SEP-1938: agencyHint tool annotation#1938
SEP-1938: agencyHint tool annotation#1938thoorp wants to merge 14 commits intomodelcontextprotocol:mainfrom
Conversation
…o MCP specification This SEP introduces the `agencyHint` tool annotation to the Model Context Protocol, allowing clients to identify agentic tools that perform complex operations. It provides guidance for tool authors and clients on how to use this new annotation effectively.
|
@LucaButBoring - please take a look when you get a chance. |
LucaButBoring
left a comment
There was a problem hiding this comment.
Made some small suggestions - the main ones are just to remove the mentions of taskHint, since we turned that into execution.taskSupport just prior to the 11/25 release.
The reference implementation section is also intended to actually link to a draft SDK PR, I don't anticipate that being very difficult for this, though.
|
@000-000-000-000-000 Mind adding me as the assignee on this, since I'm sponsoring it? |
|
Also the PR name should be adjusted to something like |
|
Oh right, and regarding the GHA failure - @thoorp just run |
This is done. Will look into other comments and making the SEP complete. |
LucaButBoring
left a comment
There was a problem hiding this comment.
Looks good, just left one minor comment - will see about raising this to Core Maintainers (first time sponsoring an SEP so no reliable ETA yet, but I'll relay statuses and give an ETA as soon as I have one).
|
|
||
| Tool authors _should_ set `agencyHint: true` when: | ||
|
|
||
| - The tool encapsulates an internal “agent loop” (e.g., plan–act–observe cycles, tool-chaining, or autonomous retries). |
There was a problem hiding this comment.
nit: I think tool-chaining and autonomous retries are a bit too generic to include in this parenthetical - maybe we should remove the parenthetical entirely and just rely on (or reuse) the semantics described above this to avoid confusion.
|
@localden can we mark this as |
vinoo999
left a comment
There was a problem hiding this comment.
Like the intention of this SEP here. Would be great to see if we can align the review of this with some of the granular features proposed in SEP 1984.
In particular, I think the separation between "agentic" behavior (aiProcessingHint in 1984) and "long running" behavior (slowExecutionHint) are important UX and governance concerns.
I'd be interested in going over specific combination of hints and consistent reproducible UX/governance patterns for the varying hints proposed in 1984 and if that granularity also makes sense to split 1938 into 2 hints (naming aside :) )
|
I think it would be reasonable to remove "long-running" verbiage from the spec around this hint (cc: @thoorp). Agency doesn't necessarily imply something being long-running, and what "long-running" even means is subjective according to the particular host application and server. I'm not sure if I agree a long-running hint is useful just yet, but I'll leave that discussion to #1984. |
|
Yeah, I will update the description to keep the focus on Autonomous / Agentic aspect. |
|
For the "agency" piece on the governance side, #1984 defines the
Do you think these "ai capabilities" can be encapsulated or are separate to an "agency" hint? I think this SEP currently well covers the UX of agency, but not necessarily the governance of tools that can/should be allowed in particular applications. i.e. would like to add in the description that agency implies AI usage explicitly. |
Like the suggestion to include AI usage explicitly. Done. |
|
@thoorp this SEP does not have an assigned sponsor. Are you looking to continue working on it and find sponsorship? |
@LucaButBoring should be added as a sponsor. Pls help take care of it, if you can. |
|
I have permission to assign myself now - updated. |
|
@localden FYI this has been in the review pipeline for a few weeks now, would be great to get an idea of when this will make it to the floor. |
|
|
||
| Clients _may_ use `agencyHint` to: | ||
|
|
||
| - Apply stronger confirmation or review flows before invoking agentic tools. |
There was a problem hiding this comment.
I wonder if we're mixing things here:
It seems what this hint is trying to address is an element of risk that arises from non-determinism of agents. That fact that a tool is "agentic" is an implementation detail: what we care about here is risk levels from non-determinism.
For the progress/logs, etc. that feels like a separate thing from agency (or non-determinism). That's just something you'd like with any long-running tasks with intermediate output.
I wonder if nondeterminismHint would get more at what this is trying to achieve.
My worry is that (1) "agency" is quite a vague concept, so people will be unsure when to set this hint, and (2) you may have tools that are risky/nondeterminstic without having agentic implementation, and those might not be shown appropriately in UI even though they should.
Or maybe a simple "riskLevelHint" would be sufficient...
There was a problem hiding this comment.
I'd like to understand two things:
- does an agentic tool that uses sampling requests for its inference in an agent loop count?
- in GitHub MCP we trigger Copilot Coding Agent via 2 tools, and I would like to know if they should be annotated, the response is deterministic (just job information like the PR the coding agent opens) but the side-effect is an autonomous agent working on code in the cloud, using whatever access and MCPs it is granted.
I'm not sure nondeterminism covers the second case
I think for annotations they need to be very clear:
- why does a client/end user need to know this
- why is it not covered by other annotations
- is it clear to server authors when it should be used
And I am not certain in clear on answers to those questions.
There was a problem hiding this comment.
@pja-ant Nondeterminism doesn't fully capture the risk at play, here, and we shouldn't confuse the two concepts. If I have (as a contrived example of a non-risky, nondeterministic tool) a tool that can either search the web or read a file, and it randomly does one action or the other, that's probably not a very risky tool to use, but it is a nondeterministic one.
If, on the other hand, I have a tool that can either do nothing or create a costly compute resource at random, that is then a risky, nondeterministic tool. Risk is tied to both what the most costly action that can be taken is, in addition to how likely that action is to occur. In the case of agency, that's a special case where I don't necessarily know the full range of actions that may occur, but I'm fairly certain they lie in a particular range of reasonable actions, and with a relatively low (but non-zero) probability of negative actions.
@SamMorrowDrums This sounds like a partial refutation of @pja-ant's comments, if I'm reading this right, but to answer your questions in the context of agencyHint specifically:
does an agentic tool that uses sampling requests for its inference in an agent loop count?
Yes, it would.
in GitHub MCP we trigger Copilot Coding Agent via 2 tools, and I would like to know if they should be annotated, the response is deterministic (just job information like the PR the coding agent opens) but the side-effect is an autonomous agent working on code in the cloud, using whatever access and MCPs it is granted.
This also sounds like a use case for agencyHint.
- why does a client/end user need to know this
So that I know how likely it is for negative outcomes to occur as a side-effect of a tool being invoked, and can review the inputs more carefully.
- why is it not covered by other annotations
readOnlyHintshould be self-explanatorydestructiveHintis technically-correct, but not in a useful way when it comes to agents; they may take destructive actions, but the destructive actions they may take are a function of their own capabilities and the input prompt they are provided with.idempotentHintshould also be self-explanatoryopenWorldHintis also technically-correct, but again not in a useful way when it comes to agents. A tool-agent's domain of interaction may be closed and yet still "open enough" for it to cause damage if unconstrained or given sensitive information.
- is it clear to server authors when it should be used
From the Semantics section of this proposal:
- When present and set to
true, this signals that the tool may perform:
- Multi-step reasoning or planning,
- Goal-directed behavior that may result in multiple underlying actions.
|
|
||
| This SEP proposes a new optional boolean tool annotation, `agencyHint`, on the `ToolAnnotations` interface in the Model Context Protocol (MCP) specification. | ||
|
|
||
| The goal of `agencyHint` is to tell clients that a tool represents an _agentic_ capability: it may perform multi-step reasoning, planning, or autonomous decision-making, using AI, toward a goal, rather than a single atomic operation. This hint lets clients differentiate agent-like tools from simple procedural ones, enabling better UX patterns (e.g., confirmation flows, progress UI, or monitoring) without changing the underlying protocol semantics. |
There was a problem hiding this comment.
I'm not sold on adding this without having specific examples of how clients would want to use it, ideally from client developers themselves.
A strong signal would be if we saw clients already treating this category differently by doing things like hard coded lists for popular servers they cared about or resorting to string matching on tool names or classifying tool descriptions to come up with these hints themselves.
Absent a signal like that, it seems like we're introducing complexity for a category that's not well understood or in demand from its target audience.
There was a problem hiding this comment.
Responsible AI policies often require human-in-the-loop, an elevated level of transparency, audit trails, and proper handling of user intent end-to-end. It's a matter of finding out what's on the otherside of the line. The proposed agencyHint simply informs the governance of tools, if and when, they become agentic.
|
|
||
| This SEP proposes a new optional boolean tool annotation, `agencyHint`, on the `ToolAnnotations` interface in the Model Context Protocol (MCP) specification. | ||
|
|
||
| The goal of `agencyHint` is to tell clients that a tool represents an _agentic_ capability: it may perform multi-step reasoning, planning, or autonomous decision-making, using AI, toward a goal, rather than a single atomic operation. This hint lets clients differentiate agent-like tools from simple procedural ones, enabling better UX patterns (e.g., confirmation flows, progress UI, or monitoring) without changing the underlying protocol semantics. |
There was a problem hiding this comment.
Do we have clear definitions on what is an agent vs what is a tool? How does this change messaging patterns...
Feels like we are trying to say that this Tool has a different kind of compute behind it. I'm not sure that information is necessary. We don't distinguish HTTP requests based on whether its a static web page or a giant set of microservices.
There was a problem hiding this comment.
While we don't distinguish HTTP requests based on if something is static or not, we do generally distinguish high-cost/risk HTTP requests from low-cost/risk ones, if we know that information ahead of time (that is, it's a use case decision, not a technical one).
In the case of agencyHint, what this means is that because we as the end-users do not necessarily tightly-control the upstream tools or capabilities of the associated agent behind a given tool, we should exercise increased caution regarding when an agentic tool is invoked, and review that tool's inputs/outputs more carefully.
As for a direct answer to the question, the Semantics section addresses this:
- Multi-step reasoning or planning,
- Goal-directed behavior that may result in multiple underlying actions.
Maintainer Activity CheckHi @LucaButBoring! You're assigned to this SEP but there hasn't been any activity from you in 18 days. Please provide an update on:
If you're no longer able to sponsor this SEP, please let us know so we can find another maintainer. This is an automated message from the SEP lifecycle bot. |
|
Voting concluded this weekend, with 0 CM votes in favor and 5 against. The key points of feedback were:
I believe this proposal still fills an important gap in hint coverage, however, and I'm discussing next steps with @thoorp. I'll provide another update after we agree on a course of action. |
|
We're aligned on moving this under a potential Annotations WG and adapting it to a unified solution. Discussing the specifics on Discord for the moment (link). |
This PR migrates SEP-1792 (“Add
agencyHinttool annotation”) from the GitHub issue tracker into theseps/directory, following the updated SEP workflow.It adds
seps/1938-agency-hint-tool-annotation.mdin the standard SEP format, documenting the newagencyHintboolean in theToolAnnotationsinterface. The SEP includes sections on motivation, specification, rationale, backward compatibility, reference implementation, and security implications.Original discussion: #1792
Motivation and Context
Agentic tools can perform multi-step operations and require different UX and safety handling compared to simple tools. Adding the
agencyHintannotation will allow clients to identify such tools and apply appropriate confirmation or monitoring flows.How Has This Been Tested?
This is a documentation change only; no executable code is introduced.
Breaking Changes
None. The new annotation is optional and additive. Existing tools and clients are unaffected.
Types of changes
Checklist
Additional context
This PR follows the new SEP process update (Nov 28, 2025) to migrate SEP proposals into pull requests rather than issues.