[BUG] MCP tools prompt for permission even when already authorized in permission settings
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When an MCP server (e.g., Linear) is configured and permissions are pre-authorized in the settings file, Claude Code still prompts the user for permission upon first tool invocation in a new session. The permission check appears to be coupled to the lazy-loading/discovery step (ToolSearch) rather than consulting the existing permission file. This means pre-authorized MCP tools require redundant user approval every session.
What Should Happen?
Tool schema loading and permission authorization should be decoupled:
- Tool definition loading — Lazy-load via ToolSearch (current behavior, fine for performance)
- Permission checking — On tool invocation, check the permission settings file first. Only prompt the user if the tool/MCP server is NOT already authorized.
If I've already configured and authorized Linear MCP in my permissions, I should not be re-prompted for permission when invoking the tool.
Error Messages/Logs
No error per se — the tool executes after the redundant permission prompt. The issue is the unnecessary permission prompt itself.
Steps to Reproduce
- Configure an MCP server (e.g., Linear) in Claude Code settings
- Grant permissions for the MCP tools in the permission settings file
- Start a fresh Claude Code session
- Ask Claude to perform a task requiring the MCP tool (e.g., "list my Linear issues")
- Claude uses ToolSearch to lazy-load the tool definition (expected, fine)
- Claude invokes the loaded tool → user is prompted for permission despite it being pre-authorized in settings
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.56 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
The core issue is that two orthogonal concerns are conflated:
- Tool schema loading (lazy/deferred) — This is fine and good for performance when many MCP servers are configured. No change needed.
- Permission authorization — This should consult the permission settings file before prompting the user. Currently it prompts regardless of pre-authorization.
This creates unnecessary friction and erodes trust in the permission system — users wonder why they configured permissions if they'll be prompted anyway.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗