Skip to content

Add session info to auth_login tool response #1651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 4 commits into
base: sammorrowdrums/oauth-device-flow-auth
Choose a base branch
from
Draft

Add session info to auth_login tool response #1651

Copilot wants to merge 4 commits into from
+86 −7

Conversation

Copy link
Contributor

Copilot AI commented Dec 19, 2025
edited
Loading

Summary

The auth_login tool now provides comprehensive session information in its success response, giving the model immediate context about the authenticated user and server configuration without requiring an additional get_me tool call.

Why

Eliminates wasteful get_me tool call after authentication. Provides the model with a "warm start" by including user details and configuration directly in the auth_login response text that the model receives.

What changed

  • Added GetSessionInfo callback to AuthToolDependencies to generate session context after authentication
  • Modified pollAndComplete function to fetch and include user info and configuration in auth_login success message
  • Auth_login response now includes formatted session information with:
    • User account details (username, name, email, company, location, profile URL)
    • Enabled toolsets and tools
    • Configuration flags (read-only, lockdown, dynamic toolsets)
  • Removed "Call get_me to see who you're logged in as" from auth_login success message (no longer needed)

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • New tool added

The auth_login tool's response text now includes comprehensive session information. No schema changes, but the response content is significantly enhanced.

Prompts tested (tool changes only)

N/A - This change enhances the existing auth_login tool's response without altering its invocation or parameters.

Security / limits

  • No security or limits impact
  • Auth / permissions considered
  • Data exposure, filtering, or token/size limits considered

User info is fetched using the authenticated token and only included in the auth_login response after successful authentication. Reuses existing get_me endpoint with same permissions.

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)

The enhanced response is part of the auth_login tool output and doesn't require documentation changes.

Example

After successful authentication, the auth_login tool returns:

✅ Successfully authenticated with GitHub!

All GitHub tools are now available.

## Your GitHub Account

**Username:** @octocat
**Name:** The Octocat
**Email:** [email protected]
**Company:** GitHub
**Location:** San Francisco
**Profile:** https://github.com/octocat

## Server Configuration

**Enabled Toolsets:** context, repos, issues, pull_requests, users
**Configuration:**
- Read-only mode (if enabled)
- Lockdown mode (if enabled)
- Dynamic toolsets (if enabled)

This information is provided directly in the tool response text, which the model receives as part of the conversation, giving it immediate context without requiring a follow-up get_me call.

Original prompt

Would you look at returning the response of get me as part of the success response rather than suggesting making a tool call. If it fails just omit it, that feels more natural. We don't need to prove anything.

We could tell the user also the toolsets (or all or default) enabled, individual tools specifically enabled and if readonly mode or lockdown mode are on or not.

Is that a cool idea? Make it so the user gets a really great start to their authenticated session. Without wasting a second tool call.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits December 19, 2025 09:37
@SamMorrowDrums
Add session info metadata to initialize response
b7243b8 
- Add middleware to enrich InitializeResult with session information
- Include user details (get_me response) in authenticated mode
- Include enabled toolsets, tools, read-only mode, and lockdown mode
- Handle both authenticated and unauthenticated modes appropriately
- Add comprehensive unit tests for the new functionality
- Remove suggestion to call get_me from auth_login success message

Co-authored-by: SamMorrowDrums <[email protected]>
@SamMorrowDrums
Fix linter issues in session info tests
525f73b 
- Replace deprecated gogithub.String/Int64 with gogithub.Ptr
- Remove unused parameters from mock handler functions

Co-authored-by: SamMorrowDrums <[email protected]>
Copilot AI changed the title [WIP] Update response to include user toolsets and mode information Add session info to initialize response metadata Dec 19, 2025
Copilot AI requested a review from SamMorrowDrums December 19, 2025 09:46
@SamMorrowDrums
Copy link
Collaborator

SamMorrowDrums commented Dec 21, 2025

@copilot this is not quite right, it's a good hook initialize, however the meta property is not received by the model, and the host application itself is the bit that knows the configuration so meta won't help it.

The idea here was that the model would get a warm start without additional tool calls, so that a newly authenticated session would be clear what the user has (given they don't have the tools to inspect as only auth tool is present), so we were looking at providing it in the main payload.

@SamMorrowDrums
Add session info to auth_login tool response
6d30396 
- Add GetSessionInfo callback to AuthToolDependencies
- Fetch user info and configuration after successful authentication
- Display comprehensive session context in auth_login success message
- Remove unused middleware functions that were adding to _meta
- Revert instructions.go to original (no longer modifying instructions)

The auth_login tool now provides the model with:
- User account details (username, name, email, company, location, profile URL)
- Enabled toolsets and tools
- Configuration flags (read-only, lockdown, dynamic toolsets)

Co-authored-by: SamMorrowDrums <[email protected]>
Copy link
Contributor Author

Copilot AI commented Dec 21, 2025

@copilot this is not quite right, it's a good hook initialize, however the meta property is not received by the model, and the host application itself is the bit that knows the configuration so meta w...

You're absolutely right! I've updated the implementation to include session information in the auth_login tool's response text instead of _meta or instructions.

After successful authentication, the auth_login tool now returns comprehensive session context including:

  • User account details (username, name, email, company, location, profile URL)
  • Enabled toolsets and tools
  • Configuration flags (read-only, lockdown, dynamic toolsets)

This provides the model with a "warm start" without requiring an additional tool call. The session info is formatted as readable text in the tool response that the model receives.

Changes in commit 6d30396.

Copilot AI changed the title Add session info to initialize response metadata Add session info to auth_login tool response Dec 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SamMorrowDrums SamMorrowDrums Awaiting requested review from SamMorrowDrums

Assignees

@SamMorrowDrums SamMorrowDrums

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SamMorrowDrums