diff --git a/gateway/common/request_context.py b/gateway/common/request_context.py
index 0556c61..11b477d 100644
--- a/gateway/common/request_context.py
+++ b/gateway/common/request_context.py
@@ -26,7 +26,7 @@ class RequestContext:
     guardrails: Optional[GuardrailRuleSet] = None
     config: Dict[str, Any] = None
     
-    # extra headers to send to invariant services (Explorer, Guardrails, etc.)
+    # extra parameters available as input.<key> during guardrail evaluation
     guardrails_parameters: Optional[Dict[str, Any]] = None
 
     _created_via_factory: bool = field(
diff --git a/gateway/mcp/mcp.py b/gateway/mcp/mcp.py
index 3c81991..6aa07e9 100644
--- a/gateway/mcp/mcp.py
+++ b/gateway/mcp/mcp.py
@@ -178,11 +178,13 @@ def get_guardrails_check_result(
         invariant_authorization="Bearer " + os.getenv("INVARIANT_API_KEY"),
         guardrails=ctx.guardrails,
         guardrails_parameters={
-            "session_id": ctx.local_session_id,
-            "system_user": user_and_host(),
-            "mcp_client": ctx.mcp_client_name,
-            "mcp_server": ctx.mcp_server_name,
-            **(ctx.extra_metadata or {})
+            "metadata": {
+                "session_id": ctx.local_session_id,
+                "system_user": user_and_host(),
+                "mcp_client": ctx.mcp_client_name,
+                "mcp_server": ctx.mcp_server_name,
+                **(ctx.extra_metadata or {})
+            }
         }
     )
 
diff --git a/gateway/mcp/mcp_context.py b/gateway/mcp/mcp_context.py
index d4a0541..8a07e97 100644
--- a/gateway/mcp/mcp_context.py
+++ b/gateway/mcp/mcp_context.py
@@ -39,7 +39,7 @@ class McpContext:
             blocking_guardrails=[], logging_guardrails=[]
         )
 
-        # parsed from CLI
+        # parsed from CLI (all --metadata-* args)
         self.extra_metadata: Dict[str, str] = {}
         for arg in extra_args:
             assert "=" in arg, f"Invalid extra metadata argument: {arg}"