Human-approval gate before agent sends any outbound message

[amanbuild]

There's no built-in mechanism to require human approval before a message is sent by the agent. For anything that touches external APIs or sends emails, I need to be able to see the outbound payload and explicitly confirm before the agent fires. This should be a configurable gate, not the default.

[amanbuild]

The permission gate today covers shell command execution and file writes. Extending it to HTTP calls / outbound API actions would require OpenACP to be MCP-aware (so it can intercept tool calls by type). Solid feature request — the use case is clear.