MCP needs an approval button
MCP is cool but it needs a verified human in the loop approval button. Here's what I mean in a picture.
The reason this is important is because there must be a cryptographically verified way for the server to guarantee that it showed you the payload and that you the human have approved it.
If the MCP is set up in such a way that the specific method is gated behind human, there is no way for the agent to make changes on your behalf no matter how hard it tries.
Examples of what can be achieved
- transactions like purchasing flight tickets
- irreversible changes to a system like say deleting some folder
- destroying an DynamoDb table
- approving a Github PR