FinalApproval

MCP server

One endpoint. Every agent.Human in the loop.

Point your Claude Code, Cursor, Codex, or custom MCP client at https://www.finalapproval.ai/mcp. Four tools, OAuth 2.1 sign-in, no API keys to juggle. A single human-approval surface across every runtime your team uses.

Start free
cursor://mcp/finalapproval

mcp server · finalapproval

Connected

authorized
// agent.ts — deploy behind a human decision
const { approval_id } = await mcp.call("submit_approval", {
  channel_id: "c9f1…",
  agent_id: "deploy-bot",
  title: "Deploy web@1.8.2 to production",
  body: "<p>5 commits · schema-compatible</p>",
});

const { status } = await mcp.call("wait_for_resolution", {
  approval_id,
});

if (status !== "approved") process.exit(1);
await run("./scripts/deploy.sh");

One tool per moment

Submit, wait, list, inspect. Nothing else.

Most MCP servers leak a sprawling surface — twenty tools, half of them wrappers. FinalApproval exposes four: the ones you need to gate an action behind a human decision. That's the whole protocol surface.

  • submit_approval — create a pending approval with an HTML body
  • wait_for_resolution — block until the human approves or denies
  • list_pending — queue view, scoped to the authenticated org
  • get_approval — fetch a single approval's full state
tools · 4 total

submit_approval

create a pending approval

wait_for_resolution

block until decided

list_pending

queue view, org-scoped

get_approval

full approval state

OAuth 2.1, dynamic client registration

Sign in once, tool calls stay authorized.

MCP clients discover us, register themselves via RFC 7591, bounce the user through a consent page, and get a bearer token. No per-agent API key to rotate, no shared secret in a dotfile. Tokens map to your workspace identity.

  • Automatic discovery via /.well-known/oauth-authorization-server
  • Dynamic client registration — any MCP client can onboard itself
  • Consent page shows exactly which scopes the client is asking for
  • Revoke access from your FinalApproval account settings any time
oauth handshake
1

Discover

GET /.well-known/oauth-authorization-server

2

Register

POST /oauth2/register · RFC 7591

3

Consent

User allows approvals:write

4

Token

Bearer · exp 1h · refresh enabled

SSE-backed waiting

wait_for_resolution blocks for the human, not the network.

The tool holds the connection open, keeps it alive through TCP idle drops with progress pings, and returns the moment your reviewer clicks. If a human takes longer than ten minutes — the MCP client re-invokes automatically.

  • Streamable HTTP transport with SSE — the spec-current default
  • Progress pings every 15s keep the stream warm across proxies
  • 10-minute server-side cap with clean re-invocation semantics
  • No polling loop to write in your agent code
wait_for_resolution
00:00 · connected
00:15 · progress: waiting for human decision
00:30 · progress: waiting for human decision
01:47 · approved by patrick@example.com

Cross-runtime parity

Claude Code, Cursor, Codex — same endpoint, same tools.

An MCP server is one artifact that ships to every runtime at once. Write your agent in whichever tool you prefer; approvals land in the same FinalApproval workspace and appear to the same human reviewer.

  • Works with every MCP-aware client — today and in the future
  • Same scopes, same permissions, same audit trail across tools
  • No per-tool integration to maintain
runtimes
Claude Codelive
Cursorlive
Codexlive
Custom agentany sdk

Four tools. Every runtime. One human gate.

Install the MCP server in whatever agent tool you use. Approve from your phone.

Start free See how it works