Let read-only ccd_session_mgmt__search_session_transcripts be pre-authorized (it forces manual approval on every call)

Open 💬 1 comment Opened Jul 10, 2026 by Object-Orient

The built-in tool mcp__ccd_session_mgmt__search_session_transcripts prompts for manual approval on every call, and there's no supported way to pre-authorize it — its prompt says "requires explicit approval regardless of permission mode."

On desktop 2.1.170 (Windows 11), none of these suppress the prompt (tested with restart):

  • permissions.defaultMode: "bypassPermissions"
  • an explicit permissions.allow entry for the exact tool name
  • a PreToolUse hook returning permissionDecision: "allow" (the hook fires, prompt still appears)

So the mandatory-approval flag overrides the permission-mode, allow-rule, and hook layers alike.

This is a read-only search over existing transcripts (no writes/side effects), and in a continuity-heavy, many-session workflow it gets called constantly — so an approval on each call is significant friction for something safe to trust.

Ask: an opt-in way to trust it while keeping the default safe — e.g. honor a targeted allow rule or a PreToolUse allow-decision for it, or a setting that pre-authorizes the read-only ccd_session_mgmt query tools (search_session_transcripts, list_sessions) while keeping the mutating ones (archive_session, send_message) gated.

Environment: Claude Code desktop 2.1.170, Windows 11.

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗