Describe the feature or problem you’d like to solve

Currently, the MCP Server groups tools into "read-only" and "write" categories, prompting for confirmation only on write actions. This global behavior is efficient but lacks flexibility—confirmation prompts are either enabled for all write actions or none at all. This means risky operations (e.g., deleting branches) and routine ones (e.g., creating files) are treated the same, which can be impractical in environments with mixed risk profiles.

Proposed solution

Introduce a configuration option that allows per-tool confirmation settings for write actions. For example:

{
  "confirmForWriteActions": {
    "delete_branch": true,
    "create_file": false,
    "open_pr": false
  }
}

With this, confirmation prompts could be enforced only for high-risk actions (like deleting branches) and not for low-risk ones (like creating or updating files). This would make MCP Server safer and more usable, allowing teams to fine-tune their workflows and security settings.

Example prompts or workflows (for tools/toolsets only)

• Prompt confirmation only when deleting a branch
• Skip confirmation for creating or updating files
• Always confirm for destructive actions, but not for routine ones
• Allow teams to customize confirmation needs per tool/action
• Example config enables confirmation for only selected write actions

Additional context

This builds on the existing design (as of v0.9.1) and would help organizations better balance safety and efficiency. See related discussions on usability and risk management in the MCP Server repo.