[BUG] alwaysAllowedMcpTools configuration not being respected

Resolved 💬 3 comments Opened Dec 6, 2025 by khcarlso Closed Dec 10, 2025

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Bug Report: alwaysAllowedMcpTools Configuration Not Being Respected

Environment

  • Claude Code Version: 2.0.60
  • Platform: macOS (darwin-arm64)
  • VSCode Version: [Current]
  • Date: 2025-12-06

Issue Description

The alwaysAllowedMcpTools configuration is not being respected by Claude Code. Despite having MCP tools explicitly listed in both global and project-level config files, Claude continues to prompt for user approval when attempting to use these tools.

Configuration Files

Global Config (~/.claude/config.json)

{
  "alwaysAllowedMcpTools": [
    "mcp__clickup__clickup_search",
    "mcp__clickup__clickup_get_task",
    "mcp__clickup__clickup_get_workspace_tasks",
    "mcp__clickup__clickup_get_workspace_hierarchy",
    "mcp__clickup__clickup_get_task_comments",
    "mcp__clickup__clickup_get_task_time_entries",
    "mcp__clickup__clickup_get_current_time_entry",
    "mcp__clickup__clickup_get_list",
    "mcp__clickup__clickup_get_folder",
    "mcp__clickup__clickup_get_workspace_members",
    "mcp__clickup__clickup_find_member_by_name",
    "mcp__clickup__clickup_resolve_assignees",
    "mcp__clickup__clickup_get_chat_channels",
    "mcp__clickup__clickup_list_document_pages",
    "mcp__clickup__clickup_get_document_pages",
    "mcp__clickup__clickup_get_code_connect_map"
  ]
}

Project Config (<project>/.claude/config.json)

{
  "alwaysAllowedMcpTools": [
    "mcp__clickup__clickup_search",
    "mcp__clickup__clickup_get_task",
    "mcp__clickup__clickup_get_workspace_tasks",
    "mcp__clickup__clickup_get_workspace_hierarchy",
    "mcp__clickup__clickup_get_task_comments",
    "mcp__clickup__clickup_get_task_time_entries",
    "mcp__clickup__clickup_get_current_time_entry",
    "mcp__clickup__clickup_get_list",
    "mcp__clickup__clickup_get_folder",
    "mcp__clickup__clickup_get_workspace_members",
    "mcp__clickup__clickup_find_member_by_name",
    "mcp__clickup__clickup_resolve_assignees",
    "mcp__clickup__clickup_get_chat_channels",
    "mcp__clickup__clickup_list_document_pages",
    "mcp__clickup__clickup_get_document_pages",
    "mcp__clickup__clickup_get_code_connect_map"
  ]
}

Both files have been validated as proper JSON syntax.

Expected Behavior

Tools listed in alwaysAllowedMcpTools should be automatically approved and not prompt the user for permission.

Actual Behavior

Despite the configuration, every attempt to use tools like mcp__clickup__clickup_search results in a permission prompt to the user.

Steps to Reproduce

  1. Create ~/.claude/config.json with alwaysAllowedMcpTools array
  2. Create <project>/.claude/config.json with same configuration (I added this after it didn't pick up the user config)
  3. Validate JSON syntax is correct
  4. Restart VSCode completely
  5. Attempt to use an MCP tool listed in the configuration
  6. Result: User is still prompted for approval

Attempted Solutions (All Failed)

  • ✗ Reloaded VSCode developer window
  • ✗ Completely quit and restarted VSCode
  • ✗ Verified JSON syntax with jq
  • ✗ Added configuration to both global and project levels
  • ✗ Checked for VSCode settings that might override

Process Information

Running Claude process shows:

--setting-sources user,project,local --permission-mode default

The --permission-mode default might be overriding the alwaysAllowedMcpTools configuration.

Impact

This prevents effective automation of workflows that rely on read-only MCP operations (like ClickUp task queries). Users have to manually approve each tool use, defeating the purpose of the alwaysAllowedMcpTools configuration.

Use Case

The user wants to allow read-only ClickUp operations (search, get task, etc.) without requiring approval each time, while still maintaining security for write operations. This is a reasonable use case for the alwaysAllowedMcpTools feature.

Suggested Fix

Investigate why alwaysAllowedMcpTools configuration is not being loaded or applied correctly. Possible areas:

  1. Configuration file loading order/priority
  2. Permission mode flag overriding configuration
  3. Config caching issues
  4. MCP tool name matching logic

Workaround

Currently none available except using bypassPermissions mode (which is too permissive and not desired).

What Should Happen?

Claude code should pick up the permissions in config.json and allow clickup read actions to take place without explicit approval.

Error Messages/Logs

## Steps to Reproduce
1. Create `~/.claude/config.json` with `alwaysAllowedMcpTools` array
2. Create `<project>/.claude/config.json` with same configuration (I added this after it didn't pick up the user config)
3. Validate JSON syntax is correct
4. Restart VSCode completely
5. Attempt to use an MCP tool listed in the configuration
6. **Result**: User is still prompted for approval

Steps to Reproduce

Steps to Reproduce

  1. Create ~/.claude/config.json with alwaysAllowedMcpTools array
  2. Create <project>/.claude/config.json with same configuration (I added this after it didn't pick up the user config)
  3. Validate JSON syntax is correct
  4. Restart VSCode completely
  5. Attempt to use an MCP tool listed in the configuration
  6. Result: User is still prompted for approval

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.0.60 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗