[Server] Expose request-level metadata (e.g., securitySchema) to tool handlers

[AgentSlim]

Is your feature request related to a problem? Please describe.
Tool handlers currently receive only the parameters defined for the tool call.
Metadata included in the request envelope (for example a securitySchema) is not available inside the handler.
This makes it impossible to perform logic that depends on contextual information from the request itself.

Describe the solution you’d like
A way for tool handlers to access the metadata from the incoming request envelope.
This could be done by injecting either the full request object or just the meta section into the handler method.
Having this information available would allow tools to perform authorization checks, tenant selection, and similar context-dependent actions.

Describe alternatives you’ve considered
The only workaround at the moment is extracting envelope metadata before the request reaches the tool dispatching layer and storing it somewhere manually.
Once inside the handler, that information can no longer be accessed in a clean or reliable way.

Additional context
A common use case is reading a securitySchema sent by the client.
This information is part of the envelope, not part of the tool parameters, and is therefore currently inaccessible inside tool logic.

What tool handlers currently look like

use MCP\Server\Attributes\McpTool;

final class ExampleTools
{
    #[McpTool(name: 'example_action')]
    public function exampleAction(string $input): array
    {
        // Only defined parameters are available.
        // Envelope metadata (e.g., securitySchema) cannot be accessed here.

        return ['result' => 'ok'];
    }
}

Proposed Option A — Inject full request object

use MCP\Server\Attributes\McpTool;
use MCP\Types\CallToolRequest;

final class ExampleTools
{
    #[McpTool(name: 'example_action')]
    public function exampleAction(
        string $input,
        CallToolRequest $request,
    ): array {
        $meta = $request->meta ?? null;
        $schema = $meta['securitySchema'] ?? null;

        return [
            'result' => 'ok',
            'securitySchema' => $schema,
        ];
    }
}

Proposed Option B — Inject only the meta section

use MCP\Server\Attributes\McpTool;

final class ExampleTools
{
    #[McpTool(name: 'example_action')]
    public function exampleAction(
        string $input,
        array $meta = [],
    ): array {
        $schema = $meta['securitySchema'] ?? null;

        return [
            'result' => 'ok',
            'securitySchema' => $schema,
        ];
    }
}

[chr-hertel]

Yup, sounds valid to me, thankts @AgentSlim for raising this!

My first idea was to bring in a Metadata class that is part of the schema and we could use for type hinting and then provide based on the signature of the handler, similar to option b:

use MCP\Schema\Metadata;
use MCP\Server\Attributes\McpTool;

final class ExampleTools
{
    #[McpTool(name: 'example_action')]
    public function exampleAction(
        string $input,
        Metadata $meta,
    ): array {
        $schema = $meta->get('securitySchema');

        return [
            'result' => 'ok',
            'securitySchema' => $schema,
        ];
    }
}