The scanner is just one part of the codebase, good for maintaining quality in a pipeline.
There is also @makerchecker/embedded, which has runtime permission primitives you wrap around the agent's actions, so the restraints live in the app exactly like you're describing
Less whack-a-mole, more wrap the risky calls and they're bound