[FEATURE] Cowork: Make "Allow once" easier to select in MCP permission dialogs

Resolved 💬 5 comments Opened Mar 19, 2026 by ozydingo Closed Jul 12, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently in Cowork's MCP permission dialog, "Always allow" is the primary action button, and "Allow once" requires clicking a small dropdown. This makes it easy to inadvertently grant persistent permissions when you only intended to approve a single action — especially when clicking through multiple approval dialogs quickly (e.g. at session start with MCP servers that expose many tools).

<img width="541" height="315" alt="Image" src="https://github.com/user-attachments/assets/b0d07931-d7fd-4fa3-a7cd-da2fee6a5209" />

It would be helpful to make "Allow once" more accessible in the UI so users can easily choose it without the extra dropdown step. Some possible approaches:

  • Give both options equal visual weight as side-by-side buttons
  • Make "Allow once" the default/primary action, with "Always allow" as the secondary option
  • Add a user or org-level setting to configure which option is the default

This is particularly relevant for teams where admins want to encourage least-privilege habits. When the most permissive option is also the fastest to click, it's hard to advise people to be thoughtful about write/delete permissions.
Related issues

  • #24433 — "Always allow" for MCP tools doesn't persist across Cowork sessions
  • #26529 — Control where "Always allow" permissions are persisted
  • #18375 — Per-command permission control for "Allow Always"
  • #30953 — Honor managed-settings.json for all permissions

Proposed Solution

Any / all of the following:

  • Give both options equal visual weight as side-by-side buttons
  • Make "Allow once" the default/primary action, with "Always allow" as the secondary option (prioritize security in default UX flow)
  • Add a user or org-level setting to configure which option is the default

Alternative Solutions

"Allow Once" is available, but I have already inadvertently clicked "Always Allow", and in trying to educate my team on security concerns this default has come up as problematic.

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

  1. Start a task that requires destructive permissions, e.g. write contact data to HubSpot
  2. Get permission prompt, where default and only visible action is "Always Allow"
  3. Either by not seeing another option or by clicking a couple pixels to the left, get "Always Allow" instead of "Allow Once"
  4. Now, destructive actions with my HubSpot auth are always allowed -- a pretty bad security posture.

Additional Context

This limitation is giving our legal & sec team major reservations on opening up Cowork usage.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗