[Feature] MCP Approvals

[strtdusty]

Problem Description
Chatbox currently calls MCP tools automatically with no opportunity for the end user to approve or deny each call. Some MCP tools have side effects (modify infrastructure, delete data, perform billing actions, etc.), and an LLM may decide to invoke them when it shouldn’t. The lack of an optional user-approval step makes the integration risky for shared, production, or sensitive environments and reduces user trust in the tool.

Proposed Solution
Opt-in controls:
Global toggle (off by default) to require approval before any MCP call.
Per-provider and per-tool toggle in the MCP configuration UI so users can require approval for just the tools that are potentially destructive.
Approval UX:
When the LLM requests a tool call that requires approval, show a modal or inline prompt that displays: tool name, provider name, the exact call payload (method/endpoint and parameters), a short summary of the intended action, and potential risks/impact.
Provide buttons: Approve (for this call), Approve and remember for this session, Always approve for this tool/provider, Deny, and Deny and remember.
Include an “explain why this call is being requested” toggle that shows the LLM’s reasoning for transparency.
Developer/customization hooks:
Allow MCP adapters to provide a short human-readable description of what each tool does and a risk level (e.g., read-only, non-destructive write, destructive) to display in the approval UI.

Additional Context
Please provide any additional context or information that would help better understanding your feature request, such as screenshots, examples, or use cases.

---

问题描述
请描述您遇到的问题或难题，以及为什么这使得使用软件变得困难或令人沮丧。

解决思路
请提供一个清晰、简洁的描述，说明您希望看到的功能或解决方案。

附加上下文
请提供任何其他上下文或信息，以便更好地理解您的功能请求，例如截图、示例或用例。