[FEATURE] Cowork: Make "Allow once" easier to select in MCP permission dialogs
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Currently in Cowork's MCP permission dialog, "Always allow" is the primary action button, and "Allow once" requires clicking a small dropdown. This makes it easy to inadvertently grant persistent permissions when you only intended to approve a single action — especially when clicking through multiple approval dialogs quickly (e.g. at session start with MCP servers that expose many tools).
<img width="541" height="315" alt="Image" src="https://github.com/user-attachments/assets/b0d07931-d7fd-4fa3-a7cd-da2fee6a5209" />
It would be helpful to make "Allow once" more accessible in the UI so users can easily choose it without the extra dropdown step. Some possible approaches:
- Give both options equal visual weight as side-by-side buttons
- Make "Allow once" the default/primary action, with "Always allow" as the secondary option
- Add a user or org-level setting to configure which option is the default
This is particularly relevant for teams where admins want to encourage least-privilege habits. When the most permissive option is also the fastest to click, it's hard to advise people to be thoughtful about write/delete permissions.
Related issues
- #24433 — "Always allow" for MCP tools doesn't persist across Cowork sessions
- #26529 — Control where "Always allow" permissions are persisted
- #18375 — Per-command permission control for "Allow Always"
- #30953 — Honor managed-settings.json for all permissions
Proposed Solution
Any / all of the following:
- Give both options equal visual weight as side-by-side buttons
- Make "Allow once" the default/primary action, with "Always allow" as the secondary option (prioritize security in default UX flow)
- Add a user or org-level setting to configure which option is the default
Alternative Solutions
"Allow Once" is available, but I have already inadvertently clicked "Always Allow", and in trying to educate my team on security concerns this default has come up as problematic.
Priority
High - Significant impact on productivity
Feature Category
Configuration and settings
Use Case Example
- Start a task that requires destructive permissions, e.g. write contact data to HubSpot
- Get permission prompt, where default and only visible action is "Always Allow"
- Either by not seeing another option or by clicking a couple pixels to the left, get "Always Allow" instead of "Allow Once"
- Now, destructive actions with my HubSpot auth are always allowed -- a pretty bad security posture.
Additional Context
This limitation is giving our legal & sec team major reservations on opening up Cowork usage.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗