Claude Desktop: Consume MCP server `instructions` field from InitializeResult as session context

Resolved 💬 3 comments Opened Apr 5, 2026 by sidupadhyay Closed Apr 8, 2026

Problem

MCP servers can return an instructions field in the InitializeResult response during the initialize handshake. The MCP spec defines this as:

"Instructions describing how to use the server and its features... It can be thought of like a 'hint' to the model. For example, this information MAY be added to the system prompt."

Claude Desktop currently stores this field but never reads it — getInstructions() has zero call sites in the app bundle. This creates a fundamental gap for extension developers who need to provide behavioral context — especially compliance, security, and regulated-industry extensions — since MCPB has no hooks or systemPrompt field.

Requested behavior

When Claude Desktop connects to an MCPB extension's MCP server, if InitializeResult.instructions is non-empty, inject it into the session context (e.g., as part of the system prompt or as a system-reminder context injection before the first user message).

Context

We are building a PII compliance MCP server (Tenet) that provides tools like safe_read (replaces Read), safe_exec (replaces Bash), etc. The tools are registered correctly and visible to Claude as deferred tools. However, without behavioral instructions telling Claude to use these tools instead of built-in tools, Claude defaults to raw Read/Bash — sending unredacted PII (SSNs, names, medical records) into the conversation context.

Alternatives we tried (all failed)

| Approach | Result |
|----------|--------|
| MCP instructions field | Stored but never read by Claude Desktop |
| MCPB extension hooks/hooks.json | Files present in extension dir but hooks never fire — scanner doesn't check Claude Extensions/ directory |
| MCP resource (tenet://compliance-foundation) | Opt-in — Claude never proactively reads it |
| Tool descriptions with "COMPLIANCE: use this instead of X" | Probabilistic — helps but doesn't guarantee routing |
| Server-level tool description as system prompt substitute | Same — not deterministic |

Impact

Any extension where proactive behavior matters — compliance scanners, security tools, PII handlers, workflow automation. Currently these extensions install silently and sit idle. The developer has tools registered, descriptions written, instructions authored — but no reliable way to get them in front of the model.

Implementation effort

Low. The field is already parsed and stored server-side in the MCP SDK. The fix is adding one read path that injects this._instructions into the session context on connection.

Related

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗