Feature: Prevent denied MCP tools from being loaded into system context
Resolved 💬 2 comments Opened Feb 17, 2026 by farazoman Closed Mar 17, 2026
Problem
When MCP servers are disabled via deniedMcpServers in settings.json, they are still loaded into the system prompt and consume context, even though the permission system prevents them from being used. The deniedMcpServers setting only enforces permissions, not resource usage.
Requested Solution
Implement a way to completely prevent denied MCP tools from being included in the system instructions, such that:
- Disabled servers don't contribute to initial context load
- Users can have fine-grained control over which tools are loaded
- This provides both security and efficiency benefits
Impact
This would allow users to truly opt-out of unused MCP servers without the context overhead, reducing token usage for users who don't need certain integrations (e.g., GitHub, Jira, CircleCI).
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗