_meta.ui:
| Field | Answers | Example |
|---|---|---|
annotations | What does this tool do? | Read data, delete data, call an external service. |
_meta.ui | Who can call it, and does it render a View? | Model-visible, app-only, linked to ui://orders/view.html. |
Annotation Fields
| Annotation | Use it when | MCP App guidance |
|---|---|---|
title | You want a short human-readable tool name. | Keep it action-oriented, such as Search Orders or Save Draft. |
readOnlyHint | The tool does not modify state. | Set true for search, preview, list, load, and filter tools. |
destructiveHint | The tool can delete, overwrite, cancel, charge, send, or otherwise cause user-visible harm. | Set true for destructive model-visible tools and for destructive app-only helpers called from the View. |
idempotentHint | Repeating the same call has the same effect as calling it once. | Set true only when retries are safe, such as saveDraft with a stable draft id. |
openWorldHint | The tool interacts with systems outside the MCP server’s control. | Set false for local reads or your own database. Set true for email, payment, web, SaaS, or third-party API actions. |
Annotations are hints, not authorization. Your server still needs authentication, permission checks,
input validation, and confirmation flows for sensitive actions.
Read-Only UI Tool
A search or dashboard tool usually renders a View and reads server data. Mark it read-only so hosts can treat it as lower risk.App-Only Write Helper
App-only tools are hidden from the model, but they are still real server tools. If a button in the View writes data, annotate that tool honestly.Destructive Tool
If a model-visible tool can cancel, delete, send, purchase, or overwrite something, setdestructiveHint: true. Hosts may use this to add confirmation or show stronger review UI.
Checklist
- Add annotations to every model-visible tool, especially UI-launching tools.
- Add annotations to app-only tools when they write data or call external systems.
- Do not use
readOnlyHint: trueon a tool that writes state, even if the write is small. - Set
destructiveHint: truefor delete, cancel, overwrite, send, purchase, or irreversible actions. - Set
idempotentHint: trueonly when server-side retries are safe. - Set
openWorldHint: truewhen the tool reaches outside your controlled backend.
Related
Tool and Resource Contract
Check the full server-side contract for MCP App tools and resources.
Tool _meta
Link tools to Views and control model vs app visibility.