Support for MCP Tool Annotations

[puritatemcordis]

In Anthropic's MCP Python SDK, they have tool annotations that denote whether a tool is readonly, destructive, idempotent, etc. This would be most useful in the case of human-in-the-loop interactions. Applications/agents can read the tool schema and use these annotations to:

• Automatically determine approval workflows: Route destructive operations through human approval while allowing readonly operations to execute automatically
• Apply appropriate safety guardrails: Warn users before executing destructive actions or operations with side effects
• Optimize retry logic: Safely retry idempotent operations on failure without risk of duplicate effects
• Generate better UI/UX: Display appropriate warnings, confirmations, or visual indicators based on operation safety level
• Enable audit logging: Automatically flag and log high-risk operations for compliance and debugging

MCP ToolAnnotation Reference
https://github.com/modelcontextprotocol/python-sdk/blob/9724ad1ce66c2a4f18c7539ef589d4d3b9aebd82/src/mcp/types.py#L823-L868