RFC: How should AgentShield integrate with MCP (Model Context Protocol)?

[hidearmoon]

MCP is becoming the de facto standard for connecting AI models to tools. We want to add AgentShield support for MCP servers (tracked in #2), and we'd love community input on the best approach.

Two options on the table

Option A: MCP Proxy Server

A standalone AgentShield-powered MCP server that proxies requests to the real MCP server:

MCP Client → AgentShield MCP Proxy → Real MCP Server

Pros: Zero changes to existing MCP servers. Works with any MCP server out of the box.
Cons: Extra hop. Need to handle both stdio and HTTP transports.

Option B: MCP Server Middleware

A decorator/wrapper that MCP server authors apply to their tool handlers:

@server.tool()
@shield.guard
async def execute_query(query: str) -> str:
    ...

Pros: Minimal latency. Tight integration.
Cons: Requires MCP server code changes. Each server needs to opt in.

Questions for the community

1. Which approach would you actually use in production?
2. Should we support both and let users choose?
3. Are there MCP-specific trust signals we should capture (e.g., which client is calling, transport type)?
4. How should REQUIRE_CONFIRMATION decisions surface in MCP (there's no built-in UI channel)?

Would love to hear from anyone building MCP servers or using MCP in production.