Chrome MCP per-domain prompt re-triggers every session despite tool allowlist — no settings.json syntax to allow domains
Summary
A recent Claude Code update added a second permission layer on Chrome MCP (mcp__Claude_in_Chrome__*) tools that checks the domain parameter. Even when the tool name is allowlisted (and even in bypassPermissions mode), the user is prompted on every new domain, every session. There is no settings.json syntax to allow specific domains — the validator rejects parenthesized parameter patterns.
Environment
- OS: Windows 11 Pro
- Shell: PowerShell
- Permission mode:
Bypass permissions(status line shows it active) - MCP server:
Claude_in_Chrome
Reproduction
- In
permissions.allow, addmcp__Claude_in_Chrome__*(or any of the specific tool names likemcp__Claude_in_Chrome__navigate,mcp__Claude_in_Chrome__browser_batch). - Set permission mode to
bypassPermissions. - Have Claude run
mcp__Claude_in_Chrome__navigateto any URL on a new domain.
Expected: No prompt — tool is allowlisted, bypass mode is active.
Actual: A permission dialog appears titled Allow Claude to use browser:navigate? with body:
{
"domain": "developers.facebook.com"
}
The dialog offers Deny / Always allow / Allow once with a session chip. "Always allow" persists only for the session.
Workaround attempt that fails
Trying to add a parameter-scoped rule to permissions.allow:
"mcp__Claude_in_Chrome__navigate(domain:*)"
Validation rejects with:
MCP rules do not support patterns in parentheses. Use "mcp__Claude_in_Chrome__navigate" without parentheses, or use "mcp__Claude_in_Chrome__*" for all tools.
But the bare tool name and the server-wildcard both leave the per-domain prompt in place. There is no syntax that suppresses it.
What changed
Before the update, "Always allow" on a domain persisted permanently and the issue did not recur on later sessions. After the update, that allow is session-scoped only — every new session re-prompts.
Asks
- Treat
bypassPermissionsas covering the per-domain check as well (it currently doesn't). - Or: allow
mcp__Claude_in_Chrome__navigate(domain:*)/mcp__Claude_in_Chrome__navigate(domain:example.com)inpermissions.allow, mirroring the existingWebFetch(domain:...)syntax. - Or: restore the prior behavior where "Always allow" on a domain persists across sessions.
Any of the three resolves the regression. The first or second is preferred since it's configurable in version-controlled settings.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗