Proposal: Per-tool scopes for WebMCP

[hemanth]

Problem

Tools need declarative permission requirements. Currently, auth and capabilities are entangled — tools either get full access or none.

Proposal

A scopes field on tool definitions:

navigator.modelContext.provideContext({
  tools: [{
    name: "update_profile",
    scopes: ["profile:write"],
    execute: async (args, context) => {
      return await updateProfile(args, context.auth);
    }
  }, {
    name: "read_profile",
    scopes: ["profile:read"],
    execute: async (args, context) => {
      return await getProfile(context.auth);
    }
  }]
});

Semantics

• UA enforces scopes before tool execution
• Scopes are declarative — UA can prompt users per-scope
• Model sees tool names and descriptions, but NOT scopes
• Scope format: resource:action (aligned with OAuth conventions)

Open Questions

1. Should scopes map to existing web permissions (Permissions API)?
2. Should the UA aggregate scope prompts or prompt per-tool?
3. How do scopes interact with HTTP header-based discovery (see Proposal: Session and authentication context for tools #87)?

Related: #87