Should MCP tool changes require re-approval?

[MaazAhmed47]

Hi mcp-use team, small MCP runtime-trust question.
Since mcp-use connects agents to arbitrary MCP servers, I’m curious how you think about tool changes after an agent/user has already approved or configured a server.

If a tool changes later, should that be treated as normal versioning, client behavior, gateway behavior, or a re-approval event?
Examples:

• input schema changes
• new required parameters
• broader data access
• new external reach
• read-only behavior becoming write/export/delete
• auth scope or server profile changes

I’m trying to understand where MCP builders think this boundary belongs.
For a framework like mcp-use, is the trust anchor the server config, the individual tool definitions, the client approval flow, or some combination?