Repo: modelcontextprotocol/experimental-ext-tool-annotations Discord: #tool-annotations-ig

Tool Annotations Interest Group Meeting - April 23rd, 2026 (Inaugural)

MCP Event page: https://meet.modelcontextprotocol.io/2026/04/tool-annotations-ig-nVF2A2wK9f3X

This was the kickoff meeting for the Tool Annotations IG.

Agenda

• Review and approve the IG charter
• Align on initial focus areas (compound tools, provenance, privacy)
• Discuss approach: proofs of concept vs. abstract proposals
• Establish meeting cadence

Attendees

• Sam Morrow (@SamMorrowDrums) — GitHub, Facilitator
• Robert Reichel (@rreichel3) — OpenAI, Facilitator
• Matt Carey (@mattzcarey) — Cloudflare
• Connor Peet (@connor4312) — Microsoft / VS Code
• Ola Hungerford (@olaservo) — Nordstrom

Discussion

Charter approval

Sam walked through the draft charter and the group approved it for submission. Sam to file the charter PR for merging into the spec repo. (Merged shortly after as #2615.)

Connor and Matt are particularly interested in compound tools getting correct annotations. Robert is focused on provenance / data attribution annotations to help prevent sensitive data exposure.

Focus: framing over individual annotations

The group agreed not to get into the weeds of individual annotation proposals. The IG's job is to focus on the application, timing, and future direction of annotations within the protocol — not to brainstorm a long list of new hints. The bar for merging any new annotation into the spec is incredibly high: it has to carry load-bearing meaning that existing annotations don't already cover.

Practical examples are encouraged

Matt asked about the charter's exclusion of implementation work — he wants to use things like a fork of the TypeScript SDK as a practical example. Sam clarified the exclusion is about avoiding abstract proposals for new annotation types, not about discouraging proofs of concept. Real PoC examples are explicitly encouraged.

Robert noted that maintainers have suggested using the _meta field in MCP as a way to scope out and demonstrate new annotations before pushing for spec-level changes — this fits well with the "show, don't tell" strategy.

Privacy and defense in depth

Sam framed the privacy angle: we need practical experience to figure out what level of privacy annotations can actually achieve (e.g. distinguishing internal vs. external servers). The framing is defense in depth — annotations that reduce the likelihood of unintended actions: avoiding unnecessary destructive actions, catching internal data-boundary issues, etc.

Overlap with other groups

There's clear overlap with auth / fine-grained permissions / tool scopes work. Matt raised pre-authorization: a tool could publish that an action requires an external scope, letting the agent harness request upscoping from the user before invocation. Robert was optimistic about agents eventually being able to choose very specifically what they should and shouldn't do via fine-grained auth.

We should stay coordinated with those WGs rather than duplicate their scope.

Cadence

Agreed on a bi-weekly meeting cadence to maintain momentum in the early phase.

Decisions

• Aligned: Initial focus areas are compound tools, provenance, and privacy.
• Aligned: Prioritize prototyping and real PoCs (including client implementations, not just SDK changes) over abstract spec proposals.
• Aligned: Bi-weekly meeting cadence.
• Approved: IG charter, for submission.

Action Items

• @SamMorrowDrums — submit the IG charter PR for merging. (Done: #2615, merged.)
• @SamMorrowDrums — add a comment to the charter PR clarifying that real PoC examples are encouraged.
• @SamMorrowDrums — add today's attendees to the IG membership table once the charter is merged.
• @SamMorrowDrums — establish and publish a regular bi-weekly cadence.
• @connor4312 — prototype usable client-side concepts/implementations to anchor the IG's work in real client behavior.

Next meeting

Tool Annotations IG — May 28, 2026, 4:30pm Europe/Amsterdam