Protocol transport/auth evolution

Model Context Protocol tool annotations destructiveHint readOnlyHint idempotentHint openWorldHint

A host hides or blocks a valid tool because its safety metadata is incomplete.

MCPAgent protocolsProtocol transport/auth evolutionmcp_202503

Agent Quick Fix

Repair against the current MCP contract, then keep the change narrow and source-backed.

Product: MCP
Current-contract area: Destructive tool lacks current behavior annotations
Likely root cause: A host hides or blocks a valid tool because its safety metadata is incomplete.
Repair direction: Verifier checks current transport framing, session lifecycle, auth flow, and backwards compatibility where specified.

Symptom

A host hides or blocks a valid tool because its safety metadata is incomplete.

Why This Happens

Local client/server code can each be valid for an earlier protocol revision; only the negotiated current spec defines transport, session, and authorization behavior.

Common Wrong Fixes

Changing local code without checking the current external contract.
Retrying the same install, build, or API call with no version/source change.
Applying a broad unsafe bypass when a narrow compatibility fix is available.

Codex Search Keywords

These are the search terms observed in a neutral Codex validation run for this failure shape.

Model Context Protocol tool annotations destructiveHint readOnlyHint idempotentHint openWorldHint
site:modelcontextprotocol.io tools annotations destructiveHint readOnlyHint
https://modelcontextprotocol.io/specification/2025-06-18/server/tools
'destructiveHint' in https://modelcontextprotocol.io/specification/2025-06-18/server/tools
https://modelcontextprotocol.io/specification/2025-06-18/schema
'ToolAnnotations' in https://modelcontextprotocol.io/specification/2025-06-18/schema