Optional Column
Thetool_policy column on mcp_sessions is optional. The SDK only writes it when you explicitly provide a toolPolicy on the session object. If you never set a policy, no migration is needed — the SDK works without the column.
Without the Column
If you don’t run the tool_policy migration:sessions.create()omitstool_policyfrom the INSERTsessions.update()omitstool_policyfrom the UPDATE unless you pass itsessions.get()andsessions.list()returntoolPolicy: undefined, which the SDK treats asmode: 'all'
With the Column
Uncomment thetool_policy column in the install schema when you want to persist policies:
Neon — migrations/neon/20260513010000_install_mcp_sessions.sql:
migrations/supabase/20260330195700_install_mcp_sessions.sql:
npx mcp-ts neon-init or npx mcp-ts supabase-init (or apply the migration manually) after uncommenting.
Adding tool_policy to an existing database
If you already have sessions and want to add tool policy support later, the same SQL works for both Neon and Supabase:all policy.
Setting a Policy
PasstoolPolicy when creating or updating a session:
Enforcing Policies at Runtime
Use theToolPolicyGateway — it wraps a client and enforces the session’s policy before every tool call:
listTools() results to only return allowed tools.
