[BUG] Managed MCP server tools permanently stuck in "Needs Approval" — users cannot approve unlisted tools, contradicting docs and UI
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When an MCP server is deployed via managedMcpServers, all tools are shown to users as "Needs Approval" and are grayed out with no way to act on them.
The in-app Tool policy UI tooltip from the configuration menu reads:
_"Lock the approval state for specific tools. Unlisted tools stay user-controlled."_
The configuration reference docs describe toolPolicy as:
Map of tool name →"allow"/"ask"/"blocked". Locks the per-tool approval state for that server.
Neither source documents or justifies what actually happens: unlisted tools are permanently locked in an unresolvable "Needs Approval" state that users cannot act on.
Steps to Reproduce
- Deploy a remote MCP server via
managedMcpServersin Cowork on 3P configuration - Do not set a
toolPolicyon the server entry (e.g. a minimal config like below) - Open the app as a user and go to Settings → the managed MCP server
{
"name": "My Server",
"transport": "http",
"url": "https://example.com/mcp",
"oauth": true
}
Expected: Tools are user-controllable — users can approve or deny them on demand, consistent with the UI tooltip and docs.
Actual: Every tool shows "Needs Approval" and is grayed out. Users have no way to approve or deny tools. Tools are completely unusable.
Workaround (and why it's unacceptable)
The only workaround is to manually enumerate every tool name and set each to "allow":
{
"name": "My Server",
"transport": "http",
"url": "https://example.com/mcp",
"oauth": true,
"toolPolicy": {
"tool_one": "allow",
"tool_two": "allow"
}
}
This is problematic because:
- The admin must know every tool name in advance with no discovery mechanism in the config UI
- If the MCP server adds or renames tools, they silently revert to the broken grayed-out state
- This requires a config update + full app restart to fix, with no user-facing recourse
- It directly contradicts the stated behavior: "unlisted tools stay user-controlled"
Expected Behavior
One of the following (in order of preference):
- Unlisted tools are genuinely user-controlled — users see an approve/deny prompt when a tool is first invoked, consistent with the UI copy and docs. This matches stated intent and requires no config changes.
- A wildcard
toolPolicyvalue (e.g."*": "allow") that lets admins approve all tools without enumeration — also requested in #58082. - At minimum, accurate documentation — if enumerate-or-broken is intentional, the docs and UI tooltip must say so explicitly, and the config UI should provide a tool discovery mechanism.
Impact
Any organization deploying managed MCP servers without knowing to explicitly enumerate every tool in toolPolicy will find their users completely unable to use any MCP tools. This is the silent default behavior with no warning.
Environment
- Product: Claude desktop app (Cowork on 3P)
- Area: Managed MCP servers / tool policy
- Severity: High — blocks all tool use for users on managed MCP deployments
What Should Happen?
Unlisted tools are genuinely user-controlled — users see an approve/deny prompt when a tool is first invoked, consistent with the UI copy and docs. This matches stated intent and requires no config changes. Users can set their own policy from the "customize" settings.
Alternatively, helpful behavior:
- A wildcard
toolPolicyvalue (e.g."*": "allow") that lets admins approve all tools without enumeration — also requested in #58082. - At minimum, accurate documentation — if enumerate-or-broken is intentional, the docs and UI tooltip must say so explicitly, and the config UI should provide a tool discovery mechanism.
Error Messages/Logs
Steps to Reproduce
- Deploy a remote MCP server via
managedMcpServersin Cowork on 3P configuration - Do not set a
toolPolicyon the server entry (e.g. a minimal config like below) - Open the app as a user and go to Settings → the managed MCP server
{
"name": "My Server",
"transport": "http",
"url": "https://example.com/mcp",
"oauth": true
}
Expected: Tools are user-controllable — users can approve or deny them on demand, consistent with the UI tooltip and docs.
Actual: Every tool shows "Needs Approval" and is grayed out. Users have no way to approve or deny tools. Tools are completely unusable.
Claude Model
None
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
Claude 1.8555.0 (8245b7)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Related Issue
This is related to but distinct from #58082, which requests glob-syntax support for toolPolicy. That issue is framed as a feature request. This is a bug report: the current behavior contradicts what the documentation and in-app UI explicitly state.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗