ENABLE_CLAUDEAI_MCP_SERVERS should support per-server granularity (allowlist/denylist)

Resolved 💬 3 comments Opened Mar 5, 2026 by VirenMohindra Closed Apr 4, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

ENABLE_CLAUDEAI_MCP_SERVERS is all-or-nothing: true loads every claude.ai connector, false disables all of them. there's no way to keep one connector (e.g. slack) while hiding the 10+ others that show "needs authentication" in every /mcp listing and every project.

related issues have been filed (#29368, #29823, #26625, #20412) but none propose a concrete, backwards-compatible solution that extends the existing env var pattern.

Proposed Solution

extend ENABLE_CLAUDEAI_MCP_SERVERS to accept a comma-separated allowlist or denylist:

# current behavior (unchanged)
ENABLE_CLAUDEAI_MCP_SERVERS=true   # all enabled (default)
ENABLE_CLAUDEAI_MCP_SERVERS=false  # all disabled

# new: allowlist (only these load)
ENABLE_CLAUDEAI_MCP_SERVERS="Slack,Granola"

# new: denylist (all except these load)
ENABLE_CLAUDEAI_MCP_SERVERS="!Apollo.io,!Atlassian,!Gmail,!Google Calendar,!HubSpot,!Intercom,!Notion,!Ramp,!Snowflake,!Zapier"

alternatively, add a settings.json field:

{
  "enabledClaudeAiMcpServers": ["Slack", "Granola"],
  // or
  "disabledClaudeAiMcpServers": ["Apollo.io", "Gmail", "Google Calendar"]
}

Alternative Solutions

  • ENABLE_CLAUDEAI_MCP_SERVERS=false disables everything, including connectors you actually use
  • per-project disabledMcpServers works but must be set for every single project directory
  • disconnecting on claude.ai removes from both web and cli with no per-client control
  • permissions.deny blocks tool execution but definitions still load into context

Priority

Medium - Some impact, but have a workaround

Feature Category

Configuration and settings

Use Case Example

i use slack and granola daily in claude code. i don't use apollo, atlassian, gmail, google calendar, hubspot, intercom, notion, ramp, snowflake, or zapier. every new project shows 10+ "needs authentication" entries in /mcp. there's no global way to hide them without also losing slack.

Additional Context

this is backwards-compatible: true/false behavior is unchanged, the new syntax only activates when the value is neither true nor false.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗