Feature: 018-intent-declaration | Date: 2025-12-28
This guide shows how to use the new intent-based tool calling system in MCPProxy.
MCPProxy now uses three tool variants instead of a single call_tool:
| Tool | Use For | Example Operations |
|---|---|---|
call_tool_read |
Read-only queries | List repos, get user info, search |
call_tool_write |
State modifications | Create issue, update file, send message |
call_tool_destructive |
Irreversible actions | Delete repo, revoke access, drop table |
Every tool call requires matching intent in two places:
- Tool selection: Choose the right variant (
call_tool_read/write/destructive) - Intent parameter: Declare
intent.operation_typematching the tool
{
"name": "call_tool_destructive",
"arguments": {
"name": "github:delete_repo",
"args_json": "{\"repo\": \"test-repo\"}",
"intent": {
"operation_type": "destructive",
"data_sensitivity": "private",
"reason": "User requested cleanup"
}
}
}// Request
{
"name": "retrieve_tools",
"arguments": {
"query": "delete repository",
"limit": 5
}
}
// Response
{
"tools": [
{
"name": "github:delete_repo",
"description": "Delete a GitHub repository",
"inputSchema": { ... },
"score": 0.95,
"server": "github",
"annotations": {
"destructiveHint": true
},
"call_with": "call_tool_destructive"
}
],
"usage_instructions": "Use call_tool_read for read-only operations..."
}// Use the recommended call_with variant
{
"name": "call_tool_destructive",
"arguments": {
"name": "github:delete_repo",
"args_json": "{\"repo\": \"test-repo\"}",
"intent": {
"operation_type": "destructive",
"reason": "User confirmed deletion"
}
}
}# List repositories (read-only)
mcpproxy call tool-read github:list_repos --json_args '{}'
# Get user info
mcpproxy call tool-read github:get_user --json_args '{"username":"octocat"}'# Create issue
mcpproxy call tool-write github:create_issue \
--json_args '{"repo":"test","title":"Bug report"}' \
--reason "Filing bug from user feedback"
# Update file with sensitivity
mcpproxy call tool-write github:update_file \
--json_args '{"path":"config.json","content":"..."}' \
--sensitivity private# Delete repository (requires explicit destructive variant)
mcpproxy call tool-destructive github:delete_repo \
--json_args '{"repo":"old-project"}' \
--reason "Project deprecated, user confirmed"# List all activity
mcpproxy activity list
# Output includes Intent column:
# ID TIME TYPE SERVER TOOL INTENT STATUS
# 01ABC... 2025-12-28 10:30:00 tool_call github list_repos read success
# 01DEF... 2025-12-28 10:31:00 tool_call github create_issue write success
# 01GHI... 2025-12-28 10:32:00 tool_call github delete_repo destruct success# Show only destructive operations (security audit)
mcpproxy activity list --intent-type destructive
# Show failed write operations
mcpproxy activity list --intent-type write --status error# Filter via API
curl -H "X-API-Key: $KEY" \
"http://127.0.0.1:8080/api/v1/activity?intent_type=destructive"# Disable ANSI colors and icons for scripting/logging
NO_COLOR=1 mcpproxy activity list
# Or use JSON output for machine processing
mcpproxy activity list -o jsonConfigure your IDE (Cursor, Claude Desktop) for per-variant permissions:
MCPProxy Tools:
[x] call_tool_read → Auto-approve
[ ] call_tool_write → Ask each time
[ ] call_tool_destructive → Always ask + confirm
This enables safe auto-approval of read operations while requiring human confirmation for modifications.
Error: Intent mismatch: tool is call_tool_read but intent declares write
Fix: Use call_tool_write with intent.operation_type: "write"
Error: intent parameter is required for call_tool_read
Fix: Add intent object with at least operation_type
Error: Tool 'github:delete_repo' is marked destructive by server, use call_tool_destructive
Fix: Check call_with in retrieve_tools response and use recommended variant
The CLI command mcpproxy call tool is marked as legacy and will be deprecated in a future release.
It continues to work but does not support intent declaration. Use the new variants instead:
# Legacy (deprecated)
mcpproxy call tool --tool-name=github:list_repos --json_args '{}'
# New (recommended)
mcpproxy call tool-read github:list_repos --json_args '{}'In the MCP interface, the legacy call_tool has been removed. Clients must use:
call_tool_readfor read operationscall_tool_writefor write operationscall_tool_destructivefor destructive operations
{
"intent_declaration": {
"strict_server_validation": true
}
}When true (default): Rejects calls where intent conflicts with server annotations.
When false: Logs warning but allows call (for trusted environments).
If you're upgrading from a version with the legacy call_tool:
- Update tool discovery: Check
call_withfield in retrieve_tools response - Split calls by operation type:
- Queries →
call_tool_read - Creates/Updates →
call_tool_write - Deletes →
call_tool_destructive
- Queries →
- Add intent parameter: Include
operation_typematching the variant - Update IDE permissions: Configure per-variant approval rules
# 1. Search for tools
mcpproxy call tool --tool-name=retrieve_tools --json_args '{"query":"file operations"}'
# 2. Read a file (auto-approved in IDE)
mcpproxy call tool-read github:get_file --json_args '{"path":"README.md"}'
# 3. Update a file (IDE prompts for approval)
mcpproxy call tool-write github:update_file \
--json_args '{"path":"README.md","content":"# Updated"}' \
--reason "Updating documentation"
# 4. Delete a file (IDE shows warning + confirmation)
mcpproxy call tool-destructive github:delete_file \
--json_args '{"path":"old-file.txt"}' \
--reason "Cleaning up deprecated file"
# 5. Review activity
mcpproxy activity list --limit 5