Feature hasn't been suggested before.
Describe the enhancement you want to request
When an MCP tool like sanitize_text is called with sensitive content (e.g., a secret or PII), OpenCode displays the tool call arguments in the UI before the tool processes them:
⚙ai-guardian_sanitize_text [text=AWS_ACCESS_KEY_ID=AKIAIOSFODNN7REALKEY]
The secret is visible in the chat timeline even though the MCP tool's purpose is to detect and redact it.
Root cause
GenericTool in packages/ui/src/components/basic-tool.tsx renders tool args via the args() function, which extracts key=value pairs from part().state.input. This data is set from the stored message state before tool.execute.before hooks fire, so plugins cannot redact it.
Proposed solution
Allow MCP tool definitions to mark specific parameters as sensitive. When a parameter is marked sensitive, the UI should display [REDACTED] instead of the actual value.
Options:
- Tool-level flag: A
sensitive: true property on the MCP tool definition that redacts all args in the UI display
- Parameter-level flag: A
sensitive: true annotation on individual parameter schemas, so only specific args are redacted
- Plugin hook: Allow
tool.execute.before mutations to output.args to propagate back to the UI display (currently they don't — the UI reads from stored message state)
Use case
Security tools (like ai-guardian) provide MCP tools that scan text for secrets and PII. The agent sends potentially sensitive text to these tools for analysis. Displaying the raw args defeats the purpose of the security scan — the secret is exposed in the UI before it can be detected and redacted.
This affects any MCP security tool, not just ai-guardian.
Additional context
tool.execute.before hook fires but mutating output.args does not affect UI rendering- The
args() function in basic-tool.tsx skips keys like description, query, url, filePath, path, pattern, name — but text is not in this skip list
- A workaround for MCP tool authors would be to rename the parameter to one of the skipped keys (e.g.,
description instead of text), but this is fragile and semantically incorrect
Feature hasn't been suggested before.
Describe the enhancement you want to request
When an MCP tool like
sanitize_textis called with sensitive content (e.g., a secret or PII), OpenCode displays the tool call arguments in the UI before the tool processes them:The secret is visible in the chat timeline even though the MCP tool's purpose is to detect and redact it.
Root cause
GenericToolinpackages/ui/src/components/basic-tool.tsxrenders tool args via theargs()function, which extractskey=valuepairs frompart().state.input. This data is set from the stored message state beforetool.execute.beforehooks fire, so plugins cannot redact it.Proposed solution
Allow MCP tool definitions to mark specific parameters as sensitive. When a parameter is marked sensitive, the UI should display
[REDACTED]instead of the actual value.Options:
sensitive: trueproperty on the MCP tool definition that redacts all args in the UI displaysensitive: trueannotation on individual parameter schemas, so only specific args are redactedtool.execute.beforemutations tooutput.argsto propagate back to the UI display (currently they don't — the UI reads from stored message state)Use case
Security tools (like ai-guardian) provide MCP tools that scan text for secrets and PII. The agent sends potentially sensitive text to these tools for analysis. Displaying the raw args defeats the purpose of the security scan — the secret is exposed in the UI before it can be detected and redacted.
This affects any MCP security tool, not just ai-guardian.
Additional context
tool.execute.beforehook fires but mutatingoutput.argsdoes not affect UI renderingargs()function inbasic-tool.tsxskips keys likedescription,query,url,filePath,path,pattern,name— buttextis not in this skip listdescriptioninstead oftext), but this is fragile and semantically incorrect