Added MCP elicitation support for tool injection in mcp-run-python

[yamanahlawat]

• Closes Tool Injection for mcp-run-python: Enable Python code to call back to agent tools with request/response flow #2037
• Closes Support MCP elicitations both in client and server #2330

[yamanahlawat]

[DouweM]

@yamanahlawat Thank you! This is a great feature, but we'll want to think a bit about where certain code lives. For example, the 2 callbacks methods are too MCP/mcp-run-python-specific to live on Agent.

Can you try to move those to MCPServer? Or, perhaps better, to separate helper functions that a user can explicitly choose to add to their MCPServer if they want to support those specific elicitations?

Those functions then wouldn't have access to self._function_toolset anymore, but I think it'd be better to have to explicitly pass the MCPServer (elicitation callback handler) a toolset to use, and for the case where you want it to have access to the entire agent toolset, we could have a method like agent.set_mcp_sampling_model().

[yamanahlawat]

@DouweM Thanks. make sense about the placement. i was initially skeptical about adding these methods directly to the Agent class.

i'll:

• move the callback creation logic to separate helper functions in the MCP module.
• add a method like set_mcp_sampling_model() (ex: set_mcp_elicitation_toolset) on Agent that applies the callbacks to MCP servers.
• remove the auto-magic setup and make it user configured.
• update the callbacks to work with explicitly passed toolsets instead of accessing self._function_toolset

and if set_mcp_elicitation_toolset() is called without args, it will default to using the agent's complete toolset.

[yamanahlawat]

@DouweM Please review.

[DouweM]

@yamanahlawat Thanks Yaman! This looks a lot better already but I think it'll take a few more cycles until this is ready for merge -- check out my feedback. I also suggest pulling out elicitation_callback into a new PR so we can merge that one quickly and others can start using it, while we work on the rest.

[DouweM]

Can we pass this through metadata instead?

[DouweM]

Actually, what if we make mcp-run-python use elicitiation to request the available tools, so that we only need to set an elicitation_callback and not also a process_tool_call?

[DouweM]

Please pull this new elicitation_callback property out into a new PR so we can merge that pretty quickly and close #2330?

[DouweM]

Please move the mcp-run-python specific helper functions to pydantic_ai.ext.mcp_run_python so that this file and its elicitation stuff can stay generic.

[DouweM]

This won't work if there are multiple levels of nested toolsets, unfortunately.

Could we require users to specify their own toolset to provide to mcp_run_python, and make them responsible for not including mcp_run_python itself? Maybe there's another point where we could detect this and raise an error, instead of trying to filter proactively?

[DouweM]

On second thought, I think we should drop this method as it's too mcp-run-python specific to live on agent. I think it's fine to require the user to pass their own toolset to create_tool_elicitation_callback (and create_auto_tool_injection_callback)

[DouweM]

Instead of Any, can we use the actual types from the mcp package's ElicitationFnT definition?

[DouweM]

Note that this will not perform argument validation. I think we'll need to build a ToolManager and use handle_call

[DouweM]

Can we use TypeAdapter(ToolCallPart) to validate this, which we can then directly pass through to tool_manager.handle_call (see my other suggestion about using that instead of call_tool)?