Sun
94

V
Vatsal Shah LinkedIn

Independent AI & Technology Consultant

Vatsal Shah is an enterprise AI strategy and digital transformation consultant based in India, working with teams across India, APAC, Europe, and North America. 20+ years helping enterprises and mid-market operators with AI readiness, operating model design, and technology leadership — you work with me directly.

Credentials focus: enterprise AI strategy, digital transformation, agentic systems, and board-level technology briefings. Full bio → · Proof library →

Book a Free Call →

Want to work together on business transformation?

Visit my personal hub for advisory scope, or connect on LinkedIn. Every engagement is principal-led with measurable outcomes.

Visit Shah Vatsal Connect on LinkedIn Book intro call
Book intro