Feature: Prevent denied MCP tools from being loaded into system context

Resolved 💬 2 comments Opened Feb 17, 2026 by farazoman Closed Mar 17, 2026

Problem

When MCP servers are disabled via deniedMcpServers in settings.json, they are still loaded into the system prompt and consume context, even though the permission system prevents them from being used. The deniedMcpServers setting only enforces permissions, not resource usage.

Requested Solution

Implement a way to completely prevent denied MCP tools from being included in the system instructions, such that:

  • Disabled servers don't contribute to initial context load
  • Users can have fine-grained control over which tools are loaded
  • This provides both security and efficiency benefits

Impact

This would allow users to truly opt-out of unused MCP servers without the context overhead, reducing token usage for users who don't need certain integrations (e.g., GitHub, Jira, CircleCI).

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗