Claude Desktop: Consume MCP server `instructions` field from InitializeResult as session context
Problem
MCP servers can return an instructions field in the InitializeResult response during the initialize handshake. The MCP spec defines this as:
"Instructions describing how to use the server and its features... It can be thought of like a 'hint' to the model. For example, this information MAY be added to the system prompt."
Claude Desktop currently stores this field but never reads it — getInstructions() has zero call sites in the app bundle. This creates a fundamental gap for extension developers who need to provide behavioral context — especially compliance, security, and regulated-industry extensions — since MCPB has no hooks or systemPrompt field.
Requested behavior
When Claude Desktop connects to an MCPB extension's MCP server, if InitializeResult.instructions is non-empty, inject it into the session context (e.g., as part of the system prompt or as a system-reminder context injection before the first user message).
Context
We are building a PII compliance MCP server (Tenet) that provides tools like safe_read (replaces Read), safe_exec (replaces Bash), etc. The tools are registered correctly and visible to Claude as deferred tools. However, without behavioral instructions telling Claude to use these tools instead of built-in tools, Claude defaults to raw Read/Bash — sending unredacted PII (SSNs, names, medical records) into the conversation context.
Alternatives we tried (all failed)
| Approach | Result |
|----------|--------|
| MCP instructions field | Stored but never read by Claude Desktop |
| MCPB extension hooks/hooks.json | Files present in extension dir but hooks never fire — scanner doesn't check Claude Extensions/ directory |
| MCP resource (tenet://compliance-foundation) | Opt-in — Claude never proactively reads it |
| Tool descriptions with "COMPLIANCE: use this instead of X" | Probabilistic — helps but doesn't guarantee routing |
| Server-level tool description as system prompt substitute | Same — not deterministic |
Impact
Any extension where proactive behavior matters — compliance scanners, security tools, PII handlers, workflow automation. Currently these extensions install silently and sit idle. The developer has tools registered, descriptions written, instructions authored — but no reliable way to get them in front of the model.
Implementation effort
Low. The field is already parsed and stored server-side in the MCP SDK. The fix is adding one read path that injects this._instructions into the session context on connection.
Related
- MCP spec
instructionsfield: https://modelcontextprotocol.io/specification/2025-06-18/schema - MCPB manifest spec (no
hooksfield): https://github.com/anthropics/mcpb - Building desktop extensions: https://support.claude.com/en/articles/12922929-building-desktop-extensions-with-mcpb
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗