[BUG] Routine sessions: Slack MCP tools fail with "MCP tool call requires approval" despite "Always allow" being set

Resolved 💬 2 comments Opened May 21, 2026 by shwetamyt Closed May 23, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Environment:

Claude Code on the web (remote execution / routine)
Slack MCP integration
Session type: automated routine (no interactive UI)
Bug description:
In routine (automated) sessions, MCP tool calls to the Slack integration consistently fail with:

Streamable HTTP error: Error POSTing to endpoint: MCP tool call requires approval
This happens even though the Slack MCP server is set to "Always allow" in the environment settings.

Root cause (diagnosed):
The MCP client logs show "No token data found" repeatedly. The env var CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR=4 is set, but fd 4 is empty in routine sessions. As a result, the CCR proxy at api.anthropic.com/v2/ccr-sessions/.../mcp receives unauthenticated MCP tool calls — it cannot look up the user's "Always allow" setting without a user identity, so it falls back to "requires approval."

In interactive sessions this works correctly because fd 4 is populated with the OAuth token.

What Should Happen?

Slack user lookups (slack_search_users) — should work automatically via MCP, no approval prompt
Post digest to Slack (slack_send_message) — should work automatically via MCP, no approval prompt
The Slack MCP tools should behave exactly like they do in an interactive session — the "Always allow" setting you configured should mean the routine never sees an approval gate. The OAuth token (fd 4) should be populated by the runtime so the CCR proxy can identify you as the user who said "Always allow."

Error Messages/Logs

Streamable HTTP error: Error POSTing to endpoint: MCP tool call requires approval

Steps to Reproduce

Set up a Slack MCP integration in a Claude Code on the web environment
Set it to "Always allow"
Run a routine that calls any mcp__Slack__* tool
Observe: every call fails with "requires approval" regardless of the "Always allow" setting
Expected: Routine sessions should pass the user OAuth token to the MCP client (fd 4), so "Always allow" is respected without requiring interactive approval each session.

Workaround attempted: Adding "defaultMode": "bypassPermissions" to ~/.claude/settings.json on the persistent disk — confirmed it persists across sessions but does not fix the CCR proxy approval check.

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.146

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗