🛡️ Cite-Before-Act MCP

Human-in-the-loop safety middleware for MCP servers. Require explicit approval before state-mutating operations.

Overview

Cite-Before-Act MCP implements a standardized "dry-run → approval → execute" workflow for any MCP (Model Context Protocol) server. It acts as a transparent proxy that intercepts tool calls, detects mutating operations, and requires human approval before execution.

Problem: AI assistants can execute dangerous operations (delete files, send emails, charge cards) without explicit user consent.
Solution: Cite-Before-Act enforces a human-in-the-loop approval workflow for all state-mutating operations.

🎥 See It In Action

YouTube Demo

Watch a live demonstration of Cite-Before-Act MCP

LinkedIn Announcement

Join the discussion on LinkedIn

Key Features

🔍 Multi-Strategy Detection

  • Allowlist/Blocklist configuration
  • Naming convention analysis
  • Metadata keyword detection
  • Smart read-only identification

📝 Natural Language Previews

  • Human-readable action descriptions
  • Key parameter extraction
  • Clear impact summaries
  • Concise formatting

🌐 Multi-Platform Approvals

  • Slack interactive buttons
  • Webex Teams adaptive cards
  • Microsoft Teams integration
  • Native OS dialogs (macOS/Windows)
  • File-based CLI approval

⚡ Concurrent Execution

  • All methods run in parallel
  • First response wins
  • Smart method coordination
  • No duplicate prompts

🔧 Easy Integration

  • Works with any MCP server
  • Protocol-agnostic design
  • Built on FastMCP framework
  • Minimal configuration required

🎯 Flexible Configuration

  • Environment variable based
  • Two-tier config system
  • Per-server customization
  • Interactive setup wizard

How It Works

Request Flow

Client → Cite-Before-Act Proxy → Middleware → Detection → Explain → Approval → Upstream Server
                                    ↓
                              (if mutating)
                                    ↓
                          Concurrent Approval Methods
                          (run in parallel, first response wins)
                                    ↓
                    ┌───────────────┼───────────────┬───────────────┐
                    │               │               │               │
              Native Dialog    Slack Button   Webex Card    Teams Card
              (macOS/Win)   (interactive msg) (adaptive)   (adaptive)
                    │               │               │               │
                    └───────────────┼───────────────┴───────────────┘
                                    ↓
                        User responds via any method
                                    ↓
                              Execute or Reject

Example Workflow

  1. User Request: "Create a file called test.txt with content 'Hello, World!'"
  2. Interception: Cite-Before-Act intercepts the write_file tool call
  3. Detection: Identified as mutating via write_ prefix convention
  4. Preview: "Write file: /path/test.txt (13 bytes)"
  5. Approval Requests: Sent concurrently to all enabled platforms
  6. User Response: Approve or reject via any method (first wins)
  7. Execution: File created if approved, error if rejected
  8. Result: Returned to Claude Desktop

Read-only operations (like read_file, list_directory) execute immediately without approval.

Approval Methods

All enabled methods run concurrently - respond via any platform, first response wins:

Native OS Dialog

macOS/Windows popup

No Config Required

Slack

Interactive buttons

Webhook Required

Webex Teams

Adaptive cards

Bot Required

Microsoft Teams

Bot Framework

Azure App Required

File-Based CLI

JSON response file

Always Available
Smart Coordination: Native dialogs automatically disable when collaboration platforms are enabled to prevent duplicate prompts. File-based approval instructions are always printed to logs as a universal fallback.

Quick Start

Get started in minutes with the interactive setup wizard:

git clone https://github.com/bisonbet/Cite-Before-Act-MCP.git
cd Cite-Before-Act-MCP
python3 setup_wizard.py

The wizard will:

Configuration Example

Wrap any MCP server with minimal configuration:

{
  "mcpServers": {
    "github-cite": {
      "command": "python",
      "args": ["-m", "server.main", "--transport", "stdio"],
      "env": {
        "UPSTREAM_COMMAND": "docker",
        "UPSTREAM_ARGS": "run,-i,--rm,ghcr.io/github/github-mcp-server",
        "UPSTREAM_TRANSPORT": "stdio",
        "ENABLE_SLACK": "true",
        "SLACK_CHANNEL": "#approvals"
      }
    }
  }
}

Documentation

Getting Started

  • Installation Guide
  • Claude Desktop Setup
  • Installing Upstream Servers
  • Testing Your Setup

Configuration

  • Configuration Reference
  • Detection System
  • Approval Methods
  • Environment Variables

Platform Setup

  • Slack Integration
  • Webex Teams Setup
  • Microsoft Teams Setup
  • Multi-Platform Usage

Advanced Topics

  • Architecture Overview
  • Development Guide
  • Library Usage
  • Custom Integrations

Ready to Add Safety to Your MCP Servers?

Start using Cite-Before-Act MCP today and gain human-in-the-loop control over state-mutating operations.

View on GitHub Installation Guide Configuration Docs

Use Cases

🔒 Security-Sensitive Operations

Require approval before deleting files, modifying databases, or changing system configurations.

💳 Financial Transactions

Prevent accidental charges, refunds, or payment processing without explicit consent.

📧 Communication

Review and approve emails, messages, or notifications before they're sent.

🔄 Integration Workflows

Gate API calls to external services, ensuring controlled automation.

📊 Data Management

Control data creation, updates, and deletions across systems.

🚀 DevOps Safety

Approve deployments, infrastructure changes, and production operations.

Technical Highlights