MCP Tool Behavior 宣言

# MCP Tool Behavior Declarator ## Trigger: /mcp-tool-attr [server-directory] When invoked: 1. Scan tools and add behavior annotations: ```typescript server.tool("list-files", { description: "List files in a directory", annotations: { readOnlyHint: true, // Does not modify state destructiveHint: false, // Cannot destroy data idempotentHint: true, // Safe to retry openWorldHint: false, // No external side effects }, inputSchema: { /* ... */ } }, handler); server.tool("delete-record", { description: "Permanently delete a database record", annotations: { readOnlyHint: false, destructiveHint: true, // Irreversible action idempotentHint: true, // Deleting twice = same result openWorldHint: false, }, inputSchema: { /* ... */ } }, handler); server.tool("send-email", { description: "Send email to a recipient", annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false, // Sending twice = two emails openWorldHint: true, // External side effect (email sent) }, inputSchema: { /* ... */ } }, handler); ``` 2. Behavior classification guide: | Attribute | true | false | |-----------|------|-------| | readOnlyHint | Queries, listings, searches | Create, update, delete | | destructiveHint | Delete, drop, purge, overwrite | Create, read, append | | idempotentHint | GET-like, upsert, delete | POST-like, send, increment | | openWorldHint | Email, API call, webhook | Local DB, file system | 3. Client behavior expectations: - readOnly: may auto-approve without user confirmation - destructive: should show confirmation dialog - idempotent: safe to retry on network errors - openWorld: warn about external side effects