fix(mcp): MCP safe mode should use runtime checks instead of tool filtering (#846)

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: aaronsteers

airbyte/mcp/_tool_utils.py

@@ -63,7 +63,7 @@ def check_guid_created_in_session(guid: str) -> None:
 
 
 def should_register_tool(annotations: dict[str, Any]) -> bool:
-    """Check if a tool should be registered based on safe mode settings.
+    """Check if a tool should be registered based on mode settings.
 
     Args:
         annotations: Tool annotations dict containing domain, readOnlyHint, and destructiveHint
@@ -74,19 +74,11 @@ def should_register_tool(annotations: dict[str, Any]) -> bool:
     if annotations.get("domain") != "cloud":
         return True
 
-    if not AIRBYTE_CLOUD_MCP_READONLY_MODE and not AIRBYTE_CLOUD_MCP_SAFE_MODE:
-        return True
-
     if AIRBYTE_CLOUD_MCP_READONLY_MODE:
         is_readonly = annotations.get(READ_ONLY_HINT, False)
         if not is_readonly:
             return False
 
-    if AIRBYTE_CLOUD_MCP_SAFE_MODE:
-        is_destructive = annotations.get(DESTRUCTIVE_HINT, True)  # Default is True per FastMCP
-        if is_destructive:
-            return False
-
     return True
 
 

airbyte/mcp/cloud_ops.py

@@ -1015,8 +1015,9 @@ def register_cloud_ops_tools(app: FastMCP) -> None:
 
     This is an internal function and should not be called directly.
 
-    Tools are filtered based on safe mode settings:
+    Tools are filtered based on mode settings:
     - AIRBYTE_CLOUD_MCP_READONLY_MODE=1: Only read-only tools are registered
-    - AIRBYTE_CLOUD_MCP_SAFE_MODE=1: Destructive tools are not registered
+    - AIRBYTE_CLOUD_MCP_SAFE_MODE=1: All tools are registered, but destructive
+      operations are protected by runtime session checks
     """
     register_tools(app, domain="cloud")