Skip to main content
When a Mindset AI agent calls an MCP tool on behalf of a user, the tool needs to know who is making the request. Which user is asking? What are they allowed to see? Should they have admin access or regular access? Agent Session Parameters answer these questions. They are HTTP headers that the Mindset AI platform attaches to every MCP tool request, carrying user identity and session context from the client application through to your MCP server. Your server uses these headers to scope data access, enforce permissions, and implement role-based authorization.

Why this matters

Without identity context, an MCP tool has no way to distinguish one user from another. Every request looks the same. This means either everyone sees everything (a security problem) or the tool has to ask the LLM for user identification (unreliable and gameable). Agent Session Parameters solve this by establishing identity at the infrastructure level, outside the LLM’s control. The user’s identity comes from authenticated session data, not from what the LLM decides to pass. The LLM never sees these headers and cannot tamper with them. This is especially important for:
  • Multi-tenant applications. Your MCP server needs to return only data that belongs to the requesting user’s organization, not data from other tenants.
  • Role-based access. A regular user asking “show me my reviews” should see their own reviews. A manager asking “show me my team’s reviews” should see their direct reports’. An admin should see everyone’s.
  • Audit trails. Knowing which user triggered which tool call is essential for compliance and debugging. The headers provide this without relying on the LLM to report it accurately.
  • Data minimization. Your MCP server can filter results at the source, returning only what the user is entitled to see, before the data ever reaches the LLM.

The headers your MCP server receives

Every MCP tool request from the Mindset AI platform includes these HTTP headers: These headers are set by the platform based on authenticated session data. They are not generated by the LLM and cannot be influenced by user messages or prompt injection.

How session parameters are established

Session parameters are set once, when the client application creates an agent session via the AgentSessions API, before any conversation happens.
The structural fields (contextUids, mcpserverUids) configure the agent’s capabilities for the session. The identity fields (externalUserId, tags) travel with every tool request as headers.

How session parameters compare to other data channels

Agent Session Parameters are one of four channels for passing data from the client to the agent system: The boundaries are clean: identity goes through session parameters, reasoning context goes through Situational Awareness, and bulk data goes through Pass-through Parameters. They do not overlap. See Data channels overview for the full four-channels picture, including Page Tools.

Implementation guide

Reading headers in your MCP server

Every MCP tool request arrives with the identity headers. How you access them depends on your framework. Python (FastMCP):
TypeScript (MCP SDK):

Who is the user? Headers vs parameters

Most tools act on behalf of the requesting user: “show me my records”, “update my settings”, “search my documents.” For these, the user’s identity comes from the x-user-id header. The tool does not need a user ID parameter because the platform already knows who is asking.
Some tools are admin operations that act on a different user: “reset this employee’s password”, “view this team member’s records.” These need two identifiers: the person performing the action (from the header) and the person being acted on (from a parameter). The header is used for the authorization check; the parameter identifies the target.
The principle in both cases: x-user-id is the trusted identity of the person making the request. It comes from authenticated session data that the LLM cannot influence. Use it for authorization decisions. When a tool needs to reference a different user (admin scenarios), accept that as a parameter but always verify that the requester has permission first.

Using session tags for entitlement filtering

Session tags are arbitrary strings that you define. The Mindset AI platform passes them through without interpreting them. This gives you a flexible mechanism for access control, segmentation, and filtering. Setting tags at session creation:
Reading tags in your MCP server:
Common tag patterns: Tags are strings with no enforced structure. The key:value convention shown above is a recommendation, not a requirement. Your MCP server defines what tags mean and how to interpret them.

Security considerations

Your MCP server is the authorization boundary

The Mindset AI platform authenticates the request (validates the API key, attaches identity headers) but does not authorize it. Authorization is your MCP server’s responsibility. The platform tells you who the user is; you decide what they can see and do. This means:
  • Filter data at the source. Do not return all records and rely on the LLM to filter. The LLM sees everything you return and might choose to reveal it to the user.
  • Validate permissions before acting. Check x-user-id and x-session-tags before performing write operations.
  • Return only what is needed. Follow the principle of least privilege. If the user asked about their own profile, return their profile, not everyone’s.

What the LLM sees

The LLM sees the tool’s response in full. Whatever your MCP server returns becomes part of the LLM’s context, and the LLM may surface any of it in conversation. If there is information you never want a user to see, do not make it available to the LLM. This applies to MCP server responses, tool outputs, and any other data that enters the agent’s context. LLMs are not reliable keepers of secrets. This is not a prohibition on returning sensitive data. If your use case requires it, that is your decision. But make it a conscious one, with an understanding of where that data ends up.

Header trust model

The x-user-id, x-app-uid, and x-session-tags headers are set by the Mindset AI platform based on authenticated session data. They are trustworthy as long as:
  1. Your MCP server validates the API key (Bearer token) via the authentication middleware. This confirms the request came from the Mindset AI platform, not from an arbitrary caller.
  2. You do not expose your MCP server endpoint publicly without API key validation.
If someone bypasses the API key check, they can set any headers they want. The API key is what makes the headers trustworthy.

Quick reference

Data channels overview

The four channels in context, including how session parameters relate to the others.

Situational Awareness

Per-message context for the LLM.

Pass-through Parameters

Direct data injection into tool calls.

AgentSessions API

How to create sessions with parameters.