Description
Is your feature request related to a problem? Please describe.
Tools that have write access should be handled more carefully than read-only tools. Most MCP clients have a notion of "tool permission" that typically involves the enum:
- Never: the tool specs are not sent to the LLM, and thus can't be selected
- Ask: if the LLM selects the tool, the client handles the tool request and ask for user confirmation via the UI
- Allowed: if the LLM selects the tool, the tool request is directly forwarded to the MCP
Describe the solution you'd like
Given that this feature is in all clients I've tried, the specs should allow MCP developers to specify a recommended/default tool permission value. The client could override that default (e.g., client enforces Ask as default) and the user can modify that manually. The Python and TypeScript SDK could change their Tool model to include a recommended permission field.
Additional context
My work involves developing MCP servers and I've collaborated with several client developers for MCP adherence.
I can contribute code, but the requested feature is currently outside of the protocol specs