Three additions that make bcli a better deterministic substrate for AI
agents driving it over MCP, without bcli becoming an agent runtime
itself.

Structured --dry-run output. bcli post / patch / delete / attach upload
now emit a stable JSON envelope on stdout when -f json / ndjson / raw
is selected — dry_run, method, endpoint, resolved_url, profile,
environment, company_id, body, and record_id (when applicable). Agents
can show users exactly what would happen before approving a real call.
The human format keeps the rich panel on stderr but is now augmented
with the resolved URL and profile context.

Opt-in audit log. A new [audit] config section persists every CLI
write to a per-profile JSONL file. Each entry captures the resolved
URL, response status, BC correlation_id, latency, redacted request
body, and outcome (completed / failed / dry_run). Single-backup
rotation bounds disk usage. Off by default; the SDK does not auto-emit.

Endpoint caution flag. EndpointMetadata.caution (low / medium / high)
is now populated automatically by importers via a verb-name heuristic
— entities containing post / release / cancel / void / reverse /
apply / unapply are flagged high so agents can require explicit user
confirmation before mutating posted/closed records. Surfaced in
'bcli endpoint info' and the list_endpoints MCP tool.

Plus three new AGENTS.md recipes for dry-run-first writes, caution
interpretation, and audit-log location. See CHANGELOG.md for full
detail. Install via 'pip install --upgrade bc-cli' or
'uv tool install --upgrade bc-cli'.