MCP's safety design is intentionally minimal on the protocol layer and intentionally potent in the host layer. The protocol isn't going to implement permissions; it offers the surface for your host to enforce permissions on. Exposing excessive. A server that wraps an inside API and exposes each individual endpoint as a Instrument creates a Instr