You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/interceptors.md
+18-3Lines changed: 18 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
Interceptors are extension points. They can mediate tool calls for any active MCP running in the gateway. This feature should be considered beta, and subject to change as we learn from users what they need to manage their MCP workloads.
4
4
5
-
## **After** Tool Calls
5
+
## **after** Tool Calls
6
6
7
7
A simple method to experiment with interceptors is to register a script to run after a tool call has completed but before the response is sent back to the client. Start the gateway with the `--interceptor` argument and provide a local script.
The incoming request will have both `request` and `response` properties.
26
26
27
-
```
27
+
```json
28
28
{
29
29
"request": {
30
30
"Session": {},
@@ -49,7 +49,22 @@ The incoming request will have both `request` and `response` properties.
49
49
50
50
```
51
51
52
-
The interceptor must return a valid `ToolCall` response. Interceptors can easily blow your entire MCP workload. They can edit the response and are thus very powerful.
52
+
The stdout must either be empty or it must be able to be parsed to a valid `ToolCall` response. These interceptors are powerful. They can easily blow up your entire MCP workload.
53
+
54
+
* we do not currently care about exit codes
55
+
* stdout must contain valid `application/json` that can be parsed to a ToolCall response
56
+
* if the script writes nothing to stdout, the existing response will be passed on.
53
57
54
58
## **before** Tool Calls
55
59
60
+
Analogously, run with a before interceptor.
61
+
62
+
```bash
63
+
docker mcp gateway run --interceptor "before:exec:$HOME/script.sh"
64
+
```
65
+
66
+
For _before_ interceptors, only the request value will written to stdin. Before interceptors are potentially more impactful than _after_ interceptors. If they return anything on stdout then two things will happen.
67
+
68
+
1. the handler chain will prematurely end (no tool call will be made)
69
+
2. the response payload from the interceptor will _become_ the tool call response. This means that _before_ interceptors can reject tool calls and add their own tool call responses.
0 commit comments