Matimo treats `_matimo_approved: true` from the MCP request as authoritative and bypasses the server-side approval callback. If the LLM/client can set that flag automatically, it defeats the safety guarantee of approvals. Mandatory: do not allow client-supplied args to bypass approval by default; instead introduce an explicit server option (e.g., `trustClientApproval`) defaulting to false, or require server-side ApprovalHandler/HITL confirmation even when `_matimo_approved` is true (use the flag only as a user-confirmed signal when the transport guarantees it).