Skip to content

fix(agent): escalate MCP Store tool approvals to users#2954

Closed
cvolzer3 wants to merge 4 commits into
mainfrom
codex/sandbox-mcp-tool-permissions
Closed

fix(agent): escalate MCP Store tool approvals to users#2954
cvolzer3 wants to merge 4 commits into
mainfrom
codex/sandbox-mcp-tool-permissions

Conversation

@cvolzer3

@cvolzer3 cvolzer3 commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add MCP Store tool approval metadata and approval-state resolution for agent sessions
  • route approval-required MCP tool calls through the existing agent permission request flow
  • persist allow-always decisions and refresh active approval state after MCP Store approval changes
  • add coverage for Claude pre-tool approval behavior and cloud/session approval relay logic

Stack 1/2. This PR contains the shared MCP approval plumbing and Claude-side approval path.

Stack 2/2: #2984 replaces the prior Codex MCP proxy approach with Codex PreToolUse/PostToolUse hooks so Codex reaches parity through the same approval model.

Testing

cvolzer3 added 2 commits June 26, 2026 17:22
Cloud sessions surfaced the MCP Store proxy's "requires approval" (-32001)
instead of prompting the user. Two root causes:

- bypassPermissions (the cloud Claude default) skips canUseTool, where the
  MCP approval gate lives, so needs_approval tools ran unchecked. Add a
  PreToolUse hook that forces ask/deny for needs_approval / do_not_use
  MCP Store tools, which runs in every permission mode.
- approval state was stored on the volatile MCP metadata cache, which
  clearMcpToolMetadataCache() wipes on every server refresh/reconnect.
  Move it to a dedicated cache that survives refreshes so the gate keeps
  seeing the right state mid-session.

Also hardens mcp-store tool-key resolution and wires codex approval support.
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

React Doctor found no issues in the changed files. 🎉

Reviewed by React Doctor for commit 979cfc7.

Comment thread packages/agent/src/mcp-store/tool-keys.ts Fixed
Comment thread packages/agent/src/mcp-store/tool-keys.ts Fixed
@greptile-apps

greptile-apps Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Reviews (1): Last reviewed commit: "fix(agent): escalate mcp-store tool appr..." | Re-trigger Greptile

Comment thread packages/agent/src/server/agent-server.ts Outdated
Comment thread packages/agent/src/adapters/claude/mcp/tool-metadata.ts
@cvolzer3 cvolzer3 force-pushed the codex/sandbox-mcp-tool-permissions branch from 973b336 to 979cfc7 Compare June 29, 2026 14:28
@cvolzer3 cvolzer3 changed the title fix(agent): escalate mcp-store tool approvals to the user fix(agent): escalate MCP Store tool approvals to users Jun 29, 2026
@cvolzer3 cvolzer3 marked this pull request as ready for review June 30, 2026 12:56
@greptile-apps

greptile-apps Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Reviews (2): Last reviewed commit: "fix(agent): address mcp approval review ..." | Re-trigger Greptile

@cvolzer3 cvolzer3 closed this Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants