VS Code: deny in settings should prevent MCP tools from loading into context, not just block execution

Resolved 💬 2 comments Opened Mar 4, 2026 by sipak Closed Apr 2, 2026

Bug description

When a VS Code extension registers an MCP server, there is no clean way to prevent its tools from being loaded into Claude Code's context. The deny permission in ~/.claude/settings.json only blocks tool execution but still loads all tool definitions into context, wasting tokens (8.4k tokens for 14 tools in my case).

What I tried (in order)

  1. Disabled the VS Code extension (Pencil) — MCP tools still loaded into context
  2. Removed the server entry from ~/Library/Application Support/Code/User/mcp.json — still loaded
  3. Added "deny": ["mcp__pencil"] to ~/.claude/settings.json — tools still loaded into context (deny only blocks execution, not loading)
  4. Ran code --uninstall-extension highagency.pencildev — still loaded (old version 0.6.28 remained on disk alongside 0.6.30)
  5. Manually deleted both extension directories from ~/.vscode/extensions/ — finally worked after VS Code reload

Expected behavior

deny in Claude Code settings should prevent MCP tools from loading into context entirely — not just block their execution. Users should have a mechanism to control which MCP servers consume their context budget.

Alternatively, Claude Code should respect VS Code's extension disabled state and not register MCP servers from disabled extensions.

Impact

  • 14 MCP tools × ~600 tokens each = 8.4k tokens wasted per session with no way to reclaim them short of uninstalling the extension
  • Users who occasionally need an MCP-providing extension have to fully uninstall/reinstall instead of toggling it

Environment

  • macOS 14 (Darwin 23.6.0)
  • Claude Code v2.1.68
  • VS Code (latest)
  • Extension: highagency.pencildev (Pencil)

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗