🚀 mcp-chat: Add Optional User Approval Before MCP Tool Execution #8383
Description
Workspace
mcp-chat
🔖 Feature description
Add an optional approval mechanism in the MCP Chat UI that asks the user for permission before executing a tool. When enabled, the UI should display a confirmation component whenever the system intends to run a tool. The tool will only execute if the user explicitly approves the action.
This behavior should be configurable by administrators. For example:
mcpChat:
requestApproval: true
If requestApproval is enabled, the UI prompts the user before executing any tool. If the user declines, the tool is not executed. If the option is disabled, the current behavior remains unchanged and tools run automatically.
🎤 Context
MCP tools can interact with infrastructure or perform actions on external systems (e.g., querying Kubernetes resources, modifying infrastructure state, etc.). Automatically executing these tools without user awareness may not always be desirable, especially in environments where safety, transparency, or user control is important.
Introducing an approval step provides several benefits:
- Improves transparency by showing users when a tool is about to run
- Adds an extra safety layer before executing potentially impactful operations
- Gives users more control over actions triggered by the assistant
- Aligns better with security expectations in enterprise environments
✌️ Possible Implementation
Introduce a configuration flag to enable or disable the approval flow:
mcpChat:
requestApproval: true
When this option is enabled, the MCP Chat UI intercepts tool execution requests and displays an approval dialog containing information such as:
- Tool name
- MCP server name
- Parameters being passed to the tool
The user can then approve or reject the execution.
As an enhancement, the system could support automatic approval for certain tools in two ways:
- Admin-configured auto approval
Administrators can define tools that should bypass the approval dialog:
mcpChat:
mcpServers:
- id: kubernetes-server
name: Kubernetes Server
npxCommand: 'kubernetes-mcp-server@latest'
env:
KUBECONFIG: ${KUBECONFIG}
autoApprove:
- 'pods_get'
Tools listed under autoApprove would execute without prompting the user.
- User-defined persistent approval
The approval dialog could include an option such as “Always allow this tool”, allowing users to persist their choice for future executions of the same tool.
Something similar is already done by code agents such as Kiro:
👀 Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
Yes I am willing to submit a PR!