Problem:
tools/list returns no tool annotations on any tool (verified on v1.7.2, all 108 tools expose only name, description, and inputSchema):
{
"name": "send_in_app",
"description": "Send in-app message to user",
"inputSchema": { ... }
// no "annotations"
}
MCP clients and gateways (Claude Desktop/Code, MCP proxies, admin UIs) rely on readOnlyHint / destructiveHint / idempotentHint to visually flag dangerous tools, require confirmation before invoking them, or apply per-tool policy. Without annotations, send_in_app (sends a message to a real user) is rendered indistinguishably from get_campaigns. The only available guardrail is the coarse, all-or-nothing ITERABLE_ENABLE_WRITES / ITERABLE_ENABLE_SENDS env gating.
Could you add MCP tool annotations to the tool definitions, so clients can tell read-only tools apart from destructive ones (sends, deletes, aborts)?
Problem:
tools/list returns no tool annotations on any tool (verified on v1.7.2, all 108 tools expose only name, description, and inputSchema):
MCP clients and gateways (Claude Desktop/Code, MCP proxies, admin UIs) rely on readOnlyHint / destructiveHint / idempotentHint to visually flag dangerous tools, require confirmation before invoking them, or apply per-tool policy. Without annotations, send_in_app (sends a message to a real user) is rendered indistinguishably from get_campaigns. The only available guardrail is the coarse, all-or-nothing ITERABLE_ENABLE_WRITES / ITERABLE_ENABLE_SENDS env gating.
Could you add MCP tool annotations to the tool definitions, so clients can tell read-only tools apart from destructive ones (sends, deletes, aborts)?