Feature request: Allow MCP servers from managed plugins in allowedMcpServers

Resolved 💬 3 comments Opened Apr 10, 2026 by tylercaldwell Closed Jun 25, 2026

Problem

There is currently no way for enterprise admins to say "allow MCP servers that come from managed plugins, block everything else."

allowedMcpServers: [] in managed settings blocks all MCP servers including plugin-provided ones (which use the plugin:<name>:<server> naming convention). The colon in those names also cannot be used in serverName entries due to validation (#32882, #32883). The result: you can either allow all MCP servers or block all of them — there is no middle ground that respects the managed plugin trust boundary already established by strictKnownMarketplaces.

Proposed solution

Add a sentinel value to allowedMcpServers that allows any MCP server registered by an enabled plugin from an approved marketplace:

{
  "strictKnownMarketplaces": [
    { "source": "github", "repo": "my-org/plugins" }
  ],
  "allowedMcpServers": [
    { "source": "managedPlugins" }
  ]
}

This would allow plugin MCPs through while blocking anything a user adds manually via claude mcp add.

Why this matters

strictKnownMarketplaces already establishes a trust boundary at the plugin level. MCP servers bundled by those plugins should be able to inherit that trust. Today there is no mechanism to express this, leaving a gap where manually-added MCP servers from arbitrary sources cannot be blocked without also breaking all plugin MCPs.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗