Files
Eduard van Valkenburg 9a56bc9f16 Python: [BREAKING] Add sampling guardrails to MCP tools (#6413)
* Add sampling guardrails to MCP tools

Add approval, token, and request-count controls to the MCP sampling
callback used when an MCPTool is configured with a chat client.

- Add `sampling_approval_callback`, `sampling_max_tokens`, and
  `sampling_max_requests` parameters to `MCPTool` and its
  `MCPStdioTool`, `MCPStreamableHTTPTool`, and `MCPWebsocketTool`
  subclasses, positioned directly after `client`.
- Gate each server-initiated `sampling/createMessage` request behind the
  approval callback, which denies by default when no callback is provided.
- Clamp the requested `maxTokens` to `sampling_max_tokens` and enforce a
  per-session request count via `sampling_max_requests`.
- Log incoming sampling requests at WARNING level (counts only).
- Export `SamplingApprovalCallback` from the public API.
- Add tests, a sample, and documentation updates.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Make sampling denial message context-aware

Distinguish the deny-by-default case (no approval callback configured)
from an explicit denial by a configured `sampling_approval_callback`, so
the returned ErrorData message is accurate for callback-driven denials
and exceptions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
9a56bc9f16 ยท 2026-06-10 10:17:36 +00:00
History
..

MCP (Model Context Protocol) Examples

This folder contains examples demonstrating how to work with MCP using Agent Framework.

What is MCP?

The Model Context Protocol (MCP) is an open standard for connecting AI agents to data sources and tools. It enables secure, controlled access to local and remote resources through a standardized protocol.

Examples

Sample File Description
Agent as MCP Server agent_as_mcp_server.py Shows how to expose an Agent Framework agent as an MCP server that other AI applications can connect to
API Key Authentication mcp_api_key_auth.py Demonstrates API key authentication with MCP servers using header_provider, runtime invocation kwargs, and a command-line API key argument
GitHub Integration with PAT mcp_github_pat.py Demonstrates connecting to GitHub's MCP server using Personal Access Token (PAT) authentication
Long-Running Task mcp_long_running_task.py Demonstrates transparent SEP-2663 long-running task handling for MCP tools that advertise taskSupport=required. Self-spawns a stdio MCP child server
Sampling Approval mcp_sampling_approval.py Demonstrates gating server-initiated sampling/createMessage requests with a sampling_approval_callback, plus the sampling_max_tokens and sampling_max_requests guardrails. MCP sampling is denied by default

Prerequisites

Most samples in this folder use OpenAI:

  • OPENAI_API_KEY environment variable
  • OPENAI_CHAT_MODEL environment variable

Run mcp_api_key_auth.py with the MCP API key as the first command-line argument.

For mcp_github_pat.py:

For mcp_long_running_task.py (uses Azure OpenAI via Entra-ID):

  • Run az login once
  • AZURE_OPENAI_ENDPOINT - your Azure OpenAI resource endpoint, e.g. https://<resource>.openai.azure.com/
  • AZURE_OPENAI_CHAT_MODEL (or AZURE_OPENAI_MODEL) - the deployment name (e.g. gpt-4o-mini)