[BUG] --disallowedTools flag still does not affect MCP server tools (v2.1.41)

Resolved 💬 4 comments Opened Feb 13, 2026 by Isoceth Closed Mar 14, 2026

Context

This is a reopen of #12863, which was incorrectly auto-closed by the stale issue bot despite active human engagement (see #16497 for discussion of that bot behaviour). The bug remains present.

What's Wrong

The --disallowedTools CLI flag has no effect on MCP server tools when using -p (non-interactive) mode. Built-in tools are correctly blocked, but MCP tools remain available regardless of the flag value.

Reproduction

Tested today on v2.1.41.

Test 1 — Block MCP tools (fails):

claude -p "List every tool you have access to." \
  --disallowedTools "mcp__plugin_context7_context7" "mcp__plugin_playwright_playwright"

Result: All 24 MCP tools still listed and available. Flag silently ignored.

Test 2 — Block built-in tools (control, works correctly):

claude -p "List every tool you have access to." \
  --disallowedTools "Bash" "Edit" "Write"

Result: Bash, Edit, Write correctly absent from tool list. All MCP tools still present.

Expected Behaviour

MCP tools should be blocked when specified in --disallowedTools, matching the documented permission syntax:

  • mcp__servername — all tools from a server
  • mcp__servername__toolname — a specific tool

Affected Versions

Confirmed across: 2.0.56 (original report) → 2.0.762.1.41 (today).

Use Case

Running Claude in automated/SDK contexts where specific MCP servers should be disabled for a clean, controlled environment — without having to modify MCP configuration between runs.

References

  • #12863 — Original report (auto-closed by bot)
  • #16497 — Bot incorrectly closing issues with recent human activity

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗