Skip to content

‌Metadata injection in tool calls #2590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hongliangzhang07 opened this issue Mar 29, 2025 · 1 comment
Open

‌Metadata injection in tool calls #2590

hongliangzhang07 opened this issue Mar 29, 2025 · 1 comment
Labels
MCP

Comments

@hongliangzhang07
Copy link

Here's the translation of your technical proposal for Spring optimization:

When MCP invokes tools, can we add a metadata injection mechanism? The workflow would be:

User login → Authentication service returns tenantId → Store in MCP context
Tools automatically carry tenantId during invocation
Data queries perform tenant permission filtering using tenantId to prevent unauthorized access
MCP should enforce these verifications before tool execution:

Client requests must carry tenantId metadata (Item 6)
Server must validate the ownership relationship between user session and tenantId (Item 1)
Tools can only access resources within the tenantId's authorized scope
This proposal clearly outlines a multi-tenant security pattern using tenant isolation. You might want to reference Spring Security's existing tenant isolation capabilities and Spring Cloud Context's property propagation mechanisms when submitting this to Spring. Would you like me to help format this as an official Spring Enhancement Proposal (SEP) template?
@poo0054
Copy link

poo0054 commented Apr 17, 2025

Probably the same as #2757

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
MCP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@markpollack @poo0054 @hongliangzhang07