Dynamic Tool Registration Based on Authentication Context

[danielsinai]

Feature Request: Dynamic Tool Registration Based on Authentication Context

Is your feature request related to a problem? Please describe.

The MCP server only supports static tool registration at startup or based on notifications which requires session management. This forces applications that need user-specific tools to either:

1. Register all possible tools upfront (security/performance issues)
2. Use hacky workarounds that override request handlers

We need to provide different tools based on the authenticated user's permissions and context.

Describe the solution you'd like

Add a dynamic tool registration mechanism that allows tools to be discovered at runtime based on authentication context:

interface DynamicToolProvider {
  discoverTools(authInfo: AuthInfo): Promise<Tool[]>;
  createTool(name: string, args: unknown): RegisteredTool;
}

mcpServer.registerDynamicToolProvider(provider: DynamicToolProvider): void;

Describe alternatives you've considered

Current Workaround: Override listTools and callTool handlers, access private _registeredTools with @ts-expect-error, duplicate schema conversion logic.

Notifications Approach: I know it's possible to achieve this using MCP notifications, but that requires implementing session management which adds significant complexity that do not overlap with the vision of making MCP server simple using HTTP Streamable API.

Additional context

We currently use this for dynamic actions based on user permissions in our Port platform. The workaround works but is fragile and duplicates logic that should be handled by the SDK.

[KKonstantinov]

The current implementation of the SDK supports this.

As per the examples, the McpServer & the tools/promptes/resources registrations are happening within-request and not globally pre-request. Therefore, within request you should be already able to tell the who the user is, which should lead you to narrow down the list of stuff you register with the server for that particular request.

As far as performance issues of registration, registering 100 tools takes ~1 millisecond when measured.

[danielsinai]

@KKonstantinov thanks for getting back to me 🙌

From my testing, it's achievable but only by overriding the default requestHandler which is not ideal, I was forced to access to internal properties like _registeredTools.

I implemented it like that in the end, but I expect that to be a native feature WDYT? Maybe I miss something?

[KKonstantinov]

Sorry I won't be able to reply I think without seeing your POST handler implementation.

In short, the mcp server instance is created within the http request, where you have access to headers. After the instance is created, the tools are registered with it. This us before handleRequest is called.

If you have access to the headers, you can determine the access token or whatever your authn/authz scenario is. And based on that, not register a part of the tools (or register but disable them... depends on your choice)

[danielsinai]

Sure thing @KKonstantinov here's an example of an override - it's possible but a bit complicated and might break on SDK updates.

import { McpServer, RegisteredTool, ToolCallback } from "@modelcontextprotocol/sdk/server/mcp.js";
import {
  ListToolsRequestSchema,
  CallToolRequestSchema,
  McpError,
  ErrorCode,
  type ListToolsResult,
  type CallToolResult,
  type Tool,
} from "@modelcontextprotocol/sdk/types.js";
import { ZodType } from "zod";
import { zodToJsonSchema } from "zod-to-json-schema";

type AuthInfo = { token: string };
type DynamicToolDef = {
  toolRegex: RegExp;
  toolsDiscovery(auth: AuthInfo): Promise<Array<Omit<Tool, "enabled"> & { enabled?: boolean }>>;
  createToolFromArgs(args: unknown): RegisteredTool | undefined;
};

const EMPTY_OBJECT_JSON_SCHEMA = { type: "object" as const, properties: {} };

export function registerDynamicTools(mcpServer: McpServer, dynamicDefs: DynamicToolDef[]) {
  // 1) ListTools: merge enabled static tools + dynamically discovered tools
  mcpServer.server.setRequestHandler(
    ListToolsRequestSchema,
    async (_req, { authInfo }): Promise<ListToolsResult> => {
      if (!authInfo) throw new McpError(ErrorCode.InvalidParams, "Authentication is required");

      // @ts-expect-error private API access
      const staticTools: Tool[] = Object.entries(mcpServer._registeredTools as Record<string, RegisteredTool>)
        .filter(([, t]) => t.enabled)
        .map(([name, t]) => {
          const def: Tool = {
            name,
            title: t.title,
            description: t.description,
            inputSchema: t.inputSchema
              ? (zodToJsonSchema(t.inputSchema as unknown as ZodType, { strictUnions: true }) as Tool["inputSchema"])
              : EMPTY_OBJECT_JSON_SCHEMA,
            annotations: t.annotations,
          };
          if (t.outputSchema) {
            def.outputSchema = zodToJsonSchema(t.outputSchema as ZodType, { strictUnions: true }) as Tool["outputSchema"];
          }
          return def;
        });

      const dynamicTools = (
        await Promise.all(
          dynamicDefs.map(async d => {
            try {
              const tools = await d.toolsDiscovery(authInfo as AuthInfo);
              return tools.map(t => ({ ...t, enabled: true }));
            } catch {
              return [];
            }
          })
        )
      ).flat() as Tool[];

      return { tools: [...staticTools, ...dynamicTools] };
    }
  );

  // 2) CallTool: prefer static; otherwise synthesize via matching dynamic def
  mcpServer.server.setRequestHandler(
    CallToolRequestSchema,
    async (request, extra): Promise<CallToolResult> => {
      if (!extra.authInfo) throw new McpError(ErrorCode.InvalidParams, "Authentication is required");

      // @ts-expect-error private API access
      let tool: RegisteredTool | undefined = mcpServer._registeredTools?.[request.params.name];

      if (!tool) {
        const match = dynamicDefs.find(d => d.toolRegex.test(request.params.name));
        if (match) tool = match.createToolFromArgs(request.params.arguments);
      }
      if (!tool) throw new McpError(ErrorCode.InvalidParams, `Tool ${request.params.name} not found`);
      if (!tool.enabled) throw new McpError(ErrorCode.InvalidParams, `Tool ${request.params.name} disabled`);

      // Input validation → call → optional output validation
      if (tool.inputSchema) {
        const parsed = await tool.inputSchema.safeParseAsync(request.params.arguments);
        if (!parsed.success) {
          throw new McpError(
            ErrorCode.InvalidParams,
            `Invalid arguments for tool ${request.params.name}: ${parsed.error.message}`
          );
        }
        const args = parsed.data;
        const cb = tool.callback as ToolCallback<typeof args>;
        try {
          const result = await Promise.resolve(cb(args, extra));
          if (tool.outputSchema && !result.isError) {
            if (!result.structuredContent) {
              throw new McpError(
                ErrorCode.InvalidParams,
                `Tool ${request.params.name} has an output schema but no structured content was provided`
              );
            }
            const out = await tool.outputSchema.safeParseAsync(result.structuredContent);
            if (!out.success) {
              throw new McpError(
                ErrorCode.InvalidParams,
                `Invalid structured content for tool ${request.params.name}: ${out.error.message}`
              );
            }
          }
          return result;
        } catch (err) {
          return {
            content: [{ type: "text", text: err instanceof Error ? err.message : String(err) }],
            isError: true,
          };
        }
      } else {
        const cb = tool.callback as ToolCallback<undefined>;
        try {
          return await Promise.resolve(cb(extra));
        } catch (err) {
          return {
            content: [{ type: "text", text: err instanceof Error ? err.message : String(err) }],
            isError: true,
          };
        }
      }
    }
  );
}

[harrisonlinowes]

Any update on official support for this? This would be super helpful for my use case as well. I see how the solution above works but ideally I don't have to override the endpoint handlers and I can just add some sort of middleware.

[harrisonlinowes]

FWIW I was able to implement this with the following middleware function:

export function enableToolsBasedOnToken(
  req: Request,
  registeredTools: RegisteredTool[]
) {
  const authzLogger = Logger.forContext(
    "auth.util.ts",
    "enableToolsBasedOnToken"
  );
  const token = req.headers.authorization;
  if (token) {
    const toolAllowList = API_TOKEN_TO_TOOL_ACCESS[token!];
    registeredTools.forEach((tool) => {
      const currentToolName = tool.annotations?.title || "";
      if (toolAllowList?.includes(currentToolName) && !tool.enabled) {
        authzLogger.info(
          `Enabling tool: ${currentToolName} for token: ${token}`
        );
        tool.enable();
      } else if (!toolAllowList?.includes(currentToolName) && tool.enabled) {
        authzLogger.info(
          `Disabling tool: ${currentToolName} for token: ${token}`
        );
        tool.disable();
      }
    });
  } else {
    // If there's no auth disable all tools
    authzLogger.info("No token provided, disabling all tools");
    registeredTools.forEach((tool) => {
      if (tool.enabled) {
        tool.disable();
      }
    });
  }
}