[DOCS] `--mcp-config` CLI flag now subject to `allowedMcpServers`/`deniedMcpServers` managed policy — docs don't mention this enforcement applies to CLI-loaded servers
Documentation Type
Missing documentation (feature not documented)
Documentation Location
https://code.claude.com/docs/en/cli-reference
https://code.claude.com/docs/en/mcp
https://code.claude.com/docs/en/settings
Section/Topic
- CLI reference:
--mcp-configand--strict-mcp-configflag descriptions - MCP page: "Managed MCP configuration" → "Option 2: Policy-based control with allowlists and denylists" section
- Settings page:
allowedMcpServers/deniedMcpServerstable rows
Current Documentation
cli-reference.md — --mcp-config row:
Load MCP servers from JSON files or strings (space-separated)
cli-reference.md — --strict-mcp-config row:
Only use MCP servers from --mcp-config, ignoring all other MCP configurations
mcp.md — Managed MCP "Option 2" intro (line ~1200):
Instead of taking exclusive control, administrators can allow users to configure their own MCP servers while enforcing restrictions on which servers are permitted. This approach usesallowedMcpServersanddeniedMcpServersin the managed settings file.
mcp.md — Note at end of managed section (line ~1371):
When usingmanaged-mcp.json: Users cannot add MCP servers throughclaude mcp addor configuration files. TheallowedMcpServersanddeniedMcpServerssettings still apply to filter which managed servers are actually loaded.
What's Wrong or Missing?
Claude Code v2.1.83 fixed a bug where the --mcp-config CLI flag bypassed allowedMcpServers/deniedMcpServers managed policy enforcement. Prior to this fix, an administrator's managed policy allowlist/denylist had no effect on MCP servers loaded via --mcp-config, which was a security gap.
The docs currently do not explain:
- That
--mcp-config-loaded servers are subject to managed policy enforcement. The--mcp-configdescription says only "Load MCP servers from JSON files or strings" — it gives no indication thatallowedMcpServers/deniedMcpServersapply to servers loaded this way.
- That
--strict-mcp-configdoes not exempt servers from managed policy checks.--strict-mcp-configrestricts the source of MCP configs (ignoring user/project configs), but the bug fix makes clear it does not and should not bypass policy enforcement.
- The scope of
allowedMcpServers/deniedMcpServerscoverage. The managed MCP section describes policy applying to servers configured "throughclaude mcp addor configuration files" but does not explicitly call out the--mcp-configCLI flag as also covered. Administrators deploying managed policies need to know all MCP loading paths are enforced.
This is a meaningful security/compliance documentation gap for organizations using managed MCP policy. An administrator who read only the current docs could incorrectly believe --mcp-config provided a policy-exempt path for loading MCP servers.
Suggested Improvement
cli-reference.md — --mcp-config description:
Add a note that managed policy (allowedMcpServers/deniedMcpServers) applies to servers loaded via this flag:
Load MCP servers from JSON files or strings (space-separated). Servers loaded this way are subject toallowedMcpServers/deniedMcpServersmanaged policy enforcement.
cli-reference.md — --strict-mcp-config description:
Clarify the flag controls config source selection, not policy bypass:
Only use MCP servers from--mcp-config, ignoring all other MCP configurations. Does not bypass managed policy enforcement —allowedMcpServers/deniedMcpServersrestrictions still apply.
mcp.md — "Allowlist behavior" and "Denylist behavior" subsections (or the Option 2 intro):
Add a sentence explicitly stating coverage extends to CLI-loaded servers:
These restrictions apply to all MCP server loading paths, includingclaude mcp add, configuration files (.mcp.json,~/.claude.json), and the--mcp-configCLI flag.
mcp.md — existing Note about managed-mcp.json:
Expand to mention --mcp-config:
When usingmanaged-mcp.json: Users cannot add MCP servers throughclaude mcp add, configuration files, or--mcp-config. TheallowedMcpServersanddeniedMcpServerssettings still apply to filter which managed servers are actually loaded.
Impact
High - Prevents users from using a feature
Additional Context
Source: Changelog v2.1.83 — "Fixed --mcp-config CLI flag bypassing allowedMcpServers/deniedMcpServers managed policy enforcement"
Affected pages:
- https://code.claude.com/docs/en/cli-reference (flags:
--mcp-config,--strict-mcp-config) - https://code.claude.com/docs/en/mcp (section: "Managed MCP configuration", "Option 2: Policy-based control with allowlists and denylists")
- https://code.claude.com/docs/en/settings (rows:
allowedMcpServers,deniedMcpServers)
The allowedMcpServers/deniedMcpServers settings are well-documented in their own right — the gap is specifically that the docs never state which MCP loading paths these policies cover, leaving the --mcp-config flag unaddressed.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗