Skip to content

7 tool calling#8

Merged
rhblind merged 3 commits intomainfrom
7-tool-calling
Jan 20, 2026
Merged

7 tool calling#8
rhblind merged 3 commits intomainfrom
7-tool-calling

Conversation

@rhblind
Copy link
Owner

@rhblind rhblind commented Jan 20, 2026

Version: 0.4.0 → 0.5.0

Major Features

  1. Tool Annotations (MCP Specification)

    • Added annotations field to tools (readOnlyHint, destructiveHint, idempotentHint, openWorldHint)
    • MCP clients now use these hints to determine when to prompt users for permission
    • eval-elisp: marked as destructive, non-idempotent, open-world
    • get-diagnostics: marked as read-only, idempotent, closed-world

  2. Client-Side Permission Model

    • Changed default mcp-server-security-prompt-for-permissions from t to nil
    • Permission decisions are now delegated to MCP clients by default
    • Emacs-side prompting available as opt-in extra security layer

  3. Modular Tool System

    • Self-registering tools in tools/ directory
    • get-diagnostics tool for flycheck/flymake error reporting
    • Selective tool enabling via mcp-server-emacs-tools-enabled
    • Runtime tool filtering via mcp-server-tools-filter

Documentation

  • Added JSON Boolean convention to CLAUDE.md: :json-false is banned, always use :false
  • Added version bumping instructions (update both header and defconst)
  • Expanded security model documentation with tool annotations table
  • Added CHANGELOG.md

Bug Fixes

  • Fixed JSON serialization to properly handle :false for boolean false values

@rhblind
docs(security): Update permission model to use client-side authorization
bc95fb7 
Clarify that permission decisions are delegated to MCP clients by default,
which use tool annotations to determine when to prompt users. Add section
explaining tool annotations (readOnlyHint, destructiveHint, idempotentHint,
openWorldHint) and document how to enable optional Emacs-side prompting.

- Change default of mcp-server-security-prompt-for-permissions to nil
- Update permission logic to allow all operations when prompting disabled
- Add tool annotations to eval-elisp and get-diagnostics tools
- Document JSON boolean convention (:false not :json-false)
@rhblind
chore: Bump version to 0.5.0 and clean up whitespace
36894c7 
Update version number in both header comment and runtime constant.
Remove trailing whitespace throughout the codebase.
@rhblind rhblind linked an issue Jan 20, 2026 that may be closed by this pull request
Tool calling #7
Closed
@rhblind rhblind requested a review from Copilot January 20, 2026 00:02
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements version 0.5.0 of the MCP server, introducing MCP-compliant tool annotations and shifting the default permission model from Emacs-side prompting to client-side delegation based on tool behavior hints.

Changes:

  • Added tool annotations (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) to both tools per MCP specification
  • Changed default permission handling from Emacs prompting to client-side delegation via mcp-server-security-prompt-for-permissions (now defaults to nil)
  • Documented JSON boolean conventions (:false for output, never :json-false) and version bumping procedures in CLAUDE.md

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tools/mcp-server-emacs-tools-eval-elisp.el Added annotations marking eval-elisp as destructive, non-idempotent, and open-world
tools/mcp-server-emacs-tools-diagnostics.el Added annotations marking get-diagnostics as read-only, idempotent, and closed-world
mcp-server-security.el Changed default permission prompt to nil with updated documentation explaining client-side delegation; updated permission logic to allow all operations when prompting is disabled
mcp-server.el Version bump to 0.5.0 in both header and constant; whitespace cleanup
mcp-server-transport.el Whitespace cleanup for consistency
CLAUDE.md Added comprehensive JSON boolean convention documentation, version bumping instructions, and expanded security model section with tool annotations table

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rhblind
refactor(security): Change default behavior to block dangerous operat…
f9ad85f 
…ions

By default, dangerous operations are now blocked silently without prompting.
Previously, all operations were allowed by default (relying on client-side
permission handling). The blocklist is now always enforced.

Setting `mcp-server-security-prompt-for-permissions` to t enables minibuffer
prompts to approve dangerous operations case-by-case instead of blocking them.
Error messages now provide clearer guidance on how to allow blocked operations.
@rhblind rhblind merged commit da21de8 into main Jan 20, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tool calling

1 participant

@rhblind