Skip to content

Add session info to initialize response metadata #1651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: sammorrowdrums/oauth-device-flow-auth
Choose a base branch
from
Draft

Add session info to initialize response metadata #1651

Copilot wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 19, 2025
edited
Loading

Summary

The initialize response now includes _meta.sessionInfo with user details (from get_me), enabled toolsets/tools, and configuration flags (readOnly, lockdown, dynamicToolsets).

Why

Eliminates wasteful get_me tool call at session start. Users immediately see who they're authenticated as and what's enabled.

What changed

  • Added addSessionInfoMiddleware that enriches InitializeResult with session metadata during initialize
  • Middleware fetches user info via get_me API call, omits on failure (graceful degradation)
  • Added addUnauthenticatedSessionInfoMiddleware for OAuth flow (shows authenticated: false, config only)
  • Removed "Call get_me to see who you're logged in as" from auth_login success message
  • Added comprehensive unit tests for both middleware variants

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • New tool added

Initialize response now includes optional _meta.sessionInfo field. No breaking changes—clients ignore unknown metadata fields.

Prompts tested (tool changes only)

N/A

Security / limits

  • No security or limits impact
  • Auth / permissions considered
  • Data exposure, filtering, or token/size limits considered

User info only included when authenticated. Reuses existing get_me endpoint with same permissions.

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)

Change is transparent to clients—metadata appears automatically in initialize response.

Example

Authenticated mode:

{
  "_meta": {
    "sessionInfo": {
      "user": {
        "login": "octocat",
        "id": 583231,
        "profileURL": "https://github.com/octocat",
        "name": "The Octocat"
      },
      "enabledToolsets": ["repos", "issues"],
      "toolsetsMode": "explicit",
      "readOnlyMode": false,
      "lockdownMode": false,
      "dynamicToolsets": false
    }
  }
}

Unauthenticated mode:

{
  "_meta": {
    "sessionInfo": {
      "authenticated": false,
      "enabledToolsets": ["context", "issues", "pull_requests", "repos", "users"],
      "toolsetsMode": "default",
      "readOnlyMode": false,
      "lockdownMode": false,
      "dynamicToolsets": false
    }
  }
}
Original prompt

Would you look at returning the response of get me as part of the success response rather than suggesting making a tool call. If it fails just omit it, that feels more natural. We don't need to prove anything.

We could tell the user also the toolsets (or all or default) enabled, individual tools specifically enabled and if readonly mode or lockdown mode are on or not.

Is that a cool idea? Make it so the user gets a really great start to their authenticated session. Without wasting a second tool call.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits December 19, 2025 09:37
@SamMorrowDrums
Add session info metadata to initialize response
b7243b8 
- Add middleware to enrich InitializeResult with session information
- Include user details (get_me response) in authenticated mode
- Include enabled toolsets, tools, read-only mode, and lockdown mode
- Handle both authenticated and unauthenticated modes appropriately
- Add comprehensive unit tests for the new functionality
- Remove suggestion to call get_me from auth_login success message

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
@SamMorrowDrums
Fix linter issues in session info tests
525f73b 
- Replace deprecated gogithub.String/Int64 with gogithub.Ptr
- Remove unused parameters from mock handler functions

Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
Copilot AI changed the title [WIP] Update response to include user toolsets and mode information Add session info to initialize response metadata Dec 19, 2025
Copilot AI requested a review from SamMorrowDrums December 19, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SamMorrowDrums SamMorrowDrums Awaiting requested review from SamMorrowDrums

Assignees

@SamMorrowDrums SamMorrowDrums

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SamMorrowDrums