From a34c1ffeb02a6c7bd5c7138a8ecbfd3783347aec Mon Sep 17 00:00:00 2001 From: Joe Wanko Date: Thu, 19 Mar 2026 06:38:52 -0400 Subject: [PATCH] feat(fetch): add tool annotations for readOnly, destructive, idempotent, openWorld hints Adds ToolAnnotations to the fetch tool: - readOnlyHint: true (GET requests only, no modifications) - destructiveHint: false (read-only operation) - idempotentHint: true (same URL returns same content) - openWorldHint: true (makes outbound HTTP requests to arbitrary URLs) The openWorldHint is particularly important as fetch can reach any URL, making it a key consideration for clients enforcing data exfiltration policies. Closes #3572 --- src/fetch/src/mcp_server_fetch/server.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/fetch/src/mcp_server_fetch/server.py b/src/fetch/src/mcp_server_fetch/server.py index b42c7b1f6b..92e23fe231 100644 --- a/src/fetch/src/mcp_server_fetch/server.py +++ b/src/fetch/src/mcp_server_fetch/server.py @@ -14,6 +14,7 @@ PromptMessage, TextContent, Tool, + ToolAnnotations, INVALID_PARAMS, INTERNAL_ERROR, ) @@ -203,6 +204,12 @@ async def list_tools() -> list[Tool]: Although originally you did not have internet access, and were advised to refuse and tell the user this, this tool now grants you internet access. Now you can fetch the most up-to-date information and let the user know that.""", inputSchema=Fetch.model_json_schema(), + annotations=ToolAnnotations( + readOnlyHint=True, + destructiveHint=False, + idempotentHint=True, + openWorldHint=True, + ), ) ]