{"id":81432,"date":"2026-07-14T12:09:29","date_gmt":"2026-07-14T16:09:29","guid":{"rendered":"https:\/\/memberpress.com\/docs\/ai-foundation-safety-measures\/"},"modified":"2026-07-14T12:09:29","modified_gmt":"2026-07-14T16:09:29","slug":"ai-foundation-safety-measures","status":"publish","type":"ht_kb","link":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/","title":{"rendered":"Mesures de s\u00e9curit\u00e9 relatives aux agents de la plateforme MemberPress AI Foundation"},"content":{"rendered":"<p>MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before it changes data.<\/p>\n\n\n\n<p>This reference explains each measure, what it protects against, and how the MCP server enforces it. Two measures act when an AI client calls a tool: confirmation tokens and dry-run defaults. One measure governs what scope vocabulary a connection token carries: granular scopes. One measure lets an administrator halt every destructive write instantly: the kill switch.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-the-safety-layer-works\"><a href=\"#how-the-safety-layer-works\">How the Safety Layer Works<\/a><\/h2>\n\n\n\n<p>The four measures map to four distinct questions about a write operation:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Mesure<\/th><th>Nom<\/th><th>The question it answers<\/th><\/tr><\/thead><tbody><tr><td>A<\/td><td>Confirmation tokens<\/td><td>What may a token DO when a destructive tool runs?<\/td><\/tr><tr><td>B<\/td><td>Dry-run defaults<\/td><td>What mode does a write tool default to when called?<\/td><\/tr><tr><td>C<\/td><td>Granular scopes<\/td><td>What scope vocabulary does a connection token carry?<\/td><\/tr><tr><td>D<\/td><td>Kill switch<\/td><td>Can an administrator halt every destructive write at once?<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Measures A, B, and D act at tool-call time. The MCP server evaluates them inside <strong><code>Server::handle_tool_call<\/code><\/strong> on every write request. Measure C acts in two places. At tool-call time, the server matches a tool's required scope against the token's granted scopes. At token-issuance time, the default access ceiling caps what scopes a new connection receives.<\/p>\n\n\n\n<p>All four measures live in the <strong><code>MemberPressAI\\MCP<\/code><\/strong> namespace and run server-side. An AI client cannot bypass them by crafting a request differently, because enforcement happens after the request reaches the server, not in the client.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"measure-a-confirmation-tokens\"><a href=\"#measure-a-confirmation-tokens\">Measure A \u2014 Confirmation Tokens<\/a><\/h2>\n\n\n\n<p>Confirmation tokens protect destructive operations with a mandatory two-call flow. A destructive tool cannot run on a single call. The first call returns a preview plus a single-use token; the second call must include that token to execute.<\/p>\n\n\n\n<p>One narrow exemption applies: <strong>reversible actions skip the gate.<\/strong> <code>memberpress_g\u00e9rer_l'abonnement<\/code> avec <code>action : \" reprendre \"<\/code> et <code>memberpress_g\u00e9rer_compte_secondaire<\/code> avec <code>action : \" ajouter \"<\/code> undo rather than destroy, and execute without a token. A single shared allowlist drives the exemption on both the MCP endpoint and the WordPress Abilities surface, so the two gates cannot drift apart. Every other destructive call requires the token.<\/p>\n\n\n\n<p>Six tools are destructive and require this flow:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Outil<\/th><th>What it does<\/th><\/tr><\/thead><tbody><tr><td><strong><code>memberpress_delete_member<\/code><\/strong><\/td><td>Deletes a member<\/td><\/tr><tr><td><strong><code>memberpress_remboursement_transaction<\/code><\/strong><\/td><td>Refunds a transaction<\/td><\/tr><tr><td><strong><code>memberpress_delete_webhook<\/code><\/strong><\/td><td>Deletes a webhook<\/td><\/tr><tr><td><strong><code>memberpress_reset_course_progress<\/code><\/strong><\/td><td>Resets a learner's course progress<\/td><\/tr><tr><td><strong><code>memberpress_g\u00e9rer_compte_secondaire<\/code><\/strong><\/td><td>Manages a corporate sub-account<\/td><\/tr><tr><td><strong><code>memberpress_g\u00e9rer_l'abonnement<\/code><\/strong><\/td><td>Manages a subscription<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-the-two-call-flow-works\"><a href=\"#how-the-two-call-flow-works\">How the Two-Call Flow Works<\/a><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The AI client calls the destructive tool with its arguments. The server returns a preview of the effect plus a confirmation token.<\/li>\n\n\n\n<li>The AI client calls the same tool again with the same arguments plus a <strong><code>confirmer<\/code><\/strong> parameter set to the token value. The server verifies the token and executes the operation.<\/li>\n<\/ol>\n\n\n\n<p>The token carries three protections. It expires after <strong>60 seconds<\/strong> (the <strong><code>TTL<\/code><\/strong> constant in <strong><code>ConfirmationTokens<\/code><\/strong>). It is single-use \u2014 the server consumes it on the executing call. The server binds it to the exact combination of tool name, arguments, and user ID. A token issued for one operation cannot authorize a different one.<\/p>\n\n\n\n<p>The design rationale, from the development team: \u201cjust passing a boolean isn't strong enough consent for an action you can't undo.\u201d A confirmation token proves the caller saw the specific preview for the specific operation before committing to it.<\/p>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-alert\"><strong>Important :<\/strong> Destructive tools do not accept an <strong><code>ex\u00e9cuter<\/code><\/strong> parameter. The confirmation token flow is the only way to run them. Passing <strong><code>ex\u00e9cuter : true<\/code><\/strong> has no effect on a destructive tool.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"the-first-call-response\"><a href=\"#the-first-call-response\">The First-Call Response<\/a><\/h3>\n\n\n\n<p>The first call returns a preview of the effect, a single-use <strong><code>jeton_de_confirmation<\/code><\/strong>, and the token's remaining lifetime. The following is the response from a <strong><code>memberpress_remboursement_transaction<\/code><\/strong> preview call:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"preview\": {\n    \"dry_run\": true,\n    \"action\": \"refund_transaction\",\n    \"preview\": {\n      \"transaction_id\": 432,\n      \"amount\": \"100.00\",\n      \"total\": \"100.00\",\n      \"user_id\": \"<user-id>\",\n      \"product_id\": 2332,\n      \"subscription_listing_may_show_inactive\": true,\n      \"subscription_listing_note\": \"If this was the latest transaction backing the subscription, the WP admin Subscriptions list will show the subscription as \\\"Active: No\\\" \u2014 that column is derived from the latest transaction's status, not the subscription record itself. The subscription record is unchanged unless you chose to cancel the subscription as part of this refund.\"\n    }\n  },\n  \"confirmation_token\": \"ct_<token>\",\n  \"expires_in\": 60,\n  \"next_step\": \"Call memberpress_refund_transaction again with the same arguments plus confirm: \\\"ct_<token>\\\" to execute.\"\n}<\/code><\/pre>\n\n\n\n<p>The token arrives in <strong><code>jeton_de_confirmation<\/code><\/strong>. Les <strong><code>expires_in<\/code><\/strong> field gives the remaining lifetime in seconds. The <strong><code>next_step<\/code><\/strong> field states exactly how to execute. The inner <strong><code>preview.preview<\/code><\/strong> object describes the operation's effect; its fields vary by tool. The <strong><code>subscription_listing_*<\/code><\/strong> fields shown here are refund-specific \u2014 the Tools Reference and Errors documents cover refund response detail.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"when-a-token-is-invalid\"><a href=\"#when-a-token-is-invalid\">When a Token Is Invalid<\/a><\/h3>\n\n\n\n<p>A token that has expired, has already been used, or is presented with changed arguments fails with a single error. The server does not distinguish the three causes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"code\": -32603,\n  \"message\": \"Confirmation token is invalid, expired, or arguments have changed. Call the tool without `confirm` to receive a fresh preview and token.\",\n  \"data\": {\n    \"mp_error_code\": \"CONFIRMATION_INVALID\"\n  },\n  \"request_id\": \"req_<id>\"\n}<\/code><\/pre>\n\n\n\n<p>Match on <strong><code>data.mp_error_code<\/code><\/strong> (<strong><code>CONFIRMATION_INVALID<\/code><\/strong>), not the generic JSON-RPC <strong><code>-32603<\/code><\/strong> code. The recovery path is always the same: call the tool again without <strong><code>confirmer<\/code><\/strong> to receive a fresh preview and a new token.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"measure-b-dry-run-defaults\"><a href=\"#measure-b-dry-run-defaults\">Measure B \u2014 Dry-Run Defaults<\/a><\/h2>\n\n\n\n<p>Write tools default to preview. A write tool does not change data unless the caller explicitly opts in to execute. This protects against an AI client running a mutation it only intended to inspect.<\/p>\n\n\n\n<p>Write tools fall into two shapes:<\/p>\n\n\n\n<p><strong>Non-destructive writes (9 tools)<\/strong> carry an <strong><code>ex\u00e9cuter<\/code><\/strong> parameter. The tool previews by default and returns a preview payload without persisting. Passing <strong><code>ex\u00e9cuter : true<\/code><\/strong> runs the operation live. These tools include <strong><code>memberpress_create_member<\/code><\/strong>, <strong><code>memberpress_update_member<\/code><\/strong>, <strong><code>memberpress_create_coupon<\/code><\/strong>, <strong><code>memberpress_create_subscription<\/code><\/strong>et <strong><code>memberpress_create_webhook<\/code><\/strong>entre autres.<\/p>\n\n\n\n<p><strong>Destructive writes (6 tools)<\/strong> carry neither <strong><code>ex\u00e9cuter<\/code><\/strong> nor a legacy dry-run parameter. They preview by default and require the Measure A confirmation token flow to execute. The two-call gate is their only execute mechanism.<\/p>\n\n\n\n<p>This split means a reader can tell a tool's risk level from its parameters. A tool with <strong><code>ex\u00e9cuter<\/code><\/strong> is reversible; a tool with no <strong><code>ex\u00e9cuter<\/code><\/strong> and a confirmation requirement is destructive.<\/p>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-info\"><strong>Remarque :<\/strong> This document describes the MCP endpoint (<code>\/wp-json\/mp-mcp\/v1\/mcp<\/code>). Write tools on the MCP endpoint do not expose a <strong><code>dry_run<\/code><\/strong> parameter. Non-destructive tools use <strong><code>ex\u00e9cuter<\/code><\/strong>; destructive tools use the confirmation token flow. There is no other way to run a write through MCP. The WordPress Abilities surface reaches the same operations with different mechanics \u2014 see <strong><a href=\"#the-wordpress-abilities-surface\">The WordPress Abilities Surface<\/a><\/strong> ci-dessous.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"the-non-destructive-preview-shape\"><a href=\"#the-non-destructive-preview-shape\">The Non-Destructive Preview Shape<\/a><\/h3>\n\n\n\n<p>A non-destructive write tool called without <strong><code>ex\u00e9cuter : true<\/code><\/strong> returns a flat preview payload. The following is the response from a <strong><code>memberpress_create_member<\/code><\/strong> preview call:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"dry_run\": true,\n  \"action\": \"create_member\",\n  \"preview\": {\n    \"email\": \"mcp-preview-test@example.com\",\n    \"username\": \"mcppreviewtest\",\n    \"first_name\": \"MCP\",\n    \"last_name\": \"PreviewTest\"\n  },\n  \"validation\": \"passed\"\n}<\/code><\/pre>\n\n\n\n<p>This envelope is flat: <strong><code>dry_run<\/code><\/strong>, <strong><code>action<\/code><\/strong>, <strong><code>aper\u00e7u<\/code><\/strong>et <strong><code>validation<\/code><\/strong> sit at the top level, and there is no confirmation token. It differs from a destructive preview, where the <strong><code>aper\u00e7u<\/code><\/strong> object is nested one level deeper (<strong><code>preview.preview<\/code><\/strong>) and a <strong><code>jeton_de_confirmation<\/code><\/strong> is present. The <strong><code>validation<\/code><\/strong> field reports whether the previewed input would pass validation on execute.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"measure-c-granular-scopes\"><a href=\"#measure-c-granular-scopes\">Measure C \u2014 Granular Scopes<\/a><\/h2>\n\n\n\n<p>Connection tokens carry specific scopes rather than blanket access. A token scoped to read members cannot write billing data. This limits the blast radius of any single connection to exactly the operations its scopes permit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"scope-vocabulary\"><a href=\"#scope-vocabulary\">Scope Vocabulary<\/a><\/h3>\n\n\n\n<p>The MCP server defines the following scopes in <strong><code>ScopeMatcher<\/code><\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Champ d'application<\/th><th>Subventions<\/th><\/tr><\/thead><tbody><tr><td><strong><code>lire<\/code><\/strong><\/td><td>Read access to all data through read tools<\/td><\/tr><tr><td><strong><code>\u00e9crire : contenu<\/code><\/strong><\/td><td>Write access to content: access rules and coupons<\/td><\/tr><tr><td><strong><code>\u00e9crire : membres<\/code><\/strong><\/td><td>Write access to members<\/td><\/tr><tr><td><strong><code>\u00e9crire : facturation<\/code><\/strong><\/td><td>Write access to billing: subscription management and transaction refunds<\/td><\/tr><tr><td><strong><code>\u00e9crire : importations<\/code><\/strong><\/td><td>Write access to member imports<\/td><\/tr><tr><td><strong><code>\u00e9crire : webhooks<\/code><\/strong><\/td><td>Write access to webhooks and email reminders<\/td><\/tr><tr><td><strong><code>\u00e9crire : cours<\/code><\/strong><\/td><td>Write access to course operations<\/td><\/tr><tr><td><strong><code>complet<\/code><\/strong><\/td><td>All write scopes (satisfies any specific <strong><code>\u00e9crire :*<\/code><\/strong> requirement)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Les <strong><code>lire<\/code><\/strong> scope is implicit on every token. The server matches a tool's required scope against the token's granted scopes before dispatch through <strong><code>Server::current_token_has_scope<\/code><\/strong>.<\/p>\n\n\n\n<p>Scope alone is not the only gate. Each write tool also declares the WordPress capability it requires (for example, <strong><code>create_users<\/code><\/strong> ou <strong><code>modifier_utilisateurs<\/code><\/strong>), and the server enforces that capability before dispatch. A token with <strong><code>complet<\/code><\/strong> scope still cannot create users if the token owner lacks the <strong><code>create_users<\/code><\/strong> capability. The two gates return distinct errors, and the scope gate runs first: a missing scope fails with <strong><code>SCOPE_INSUFFISANT<\/code><\/strong>; a missing capability fails with <strong><code>CAPACIT\u00c9_INSUFFISANTE<\/code><\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"default-access-ceiling\"><a href=\"#default-access-ceiling\">Default Access Ceiling<\/a><\/h3>\n\n\n\n<p>The default access ceiling caps the scopes the server can issue to a new connection. An administrator sets it through the <strong>\u201cMaximum access level for new connections\u201d<\/strong> setting on the <strong>MCP Settings<\/strong> tab. The ceiling determines the maximum scope any new token carries, regardless of what the connecting client requests.<\/p>\n\n\n\n<p>The setting has two options: <strong>Read Only<\/strong> et <strong>Full Access<\/strong>.<\/p>\n\n\n\n<p>When set to <strong>Read Only<\/strong>, the wizard hides the write-scope checkboxes entirely \u2014 they are not shown greyed out \u2014 and the server caps every new connection at read scope. The wizard's Access step shows only the always-granted read scope, with this notice:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Site administrator has set the maximum access level to Read Only. New connections cannot be issued write scopes until this is raised in MCP Settings.<\/p>\n<\/blockquote>\n\n\n\n<p>When set to <strong>Full Access<\/strong>, the wizard's Access step shows the write-scope checkboxes, pre-checked, and the administrator unchecks any a connection does not need. A new connection then receives write scopes up to what the connecting user's WordPress capabilities allow.<\/p>\n\n\n\n<p>The ceiling enforces server-side at four token-issuance paths. A hand-crafted request cannot bypass the wizard interface to request a wider scope:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Wizard token creation;<\/li>\n\n\n\n<li>OAuth <strong><code>\/authorize<\/code><\/strong>;<\/li>\n\n\n\n<li>OAuth <strong><code>\/token<\/code><\/strong> exchange;<\/li>\n\n\n\n<li>Dynamic client registration (RFC 7591).<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-alert\"><strong>Important :<\/strong> The ceiling applies at issuance time only. Tightening the ceiling does not narrow scopes on tokens already issued. To narrow an existing connection, revoke it and issue a new one.<\/p>\n\n\n\n<p>The ceiling is an extension of the scope vocabulary, not a separate mechanism. It exists only because Measure C defines the scopes it caps.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"measure-d-kill-switch\"><a href=\"#measure-d-kill-switch\">Measure D \u2014 Kill Switch<\/a><\/h2>\n\n\n\n<p>The kill switch lets an administrator halt every destructive write instantly. When active, the server refuses every destructive tool call and returns the <strong><code>\u00c9CRITURE_SUSPENDUE<\/code><\/strong> error, regardless of the calling token's scopes or any valid confirmation token.<\/p>\n\n\n\n<p>An administrator toggles the switch from the <strong>MCP Connected Clients<\/strong> admin page. The control is a <strong>Pause all writes<\/strong> button. While destructive writes are active, the page shows this status:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Destructive writes are active \u2014 Pauses refunds, cancellations, deletions, and bulk imports for every connected client. Read tools keep working.<\/p>\n<\/blockquote>\n\n\n\n<p>The setting persists across regular settings saves, so a routine settings update does not silently turn it off. The server records <strong><code>admin.writes_paused<\/code><\/strong> et <strong><code>admin.writes_resumed<\/code><\/strong> events to the audit log when the switch changes state.<\/p>\n\n\n\n<p>The kill switch is the broadest measure. Measures A, B, and C constrain individual operations; the kill switch overrides all of them for destructive calls in a single action. It is the appropriate response when an administrator suspects a connection is behaving unexpectedly and wants to stop all destructive activity before investigating.<\/p>\n\n\n\n<p class=\"wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon is-style-info\"><strong>Remarque :<\/strong> The kill switch pauses destructive writes only. Read tools and non-destructive write previews continue to function while it is active.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"the-writespaused-response\"><a href=\"#the-writespaused-response\">The WRITES_PAUSED Response<\/a><\/h3>\n\n\n\n<p>While the kill switch is active, every destructive tool call fails with this response, regardless of the calling token's scopes or any valid confirmation token:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"code\": -32603,\n  \"message\": \"Destructive writes are paused by an administrator. Try again later or contact the site owner.\",\n  \"data\": {\n    \"mp_error_code\": \"WRITES_PAUSED\"\n  },\n  \"request_id\": \"req_<id>\"\n}<\/code><\/pre>\n\n\n\n<p>The switch gates the entire destructive-write path: even the first (preview) call of a destructive tool returns <strong><code>\u00c9CRITURE_SUSPENDUE<\/code><\/strong>, so the confirmation flow cannot begin. As with all tool errors, match on <strong><code>data.mp_error_code<\/code><\/strong> (<strong><code>\u00c9CRITURE_SUSPENDUE<\/code><\/strong>), not the generic <strong><code>-32603<\/code><\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"related-capabilities\"><a href=\"#related-capabilities\">Related Capabilities<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"the-wordpress-abilities-surface\"><a href=\"#the-wordpress-abilities-surface\">The WordPress Abilities Surface<\/a><\/h3>\n\n\n\n<p>On WordPress 6.9 and later, AI Foundation also registers tools through the WordPress Abilities API, exposed via the WordPress.org MCP Adapter. This is a second programmatic surface that reaches the same underlying operations as the MCP endpoint, with three mechanical differences:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Preview control.<\/strong> Write operations on the Abilities surface expose a <strong><code>dry_run<\/code><\/strong> parameter: they preview by default, and the caller passes <strong><code>dry_run: false<\/code><\/strong> to run live \u2014 where the MCP endpoint uses <strong><code>ex\u00e9cuter : true<\/code><\/strong> instead;<\/li>\n\n\n\n<li><strong>Write gate.<\/strong> Write access through the Abilities surface is gated on the <strong><code>mpai_use_mcp_write<\/code><\/strong> capability;<\/li>\n\n\n\n<li><strong>Coverage.<\/strong> The surface registers the core tool families; add-on tool surfaces are exposed via MCP only.<\/li>\n<\/ul>\n\n\n\n<p>The safety model carries over: the surface enforces the same per-tool WordPress capability requirements, destructive operations require the same confirmation-token flow (including the same reversible-action exemption), and the kill switch pauses destructive Abilities writes just as it pauses MCP writes. Reaching the operations through a different protocol does not relax the gates.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"activity-log\"><a href=\"#activity-log\">Activity Log<\/a><\/h3>\n\n\n\n<p>The Activity Log records MCP tool events for audit and troubleshooting. It lives on the <strong>MCP Connected Clients<\/strong> tab and lists each event with four columns: <strong>Temps<\/strong>, <strong>Client<\/strong>, <strong>Outil<\/strong>et <strong>R\u00e9sultat<\/strong>. Les <strong>R\u00e9sultat<\/strong> column shows the stored outcome code for each call \u2014 <code>succ\u00e8s<\/code>, <code>erreur<\/code>, <code>confirmation_required<\/code>, <code>confirmation_invalid<\/code>, <code>confirmation_race_lost<\/code>, <code>scope_insufficient<\/code>, <code>capability_insufficient<\/code>, <code>writes_paused<\/code>, and a small family of preview\/encoding failure codes.<\/p>\n\n\n\n<p>The log makes the destructive confirmation flow auditable: a destructive tool's preview call logs <code>confirmation_required<\/code>, and its execution logs <code>succ\u00e8s<\/code> \u2014 the two calls are distinguishable. A non-destructive tool's preview and live execution both log <code>succ\u00e8s<\/code>; call arguments are deliberately never logged, so the log does not record whether <code>ex\u00e9cuter<\/code> was passed. How long entries are kept is governed by the <strong>Log Retention<\/strong> setting on the <strong>MCP Settings<\/strong> tab (default <strong>30 jours<\/strong>).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"a-note-on-ai-client-behavior\"><a href=\"#a-note-on-ai-client-behavior\">A Note on AI Client Behavior<\/a><\/h3>\n\n\n\n<p>Some MCP clients automatically complete the two-call confirmation flow without surfacing the confirmation step to the user. A client may show a preview and then issue the second call internally, so the operation appears to run in one step. This is client-side workflow behavior, not a gap in the safety layer. The server still enforces the two-call requirement, and the client supplies a valid token on the second call.<\/p>\n\n\n\n<p>To observe the confirmation gate directly, use a tool that issues each call explicitly, such as Postman or <strong><code>curl<\/code><\/strong>. A client that abstracts the flow hides the two calls, but the server still requires both.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"related-documentation\"><a href=\"#related-documentation\">Documentation associ\u00e9e<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-overview\/\" target=\"_blank\" rel=\"noopener\">Pr\u00e9sentation et guide d'installation de MemberPress AI Foundation<\/a><\/strong> \u2014 what AI Foundation is, how to install it, and how to connect AI clients;<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/memberpress.com\/fr\/docs\/mcp-tools-reference\/\" target=\"_blank\" rel=\"noopener\">R\u00e9f\u00e9rence des outils MCP de la certification \u00ab AI Foundation \u00bb MemberPress<\/a><\/strong> \u2014 the full tool catalog, including which tools are destructive and what scope each requires;<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/memberpress.com\/fr\/docs\/mcp-errors-troubleshooting\/\" target=\"_blank\" rel=\"noopener\">MemberPress AI Foundation MCP Errors and Troubleshooting<\/a><\/strong> \u2014 the complete error catalog, including <strong><code>\u00c9CRITURE_SUSPENDUE<\/code><\/strong> et <strong><code>CAPACIT\u00c9_INSUFFISANTE<\/code><\/strong>;<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/memberpress.com\/fr\/docs\/connecting-ai-clients\/\" target=\"_blank\" rel=\"noopener\">Connecting AI Clients to MemberPress<\/a><\/strong> \u2014 how the server issues connections and assigns scopes during setup.<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before [\u2026]<\/p>\n","protected":false},"author":62252,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_strive_editorial_status":"not-started","_strive_copy_of":0,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","_FSMCFIC_featured_image_caption":"","_FSMCFIC_featured_image_nocaption":"","_FSMCFIC_featured_image_hide":"","_strive_checklists":"\"\"","_strive_active_checklist":"62291e2bb2422","footnotes":""},"ht-kb-category":[1581],"ht-kb-tag":[],"class_list":{"0":"post-81432","1":"ht_kb","2":"type-ht_kb","3":"status-publish","4":"format-standard","6":"ht_kb_category-mcp","7":"entry"},"acf":[],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.9.6.2 - aioseo.com -->\n\t<meta name=\"description\" content=\"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Nikola M\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.9.6.2\" \/>\n\t\t<meta property=\"og:locale\" content=\"fr_FR\" \/>\n\t\t<meta property=\"og:site_name\" content=\"MemberPress\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"MemberPress AI Foundation Agent Safety Measures | MemberPress\" \/>\n\t\t<meta property=\"og:description\" content=\"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1650\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1275\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-14T16:09:29+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-07-14T16:09:29+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/memberpress\/\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@memberpress\" \/>\n\t\t<meta name=\"twitter:title\" content=\"MemberPress AI Foundation Agent Safety Measures | MemberPress\" \/>\n\t\t<meta name=\"twitter:description\" content=\"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#article\",\"name\":\"MemberPress AI Foundation Agent Safety Measures | MemberPress\",\"headline\":\"MemberPress AI Foundation Agent Safety Measures\",\"author\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/blog\\\/author\\\/nikolacaseproof-com\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/memberpress.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/mp-icon-RGB_Icon-01.jpg\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#articleImage\",\"width\":1650,\"height\":1275,\"caption\":\"memberpress logo icon\"},\"datePublished\":\"2026-07-14T12:09:29-04:00\",\"dateModified\":\"2026-07-14T12:09:29-04:00\",\"inLanguage\":\"fr-FR\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#webpage\"},\"articleSection\":\"MCP\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/memberpress.com\\\/fr\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/developer-docs\\\/#listItem\",\"name\":\"Developer Documentation\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/developer-docs\\\/#listItem\",\"position\":2,\"name\":\"Developer Documentation\",\"item\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/developer-docs\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/mcp\\\/#listItem\",\"name\":\"MCP\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/mcp\\\/#listItem\",\"position\":3,\"name\":\"MCP\",\"item\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/mcp\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#listItem\",\"name\":\"MemberPress AI Foundation Agent Safety Measures\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/developer-docs\\\/#listItem\",\"name\":\"Developer Documentation\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#listItem\",\"position\":4,\"name\":\"MemberPress AI Foundation Agent Safety Measures\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/doc-categories\\\/mcp\\\/#listItem\",\"name\":\"MCP\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#organization\",\"name\":\"MemberPress\",\"description\":\"The All-In-One WordPress Membership Plugin\",\"url\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/memberpress.com\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/mp-icon-RGB_Icon-01.jpg\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#organizationLogo\",\"width\":1650,\"height\":1275,\"caption\":\"memberpress logo icon\"},\"image\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.instagram.com\\\/memberpress\\\/\",\"https:\\\/\\\/www.pinterest.com\\\/memberpressplugin\\\/\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/MemberPressPlugin\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/memberpress\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/blog\\\/author\\\/nikolacaseproof-com\\\/#author\",\"url\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/blog\\\/author\\\/nikolacaseproof-com\\\/\",\"name\":\"Nikola M\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/memberpress.com\\\/wp-content\\\/litespeed\\\/avatar\\\/1edf820c48f9c430f380efe81887b154.jpg?ver=1783608757\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#webpage\",\"url\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/\",\"name\":\"MemberPress AI Foundation Agent Safety Measures | MemberPress\",\"description\":\"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before\",\"inLanguage\":\"fr-FR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/docs\\\/ai-foundation-safety-measures\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/blog\\\/author\\\/nikolacaseproof-com\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/blog\\\/author\\\/nikolacaseproof-com\\\/#author\"},\"datePublished\":\"2026-07-14T12:09:29-04:00\",\"dateModified\":\"2026-07-14T12:09:29-04:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#website\",\"url\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/\",\"name\":\"MemberPress\",\"description\":\"The All-In-One WordPress Membership Plugin\",\"inLanguage\":\"fr-FR\",\"publisher\":{\"@id\":\"https:\\\/\\\/memberpress.com\\\/fr\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>MemberPress AI Foundation Agent Safety Measures | MemberPress<\/title>\n\n","aioseo_head_json":{"title":"MemberPress AI Foundation Agent Safety Measures | MemberPress","description":"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before","canonical_url":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#article","name":"MemberPress AI Foundation Agent Safety Measures | MemberPress","headline":"MemberPress AI Foundation Agent Safety Measures","author":{"@id":"https:\/\/memberpress.com\/fr\/blog\/author\/nikolacaseproof-com\/#author"},"publisher":{"@id":"https:\/\/memberpress.com\/fr\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg","@id":"https:\/\/memberpress.com\/fr\/#articleImage","width":1650,"height":1275,"caption":"memberpress logo icon"},"datePublished":"2026-07-14T12:09:29-04:00","dateModified":"2026-07-14T12:09:29-04:00","inLanguage":"fr-FR","mainEntityOfPage":{"@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#webpage"},"isPartOf":{"@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#webpage"},"articleSection":"MCP"},{"@type":"BreadcrumbList","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr#listItem","position":1,"name":"Home","item":"https:\/\/memberpress.com\/fr","nextItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/#listItem","name":"Developer Documentation"}},{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/#listItem","position":2,"name":"Developer Documentation","item":"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/","nextItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/#listItem","name":"MCP"},"previousItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/#listItem","position":3,"name":"MCP","item":"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/","nextItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#listItem","name":"MemberPress AI Foundation Agent Safety Measures"},"previousItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/#listItem","name":"Developer Documentation"}},{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#listItem","position":4,"name":"MemberPress AI Foundation Agent Safety Measures","previousItem":{"@type":"ListItem","@id":"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/#listItem","name":"MCP"}}]},{"@type":"Organization","@id":"https:\/\/memberpress.com\/fr\/#organization","name":"MemberPress","description":"The All-In-One WordPress Membership Plugin","url":"https:\/\/memberpress.com\/fr\/","logo":{"@type":"ImageObject","url":"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#organizationLogo","width":1650,"height":1275,"caption":"memberpress logo icon"},"image":{"@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#organizationLogo"},"sameAs":["https:\/\/www.instagram.com\/memberpress\/","https:\/\/www.pinterest.com\/memberpressplugin\/","https:\/\/www.youtube.com\/c\/MemberPressPlugin","https:\/\/www.linkedin.com\/company\/memberpress\/"]},{"@type":"Person","@id":"https:\/\/memberpress.com\/fr\/blog\/author\/nikolacaseproof-com\/#author","url":"https:\/\/memberpress.com\/fr\/blog\/author\/nikolacaseproof-com\/","name":"Nikola M","image":{"@type":"ImageObject","url":"https:\/\/memberpress.com\/wp-content\/litespeed\/avatar\/1edf820c48f9c430f380efe81887b154.jpg?ver=1783608757"}},{"@type":"WebPage","@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#webpage","url":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/","name":"MemberPress AI Foundation Agent Safety Measures | MemberPress","description":"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before","inLanguage":"fr-FR","isPartOf":{"@id":"https:\/\/memberpress.com\/fr\/#website"},"breadcrumb":{"@id":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/#breadcrumblist"},"author":{"@id":"https:\/\/memberpress.com\/fr\/blog\/author\/nikolacaseproof-com\/#author"},"creator":{"@id":"https:\/\/memberpress.com\/fr\/blog\/author\/nikolacaseproof-com\/#author"},"datePublished":"2026-07-14T12:09:29-04:00","dateModified":"2026-07-14T12:09:29-04:00"},{"@type":"WebSite","@id":"https:\/\/memberpress.com\/fr\/#website","url":"https:\/\/memberpress.com\/fr\/","name":"MemberPress","description":"The All-In-One WordPress Membership Plugin","inLanguage":"fr-FR","publisher":{"@id":"https:\/\/memberpress.com\/fr\/#organization"}}]},"og:locale":"fr_FR","og:site_name":"MemberPress","og:type":"article","og:title":"MemberPress AI Foundation Agent Safety Measures | MemberPress","og:description":"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before","og:url":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/","og:image":"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg","og:image:secure_url":"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg","og:image:width":1650,"og:image:height":1275,"article:published_time":"2026-07-14T16:09:29+00:00","article:modified_time":"2026-07-14T16:09:29+00:00","article:publisher":"https:\/\/www.facebook.com\/memberpress\/","twitter:card":"summary_large_image","twitter:site":"@memberpress","twitter:title":"MemberPress AI Foundation Agent Safety Measures | MemberPress","twitter:description":"MemberPress AI Foundation enforces four safety measures on Model Context Protocol (MCP) write operations. These measures protect a site from unintended or unauthorized changes when an AI client connects through the MCP server. They operate together. A single write call can pass through scope checks, preview defaults, a confirmation gate, and the kill switch before","twitter:image":"https:\/\/memberpress.com\/wp-content\/uploads\/2022\/10\/mp-icon-RGB_Icon-01.jpg"},"aioseo_meta_data":{"post_id":"81432","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"seo_analyzer_scan_date":"2026-07-14 16:55:28","breadcrumb_settings":null,"limit_modified_date":false,"reviewed_by":null,"open_ai":null,"ai":null,"created":"2026-07-14 16:09:29","updated":"2026-07-14 16:55:28"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/memberpress.com\/fr\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/\" title=\"Developer Documentation\">Developer Documentation<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/\" title=\"MCP\">MCP<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\tMemberPress AI Foundation Agent Safety Measures\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/memberpress.com\/fr"},{"label":"Developer Documentation","link":"https:\/\/memberpress.com\/fr\/doc-categories\/developer-docs\/"},{"label":"MCP","link":"https:\/\/memberpress.com\/fr\/doc-categories\/mcp\/"},{"label":"MemberPress AI Foundation Agent Safety Measures","link":"https:\/\/memberpress.com\/fr\/docs\/ai-foundation-safety-measures\/"}],"_links":{"self":[{"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/ht-kb\/81432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/users\/62252"}],"replies":[{"embeddable":true,"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/comments?post=81432"}],"version-history":[{"count":0,"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/ht-kb\/81432\/revisions"}],"wp:attachment":[{"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/media?parent=81432"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/ht-kb-category?post=81432"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/memberpress.com\/fr\/wp-json\/wp\/v2\/ht-kb-tag?post=81432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}