yoi/.yoi/tickets/00001KVHR3WSD/item.md

title	state	created_at	updated_at	assignee	readiness	risk_flags	queued_by	queued_at
MCP: execute tools/call through ordinary Tool path	closed	2026-06-20T05:30:04Z	2026-06-20T09:18:51Z	null	implementation_ready	mcp tools-call permission history bounded-output	workspace-panel	2026-06-20T05:59:04Z

Background

After MCP tools are registered through ToolRegistry, invoking a Yoi MCP-backed tool should call the server's tools/call and return a bounded ordinary Tool result. Permission denial must happen before sending a request to the MCP server.

Requirements

• Route registered MCP tool invocation to MCP tools/call.
• Apply existing PreToolCall / Tool permission path before MCP server call.
• If permission is denied, do not send tools/call to the server.
• Distinguish normal result, MCP isError: true, and JSON-RPC protocol error.
• Serialize MCP result forms boundedly: content[], structuredContent, isError, _meta, and supported rich content summaries.
• Store result through ordinary Tool result/history path.
• Treat all content as untrusted.

Acceptance criteria

• MCP mock tool returns normal result through ordinary Yoi Tool result.
• MCP isError: true is represented distinctly from JSON-RPC protocol failure.
• Permission denied call is not sent to the MCP server.
• Oversize/rich results are bounded/truncated or rejected according to explicit policy.
• Tool history shows ordinary tool call/result, not hidden context injection.
• Tests cover normal result, isError, protocol error, permission denial, and output bounds.

Non-goals

• resources/read or prompts/get.
• list_changed notifications.
• Sampling/elicitation.

Related work

• Depends on 00001KVHR3WS6.
• Objective: 00001KTR80WMN.