[BUG] /mcp command displays tool annotations shifted by one position (off-by-one error)
Preflight Checklist
- [x] I have searched existing issues and this bug hasn't been reported yet
- [x] I can reproduce this bug consistently
Bug Description
The /mcp command displays tool annotations (readOnlyHint, destructiveHint) shifted by one position relative to the actual tool definitions. The server sends correct annotations, but Claude Code's display shows them associated with the wrong tools.
Expected Behavior
Tool annotations should be displayed for the correct tool. For example, with 5 CRUDE tools:
| Tool | Expected Display |
|------|------------------|
| mcp_aql_create | Neither (additive) |
| mcp_aql_read | Read-only |
| mcp_aql_update | Destructive |
| mcp_aql_delete | Destructive |
| mcp_aql_execute | Destructive |
Actual Behavior
Annotations appear shifted by one position:
| Tool | Actual Display |
|------|----------------|
| mcp_aql_create | Read-only ❌ |
| mcp_aql_read | Destructive ❌ |
| mcp_aql_update | Destructive ✅ |
| mcp_aql_delete | Destructive ✅ |
| mcp_aql_execute | Nothing shown ❌ |
Reproduction Steps
- Connect an MCP server that registers multiple tools with distinct annotations
- Run
/mcpcommand in Claude Code - Observe the tool list - annotations are shifted by one position
Verification
We verified the server is sending correct data by testing the tool registration directly:
node -e "
import('./dist/server/tools/MCPAQLTools.js').then(async m => {
const tools = m.getMCPAQLTools(mockHandler);
tools.forEach(t => {
console.log(t.tool.name + ':');
console.log(' readOnlyHint:', t.tool.annotations?.readOnlyHint);
console.log(' destructiveHint:', t.tool.annotations?.destructiveHint);
});
});
"
Output confirms server sends correct annotations:
mcp_aql_create:
readOnlyHint: false
destructiveHint: false
mcp_aql_read:
readOnlyHint: true
destructiveHint: false
mcp_aql_update:
readOnlyHint: false
destructiveHint: true
mcp_aql_delete:
readOnlyHint: false
destructiveHint: true
mcp_aql_execute:
readOnlyHint: false
destructiveHint: true
Impact
- Users see misleading safety information for MCP tools
- A read-only tool appears destructive, and vice versa
- This could lead to incorrect trust decisions about tool capabilities
Environment
- Claude Code version: Latest (as of 2026-01-04)
- Platform: macOS
- MCP Server: Custom server using
@modelcontextprotocol/sdk
Additional Context
- Bug persists after closing and reopening Claude Code
- The pattern is consistent: each tool displays the annotations of the next tool in the list
- The last tool shows no annotations (because there's no "next" tool to borrow from)
🤖 Generated with Claude Code
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗