Skip to content

Add MCP server tool filtering support to agents-js #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Add MCP server tool filtering support to agents-js #164

wants to merge 18 commits into from
+426 −23

Conversation

vrtnis
Copy link
Contributor

@vrtnis vrtnis commented Jul 1, 2025

Hey all - this PR brings a new tool filtering feature to our MCP integrations. This resolves #162 based on openai/openai-agents-python#861

You can now:

  1. Use createStaticToolFilter for quick allow/block lists

  2. Provide a custom filter function to make dynamic decisions based on runContext

  3. Updated core API so getAllTools now accepts your runContext, ensuring filters are applied correctly

  4. Documentation enhancements in docs/guides/mcp.mdx

  5. New example (examples/mcp/tool-filter-example.ts) to demonstrate both static and dynamic filtering

  6. Comprehensive tests covering static lists, callable filters, multi-server hierarchies, and cache interactions

All tests pass and you can try it out by pnpm -F mcp start:tool-filter

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 1, 2025
edited
Loading

🦋 Changeset detected

Latest commit: b73a090

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages
Name Type
@openai/agents-realtime Patch
@openai/agents-core Patch
@openai/agents Patch
@openai/agents-openai Patch
@openai/agents-extensions Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dkundel-openai
Copy link
Collaborator

@seratch can you review please?

@seratch seratch self-assigned this Jul 7, 2025
seratch
seratch requested changes Jul 10, 2025
View reviewed changes
Copy link
Member

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for sending this! I haven't verified the actual behavior yet but let me share a few quick comments

@vrtnis
Copy link
Contributor Author

vrtnis commented Jul 10, 2025

thanks for the comments, @seratch! esp. the point about moving filtering logic that makes sense for keeping the server implementation focused on transport.
i’ve pushed an update that moves filtering into the agent and runner layer, where it can be handled with proper context. look forward to your feedback!

seratch
seratch requested changes Jul 11, 2025
View reviewed changes
@vrtnis
Copy link
Contributor Author

vrtnis commented Jul 11, 2025

Thanks @seratch. That makes sense and i’ve removed the runContext and agent from the call to underlying.listTools(), so that now filtering happens entirely in getAllMcpFunctionTools() on the agent side.

seratch
seratch reviewed Jul 15, 2025
View reviewed changes
seratch
seratch requested changes Jul 15, 2025
View reviewed changes
Copy link
Member

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, one more request from me

vrtnis and others added 9 commits July 15, 2025 10:44
@vrtnis
docs(mcp): document tool filtering
d5f1051
@vrtnis
fix(realtime): narrow currentAgent type for getAllTools
461acb7
@vrtnis
feat(examples): add MCP tool-filter example
ac72c06
@vrtnis
chore: add changeset for MCP tool-filtering support (fixes openai#162)
612c24e
@vrtnis @seratch
Update .changeset/hungry-suns-search.md
3161fd7 
Co-authored-by: Kazuhiro Sera <[email protected]>
@vrtnis @seratch
Update docs/src/content/docs/guides/mcp.mdx
cc377bc 
Co-authored-by: Kazuhiro Sera <[email protected]>
@vrtnis
refactor: integrate filtered tool logic into agent-level, clean up te…
ce756c2 
…sts and server impl
@vrtnis
refactor(core): update MCP tool filtering implementation
7456bbf 
- Moved tool filtering logic to agent/runner layer
- Removed server-side filtering and context coupling
- Updated test suite to reflect new behavior
@vrtnis
revert: restore MCPServer interface and listTools signature
47ae347 
Reverts prior tool filtering interface changes and updates corresponding tests.
@vrtnis vrtnis force-pushed the feat/mcp-tool-filtering-js branch from 4dce2d5 to 47ae347 Compare July 15, 2025 17:53
vrtnis and others added 3 commits July 15, 2025 11:18
@vrtnis
refactor(core): prefix tool filter names with MCP
4c1adbd
@gilbertl @dkundel-openai @seratch
Handle function call messages with empty content (openai#203)
dc5bc15 
* Handle function call messages with empty content

* Resolve test failure

* Create heavy-yaks-mate.md

---------

Co-authored-by: Dominik Kundel <[email protected]>
@seratch
wip
73eb37a
seratch
seratch requested changes Jul 16, 2025
View reviewed changes
Copy link
Member

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did thorough review and I found your current implementation actually does nothing for allowing/blocking tools. I've implemented draft version of change here: seratch@73eb37a Hope sharing this clarifies things!

examples/mcp/tool-filter-example.ts Outdated
console.log('\nAttempting to write a file (should be blocked):');
result = await run(
agent,
'Create a file named test.txt with the text "hello"',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

currently this is blocked either way because the mcp server has the access only to sample_files/

my diff changed this as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved through merge of 73eb37a, example updated accordingly. Also, e4ba592 explicitly lists sample_files to allow listing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for sharing your draft, @seratch! You’re absolutely right, my plumbing additions never actually invoked the filter, so allow/block lists weren’t doing anything.

I’ve since merged your implementation from 73eb37a and used that as the foundation. Appreciate the clarity your diff brought to this.

One question: should we also update the test to explicitly include toolUseBehavior: 'stop_on_first_tool' in the agent config? That setting ensures the run exits immediately with a "Tool \"write_file\" is blocked by MCP filter." error rather than continuing or looping, which might make the filter behavior clearer and more predictable in test output.

happy to add that if helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seratch seratch seratch requested changes

Assignees

@seratch seratch

Labels
enhancement New feature or request package:agents-core package:agents-realtime
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add tool filter to MCP support
4 participants
@vrtnis @dkundel-openai @seratch @gilbertl