[FEATURE] Claude Desktop: Allow permanent auto-approval of read-only MCP tools (Read, Grep, Glob, WebSearch, WebFetch)

Resolved 💬 5 comments Opened Feb 15, 2026 by jerwitz02 Closed Mar 22, 2026

Problem

When Claude Code runs as an MCP server inside Claude for Desktop, every MCP tool call requires manual permission approval — including completely read-only, zero-risk tools like Read, Grep, Glob, WebSearch, and WebFetch.

This creates enormous friction. A single research task can trigger dozens of permission prompts for tools that literally cannot modify anything.

Meanwhile, in the Claude Code CLI, these same tools are already auto-allowed by default — they never prompt for permission, because Anthropic correctly identified them as non-destructive. This inconsistency between the CLI and MCP-in-Desktop experiences is the core issue.

Current behavior

  1. User configures Claude Code as an MCP server in Claude Desktop
  2. User asks Claude to research something / explore a codebase
  3. Claude attempts to call Read, Grep, Glob, WebSearch, or WebFetch
  4. Claude Desktop prompts: "Allow this tool call?"
  5. User clicks "Allow" (or "Allow for this chat" if available)
  6. Steps 3-5 repeat dozens of times per conversation
  7. There is no "always allow" option that persists across chats

Desired behavior

Allow users to permanently auto-approve specific MCP tools — either through:

  • A global setting in Claude Desktop preferences (e.g., per-tool or per-tool-category allowlist)
  • Respecting the permission tiers already built into Claude Code (read-only = auto-allowed)
  • A per-MCP-server trust configuration (e.g., "trust all read-only tools from this server")
  • Or at minimum, a blanket "read-only MCP tools are always allowed" toggle

Why this matters

  • Read-only tools cannot cause harm — they don't write files, don't execute commands, don't send data anywhere
  • Claude Code CLI already auto-allows them — the risk assessment has already been done
  • The current UX makes Claude Desktop + Claude Code MCP nearly unusable for research-heavy or exploration-heavy workflows
  • This is the #1 friction point in the Claude Desktop + MCP experience for power users

Related issues

  • #7328 — MCP Tool Filtering (focused on context window, but overlapping concern)
  • #10801 — No way to bypass MCP tool approval prompts in VSCode extension

Environment

  • Claude for Desktop (macOS)
  • Claude Code running as MCP server
  • Affected tools: Read, Grep, Glob, WebSearch, WebFetch, and other non-destructive MCP tools

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗