Skip to content
PricingReleases

McpToolCallContext

Defined in: mcp.ts:105

Optional context passed into MCP tool dispatch (stdio / HTTP).

optional bindingSource?: "token" | "hint" | "fifo" | "arg"

Defined in: mcp.ts:131

Provenance of recursiveSessionId — how the transport established it:

  • 'token': per-session identity token minted at spawn and presented via X-Recursive-Session-Token (or ?rt=). Deterministic and trusted.
  • 'hint': X-Recursive-Session-Id header hint matched against pending registrations. Trusted.
  • 'fifo': legacy first-pending-claim pairing. Trusted but racy under concurrent spawns.
  • 'arg': backfilled from a tool argument (session_id/run_id). Untrusted — pairs with recursiveSessionIdTrusted: false.

optional mcpSessionId?: string | null

Defined in: mcp.ts:106


optional recursiveSessionId?: string | null

Defined in: mcp.ts:108

Recursive session ID that owns this MCP connection (set from pending queue on initialize).


optional recursiveSessionIdTrusted?: boolean

Defined in: mcp.ts:119

Whether recursiveSessionId was established from an authoritative binding (pending-claim at initialize, or a stdio server spawned with RECURSIVE_MCP_BOUND_SESSION_ID) rather than backfilled from a tool argument. Ownership-checked tools (e.g. user_ask) MUST require this: an arg-derived identity makes a callerId === target check self-referential and always pass, which would let an agent post into any session it names. Absent ⇒ treated as trusted for back-compat with callers predating this flag; only the HTTP transport’s arg-backfill path sets it false.