Author here. Built this after catching myself running autonomous agents on a NUC at home with direct Postgres access and realizing I didnt have an answer for "what happens when the model has a bad day?" The MCP spec doesn't draw any lines and "just don't connect the database" isn't really an answer.
Happy to go deep on the threat model, the proxy-vs-wrapper architecture decision, or the HITL approval design. Also open to arguments that this is solving the wrong problem.