toolPolicy field on the Session object and persisted in SQL storage backends (Neon, Supabase) when provided.
How It Works
Each session can carry atoolPolicy with one of three modes:
| Mode | Behavior |
|---|---|
all | All tools are allowed (default when no policy is set) |
allowlist | Only the listed tool IDs are allowed |
denylist | All tools are allowed except the listed tool IDs |
{serverId}::{toolName} (e.g. my-server::get_weather).
When to Use
- Multi-tenant deployments — restrict each session to a subset of tools
- Security boundaries — prevent a session from calling privileged tools
- Gradual rollouts — allowlist tools as they are vetted per session
Session Data Structure
ThetoolPolicy field is optional on Session:
undefined), the SDK treats it as all — all tools are permitted.
