Data boundary
Retrieved, embedded, and logged data
Which documents, records, prompts, embeddings, logs, traces, and evaluation data can be used by the AI workflow, and where are they allowed to live?
Retrieval design
Knowledge Bases, vector stores, search, and ranking
Will the system use Bedrock Knowledge Bases, a custom vector store, search APIs, or a hybrid approach? How will permissions, freshness, citations, and source ranking be handled?
Tool boundary
Explicit, limited, and reversible actions
Which actions are read-only, which require approval, and which should never be delegated to an agent? MCP should make tool access explicit, limited, logged, and reversible.
Production controls
Quality, cost, latency, and auditability
What will be measured before launch: answer quality, retrieval accuracy, tool-call accuracy, cost per answer, latency, safe refusal, auditability, and rollback?
Canadian Region and privacy review
Region and privacy by workflow
Decide whether prompts, retrieved context, embeddings, logs, traces, backups, and evaluation data need to stay in a Canadian AWS Region, and whether cross-Region inference is acceptable for the workflow.