[DOCS] `--mcp-config` CLI flag now subject to `allowedMcpServers`/`deniedMcpServers` managed policy — docs don't mention this enforcement applies to CLI-loaded servers

Open 💬 5 comments Opened Mar 25, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/cli-reference
https://code.claude.com/docs/en/mcp
https://code.claude.com/docs/en/settings

Section/Topic

  • CLI reference: --mcp-config and --strict-mcp-config flag descriptions
  • MCP page: "Managed MCP configuration" → "Option 2: Policy-based control with allowlists and denylists" section
  • Settings page: allowedMcpServers / deniedMcpServers table rows

Current Documentation

cli-reference.md--mcp-config row:

Load MCP servers from JSON files or strings (space-separated)

cli-reference.md--strict-mcp-config row:

Only use MCP servers from --mcp-config, ignoring all other MCP configurations

mcp.md — Managed MCP "Option 2" intro (line ~1200):

Instead of taking exclusive control, administrators can allow users to configure their own MCP servers while enforcing restrictions on which servers are permitted. This approach uses allowedMcpServers and deniedMcpServers in the managed settings file.

mcp.md — Note at end of managed section (line ~1371):

When using managed-mcp.json: Users cannot add MCP servers through claude mcp add or configuration files. The allowedMcpServers and deniedMcpServers settings still apply to filter which managed servers are actually loaded.

What's Wrong or Missing?

Claude Code v2.1.83 fixed a bug where the --mcp-config CLI flag bypassed allowedMcpServers/deniedMcpServers managed policy enforcement. Prior to this fix, an administrator's managed policy allowlist/denylist had no effect on MCP servers loaded via --mcp-config, which was a security gap.

The docs currently do not explain:

  1. That --mcp-config-loaded servers are subject to managed policy enforcement. The --mcp-config description says only "Load MCP servers from JSON files or strings" — it gives no indication that allowedMcpServers/deniedMcpServers apply to servers loaded this way.
  1. That --strict-mcp-config does not exempt servers from managed policy checks. --strict-mcp-config restricts the source of MCP configs (ignoring user/project configs), but the bug fix makes clear it does not and should not bypass policy enforcement.
  1. The scope of allowedMcpServers/deniedMcpServers coverage. The managed MCP section describes policy applying to servers configured "through claude mcp add or configuration files" but does not explicitly call out the --mcp-config CLI flag as also covered. Administrators deploying managed policies need to know all MCP loading paths are enforced.

This is a meaningful security/compliance documentation gap for organizations using managed MCP policy. An administrator who read only the current docs could incorrectly believe --mcp-config provided a policy-exempt path for loading MCP servers.

Suggested Improvement

cli-reference.md — --mcp-config description:

Add a note that managed policy (allowedMcpServers/deniedMcpServers) applies to servers loaded via this flag:

Load MCP servers from JSON files or strings (space-separated). Servers loaded this way are subject to allowedMcpServers/deniedMcpServers managed policy enforcement.

cli-reference.md — --strict-mcp-config description:

Clarify the flag controls config source selection, not policy bypass:

Only use MCP servers from --mcp-config, ignoring all other MCP configurations. Does not bypass managed policy enforcement — allowedMcpServers/deniedMcpServers restrictions still apply.

mcp.md — "Allowlist behavior" and "Denylist behavior" subsections (or the Option 2 intro):

Add a sentence explicitly stating coverage extends to CLI-loaded servers:

These restrictions apply to all MCP server loading paths, including claude mcp add, configuration files (.mcp.json, ~/.claude.json), and the --mcp-config CLI flag.

mcp.md — existing Note about managed-mcp.json:

Expand to mention --mcp-config:

When using managed-mcp.json: Users cannot add MCP servers through claude mcp add, configuration files, or --mcp-config. The allowedMcpServers and deniedMcpServers settings still apply to filter which managed servers are actually loaded.

Impact

High - Prevents users from using a feature

Additional Context

Source: Changelog v2.1.83 — "Fixed --mcp-config CLI flag bypassing allowedMcpServers/deniedMcpServers managed policy enforcement"

Affected pages:

The allowedMcpServers/deniedMcpServers settings are well-documented in their own right — the gap is specifically that the docs never state which MCP loading paths these policies cover, leaving the --mcp-config flag unaddressed.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗