The "intent as MCP primitive" framing is interesting. One problem it runs into immediately: who runs the matching layer? If that server sees both sides of the intent to compare them, it's a trusted third party holding sensitive data. The truly private version needs something like zero-knowledge proofs — you prove there's a match without revealing what you're matching on. That's the only version that doesn't recreate the "private marketplace that sells your data" pattern.