[FEATURE] MCP Tool-Level Access Control for Agents
Resolved 💬 5 comments Opened Mar 5, 2026 by BeiKeJieDeLiuLangMao Closed May 25, 2026
MCP Tool-Level Access Control
Summary
Enable fine-grained access control for MCP tools at the tool level, not just server level.
Current State
# Agent frontmatter - mcpServers controls entire servers
mcpServers:
- aone-mix # ALL tools in this server are accessible
- code
- sls-mcp
Problem: When an agent needs aone-mix, it gets access to all 20+ tools including sensitive operations like close_change_request, submit_cr_to_pre_intg, etc.
Proposed Solution
Option A: Whitelist Mode (Recommended)
---
mcpServers:
- aone-mix
allowedTools:
aone-mix:
- get_change_request_by_branch
- create_change_request
- create_mix_flow_inst
- get_mix_flow_inst_detail
code:
- get_single_file
- list_repo_files
---
Option B: Blacklist Mode
---
mcpServers:
- aone-mix
excludedTools:
aone-mix:
- close_change_request
- submit_cr_to_pre_intg
- switchOwner
---
Option C: settings.local.json Global Config
{
"mcpToolFilters": {
"aone-mix": {
"allowed": ["get_change_request_by_branch", "create_change_request"],
"blocked": ["close_change_request", "submit_cr_to_pre_intg"]
}
}
}
Use Cases
- Deploy Agent: Should create/monitor pipelines but NOT close change requests
- Explorer Agent: Should read code but NOT push commits or create MRs
- Production Safety: Prevent accidental production operations in dev environments
Priority
High - Security and safety concern for multi-agent systems
Related
- Issue #7328: "[FEATURE] MCP Tool Filtering: Allow Selective Enable/..." (if exists)
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗