Correct custom mcpTools auth wording: anonymously invocable, no login gate#574
Merged
Conversation
… gate Fixes #566. The "is the user logged in only" claim was wrong — custom tools register with visibleTo: () => true and the MCP route imposes no auth requirement, so anonymous sessions can list and call them. Now states that plainly and contrasts with the RBAC-filtered verb tools. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the documentation in reference/mcp/tools-and-resources.md to clarify security behaviors for custom tools. Specifically, it highlights that custom tools are exposed to all MCP sessions, including anonymous and unauthenticated ones, and that developers must implement their own access control checks within the tool's method. There are no review comments, so I have no feedback to provide.
🚀 Preview DeploymentYour preview deployment is ready! 🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-574 This preview will update automatically when you push new commits. |
kriszyp
approved these changes
Jul 8, 2026
🧹 Preview CleanupThe preview deployment for this PR has been removed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #566.
The Custom
mcpToolssection claimed "Authentication is "is the user logged in" only" — inaccurate: custom tools register withvisibleTo: () => true, the MCP route mounts with no auth requirement, and an anonymous session can list and call them (verified live by the reporter on 5.1.15, and consistent with the anonymous-session posture verified during harper#1613/#1633). The paragraph now states the anonymous exposure plainly, contrasts it with the RBAC-filtered auto verb tools, and tells authors exactly how to gate (context.usercheck in the method).Same wording had been copied into the pending mcpResources docs (#567) — corrected there in its own branch.
Generated by an LLM (Claude Fable 5).