adityamparikh opened a new pull request, #134: URL: https://github.com/apache/solr-mcp/pull/134
## Summary Adds `@McpTool.McpAnnotations` to every MCP tool so clients can make sensible approval decisions instead of treating every call as worst-case destructive. | Tool | readOnlyHint | destructiveHint | idempotentHint | |---|---|---|---| | `search`, `list-collections`, `get-collection-stats`, `check-health`, `get-schema` | `true` | n/a | n/a | | `create-collection` | `false` (default) | `false` (additive provisioning) | `false` (default — re-creating errors) | | `index-json-documents`, `index-csv-documents`, `index-xml-documents` | `false` (default) | `true` (default — Solr overwrites by uniqueKey) | `true` (re-posting same payload → same end state) | ## Why NSA's *Model Context Protocol: Security Design Considerations* CSI (U/OO/6030316-26, May 2026) flags "poor approval workflows" as one of the top risks for MCP deployments. The CSI calls out that clients today often can't distinguish a read from a destructive write without parsing prose tool descriptions, which produces consent fatigue and pushes operators toward blanket approvals. Exposing the spec's standard behavior hints is the server-side enabler clients need to build approval UX that doesn't desensitize users. ## Test plan - [x] Extended `McpClientIntegrationTestBase.toolsExposeBehaviorHints` to assert hint values flow through `listTools` for every tool — runs under both HTTP and stdio transports, so the wire-level annotations are verified end-to-end. - [x] `./gradlew build` passes locally (38s, all tests green). - [x] Spotless check passes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
