feat(mcp): MCP Elicitation support (#2486)#2521
Merged
Conversation
github-actions
bot
added
documentation
This was referenced Mar 31, 2026
bug-ops
force-pushed
the
mcp-elicitation-support
branch
from
02a9d8b to
a2b79b4
Compare
MCP servers can now request structured user input mid-task via the Elicitation protocol. The agent routes ElicitationRequest events to the active channel at turn boundaries via a non-blocking drain loop. - CLI channel: interactive prompt with server name attribution and field-by-field input collection; supports string, boolean, integer, number, and enum field types with type coercion and validation - Non-interactive channels (TUI, Telegram, daemon, scheduler): auto-decline with a logged warning - Sandboxed trust level: elicitation is unconditionally blocked - Per-server override: `elicitation_enabled` in [[mcp.servers]] takes precedence over the global `[mcp] elicitation_enabled` setting - Timeout: configurable `elicitation_timeout_secs` (default 120s) - Phishing prevention: server name always shown before any prompt; message sanitized (control chars stripped, 500-char cap via char-level truncation to avoid UTF-8 boundary panics) - Input validation: invalid input declines gracefully with a message rather than storing a wrong-type value Known limitation: elicitation arriving during MCP tool call execution times out because the agent loop is blocked; tracked as phase-2 work. 9 new tests: sanitize_elicitation_message (control chars, cap, multi-byte boundary), build_elicitation_fields (type mapping, required flag), sandboxed trust blocks elicitation, elicitation_enabled gate. 6980/6980 tests pass.
- extract handler_cfg_for() helper to avoid too-many-lines in add_server - add elicitation_enabled field to McpServerConfig Debug impl - replace match-with-single-arm with if let in elicitation prompt - use format string literals (clippy::uninlined_format_args)
bug-ops
force-pushed
the
mcp-elicitation-support
branch
from
a2b79b4 to
dd49878
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
elicitation/createprotocol methodelicitation_enabledoverride in[[mcp.servers]]takes precedence over global configConfiguration
Known limitations
Test plan
cargo nextest run -p zeph-mcp --all-features— 390 tests passcargo nextest run --workspace --all-features --lib --bins— 6980/6980 passelicitation/createand verify CLI prompt appears with server name headerSandboxedtrust server cannot elicit even withelicitation_enabled = trueCloses #2486