// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is a Tool Input Schema?

2 min read Updated

A tool input schema is the JSON Schema an MCP tool publishes in its inputSchema field, describing the names, types, and required status of the arguments it accepts. Clients and language models use it to construct valid tools/call requests.

WHY IT MATTERS

Every MCP tool returned by tools/list carries a name, a description, and an inputSchema — a JSON Schema object defining the expected parameters. When the model decides to invoke the tool, the client sends a tools/call request whose arguments object should conform to that schema. The spec requires servers to validate all tool inputs, and recommends clients show tool inputs to the user before calling the server.

The schema matters beyond correctness. It is the typed surface that intermediaries can reason about deterministically:

  • Clients validate arguments before sending and render meaningful confirmation prompts (which file, which account, what amount).
  • Policy engines apply argument-level constraints — restricting a filesystem tool to a path prefix, capping a payment tool's amount, or pinning a query tool to approved hosts — because the schema names and types each field.
  • Catalogues and scanners use schemas to classify what a tool can touch without executing it.

One caveat: the schema is server-supplied metadata. It describes what the tool claims to accept, not what the implementation actually does, so it should be treated like tool annotations — useful, but untrusted unless the server is. A changed schema on a previously vetted tool is also a useful review signal.

See tool input schema working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer records each tool's input schema in its public catalogue at policylayer.com/tools and uses it for risk classification. At enforcement time, tool-level policies can constrain individual arguments of a tools/call — the gateway evaluates the actual argument values against policy before the call reaches the upstream server.

Browse the MCP server catalogue →

FREQUENTLY ASKED QUESTIONS

Is inputSchema required for MCP tools?
Yes. Every tool definition includes an inputSchema (JSON Schema) describing its expected parameters, alongside name and description. outputSchema, by contrast, is optional.
Who validates tool arguments against the schema?
The spec requires servers to validate all tool inputs; clients typically validate before sending and show inputs to the user. Policy gateways can additionally evaluate arguments against rules before forwarding the call.
Can a tool input schema be trusted as a security control?
Not by itself. It is server-supplied metadata describing claimed inputs, not a guarantee of behaviour — enforcement has to happen outside the server, at the client or a policy gateway.

FURTHER READING

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

GOVERN YOUR MCP SERVERS →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.