Filter: gk/block-mcp/identity/allow-self
Forbid full-account connections so the AI is always a limited agent.
The Approve screen offers two identities: the recommended dedicated agent, and "your own account" — which mints a credential carrying the approving user's full capabilities. Return false to take that second option off the table entirely: the card disappears from the consent screen and any self request is clamped back to the limited agent. The right move for managed hosts, agencies, or any site where an AI client should never hold admin-grade access.
Parameters
| Name | Type | Description |
|---|---|---|
| $allowed | bool | Whether the "your own account" identity is offered. Default true. |
Example
// Only ever allow the dedicated, least-privilege agent identity.
add_filter( 'gk/block-mcp/identity/allow-self', '__return_false' );
Since
Source
Defined in wordpress-plugin/gk-block-api/includes/class-connect-page.php at line 381