Where the workflow shifted
The MCP authorization specification puts authorization at the transport layer for HTTP-based servers, which matters when agents reach restricted resources.
Separate repositories, tickets, CRM, payment systems, cloud resources, and production environments into different authorization scopes.
Tool names are not outcomes
The signal matters when it changes how a team ships, reviews, or recovers work, not when it only names another tool.
Check permissions and failure
- List resources the agent may access, token scopes, expiration rules, resource indicators, and audit logs
- Keep the test narrow: one low-risk task or tool entry before connecting permissions, logs, failure handling, and human takeover to production
What still needs proof
Overbroad remote-tool permissions can turn one coding task into a data, account, or production risk. Keep the original source open so the announcement, the evidence, and this site's interpretation stay separate.