From e32a82cca5442bcc5a814781f08cf34086b7cfa4 Mon Sep 17 00:00:00 2001 From: webdevcody Date: Sat, 3 Jan 2026 23:00:20 -0500 Subject: [PATCH] refactor: remove MCP permission settings and streamline SDK options for autonomous mode - Removed MCP permission settings from the application, including related functions and UI components. - Updated SDK options to always bypass permissions and allow unrestricted tool access in autonomous mode. - Adjusted related components and services to reflect the removal of MCP permission configurations, ensuring a cleaner and more efficient codebase. --- apps/server/src/lib/sdk-options.ts | 48 ++++------ apps/server/src/lib/settings-helpers.ts | 35 ------- apps/server/src/providers/claude-provider.ts | 22 ++--- .../routes/enhance-prompt/routes/enhance.ts | 4 +- .../routes/features/routes/generate-title.ts | 4 +- apps/server/src/services/agent-service.ts | 8 -- apps/server/src/services/auto-mode-service.ts | 14 --- .../tests/unit/lib/settings-helpers.test.ts | 91 +----------------- .../mcp-servers/components/index.ts | 1 - .../components/mcp-permission-settings.tsx | 96 ------------------- .../mcp-servers/hooks/use-mcp-servers.ts | 15 +-- .../mcp-servers/mcp-servers-section.tsx | 20 +--- apps/ui/src/hooks/use-settings-migration.ts | 6 +- apps/ui/src/lib/http-api-client.ts | 2 - apps/ui/src/store/app-store.ts | 21 ---- libs/types/src/provider.ts | 2 - libs/types/src/settings.ts | 8 -- 17 files changed, 36 insertions(+), 361 deletions(-) delete mode 100644 apps/ui/src/components/views/settings-view/mcp-servers/components/mcp-permission-settings.tsx diff --git a/apps/server/src/lib/sdk-options.ts b/apps/server/src/lib/sdk-options.ts index d9b78398..59aa4c60 100644 --- a/apps/server/src/lib/sdk-options.ts +++ b/apps/server/src/lib/sdk-options.ts @@ -252,10 +252,14 @@ export function getModelForUseCase( /** * Base options that apply to all SDK calls + * + * AUTONOMOUS MODE: Always bypass permissions and allow dangerous operations + * for fully autonomous operation without user prompts. */ function getBaseOptions(): Partial { return { - permissionMode: 'acceptEdits', + permissionMode: 'bypassPermissions', + allowDangerouslySkipPermissions: true, }; } @@ -276,31 +280,27 @@ interface McpPermissionOptions { * Centralizes the logic for determining permission modes and tool restrictions * when MCP servers are configured. * + * AUTONOMOUS MODE: Always bypass permissions for fully autonomous operation. + * Always allow unrestricted tools when MCP servers are configured. + * * @param config - The SDK options config * @returns Object with MCP permission settings to spread into final options */ function buildMcpOptions(config: CreateSdkOptionsConfig): McpPermissionOptions { const hasMcpServers = config.mcpServers && Object.keys(config.mcpServers).length > 0; - // Default to true for autonomous workflow. Security is enforced when adding servers - // via the security warning dialog that explains the risks. - const mcpAutoApprove = config.mcpAutoApproveTools ?? true; - const mcpUnrestricted = config.mcpUnrestrictedTools ?? true; - // Determine if we should bypass permissions based on settings - const shouldBypassPermissions = hasMcpServers && mcpAutoApprove; - // Determine if we should restrict tools (only when no MCP or unrestricted is disabled) - const shouldRestrictTools = !hasMcpServers || !mcpUnrestricted; + // AUTONOMOUS MODE: Always bypass permissions and allow unrestricted tools + // Only restrict tools when no MCP servers are configured + const shouldRestrictTools = !hasMcpServers; return { shouldRestrictTools, - // Only include bypass options when MCP is configured and auto-approve is enabled - bypassOptions: shouldBypassPermissions - ? { - permissionMode: 'bypassPermissions' as const, - // Required flag when using bypassPermissions mode - allowDangerouslySkipPermissions: true, - } - : {}, + // AUTONOMOUS MODE: Always include bypass options (though base options already set this) + bypassOptions: { + permissionMode: 'bypassPermissions' as const, + // Required flag when using bypassPermissions mode + allowDangerouslySkipPermissions: true, + }, // Include MCP servers if configured mcpServerOptions: config.mcpServers ? { mcpServers: config.mcpServers } : {}, }; @@ -392,12 +392,6 @@ export interface CreateSdkOptionsConfig { /** MCP servers to make available to the agent */ mcpServers?: Record; - - /** Auto-approve MCP tool calls without permission prompts */ - mcpAutoApproveTools?: boolean; - - /** Allow unrestricted tools when MCP servers are enabled */ - mcpUnrestrictedTools?: boolean; } // Re-export MCP types from @automaker/types for convenience @@ -426,10 +420,7 @@ export function createSpecGenerationOptions(config: CreateSdkOptionsConfig): Opt return { ...getBaseOptions(), - // Override permissionMode - spec generation only needs read-only tools - // Using "acceptEdits" can cause Claude to write files to unexpected locations - // See: https://github.com/AutoMaker-Org/automaker/issues/149 - permissionMode: 'default', + // AUTONOMOUS MODE: Base options already set bypassPermissions and allowDangerouslySkipPermissions model: getModelForUseCase('spec', config.model), maxTurns: MAX_TURNS.maximum, cwd: config.cwd, @@ -458,8 +449,7 @@ export function createFeatureGenerationOptions(config: CreateSdkOptionsConfig): return { ...getBaseOptions(), - // Override permissionMode - feature generation only needs read-only tools - permissionMode: 'default', + // AUTONOMOUS MODE: Base options already set bypassPermissions and allowDangerouslySkipPermissions model: getModelForUseCase('features', config.model), maxTurns: MAX_TURNS.quick, cwd: config.cwd, diff --git a/apps/server/src/lib/settings-helpers.ts b/apps/server/src/lib/settings-helpers.ts index b6e86ff2..9a322994 100644 --- a/apps/server/src/lib/settings-helpers.ts +++ b/apps/server/src/lib/settings-helpers.ts @@ -191,41 +191,6 @@ export async function getMCPServersFromSettings( } } -/** - * Get MCP permission settings from global settings. - * - * @param settingsService - Optional settings service instance - * @param logPrefix - Prefix for log messages (e.g., '[AgentService]') - * @returns Promise resolving to MCP permission settings - */ -export async function getMCPPermissionSettings( - settingsService?: SettingsService | null, - logPrefix = '[SettingsHelper]' -): Promise<{ mcpAutoApproveTools: boolean; mcpUnrestrictedTools: boolean }> { - // Default to true for autonomous workflow. Security is enforced when adding servers - // via the security warning dialog that explains the risks. - const defaults = { mcpAutoApproveTools: true, mcpUnrestrictedTools: true }; - - if (!settingsService) { - return defaults; - } - - try { - const globalSettings = await settingsService.getGlobalSettings(); - const result = { - mcpAutoApproveTools: globalSettings.mcpAutoApproveTools ?? true, - mcpUnrestrictedTools: globalSettings.mcpUnrestrictedTools ?? true, - }; - logger.info( - `${logPrefix} MCP permission settings: autoApprove=${result.mcpAutoApproveTools}, unrestricted=${result.mcpUnrestrictedTools}` - ); - return result; - } catch (error) { - logger.error(`${logPrefix} Failed to load MCP permission settings:`, error); - return defaults; - } -} - /** * Convert a settings MCPServerConfig to SDK McpServerConfig format. * Validates required fields and throws informative errors if missing. diff --git a/apps/server/src/providers/claude-provider.ts b/apps/server/src/providers/claude-provider.ts index 33494535..f61db202 100644 --- a/apps/server/src/providers/claude-provider.ts +++ b/apps/server/src/providers/claude-provider.ts @@ -63,20 +63,13 @@ export class ClaudeProvider extends BaseProvider { } = options; // Build Claude SDK options - // MCP permission logic - determines how to handle tool permissions when MCP servers are configured. - // This logic mirrors buildMcpOptions() in sdk-options.ts but is applied here since - // the provider is the final point where SDK options are constructed. + // AUTONOMOUS MODE: Always bypass permissions for fully autonomous operation const hasMcpServers = options.mcpServers && Object.keys(options.mcpServers).length > 0; - // Default to true for autonomous workflow. Security is enforced when adding servers - // via the security warning dialog that explains the risks. - const mcpAutoApprove = options.mcpAutoApproveTools ?? true; - const mcpUnrestricted = options.mcpUnrestrictedTools ?? true; const defaultTools = ['Read', 'Write', 'Edit', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch']; - // Determine permission mode based on settings - const shouldBypassPermissions = hasMcpServers && mcpAutoApprove; - // Determine if we should restrict tools (only when no MCP or unrestricted is disabled) - const shouldRestrictTools = !hasMcpServers || !mcpUnrestricted; + // AUTONOMOUS MODE: Always bypass permissions and allow unrestricted tools + // Only restrict tools when no MCP servers are configured + const shouldRestrictTools = !hasMcpServers; const sdkOptions: Options = { model, @@ -88,10 +81,9 @@ export class ClaudeProvider extends BaseProvider { // Only restrict tools if explicitly set OR (no MCP / unrestricted disabled) ...(allowedTools && shouldRestrictTools && { allowedTools }), ...(!allowedTools && shouldRestrictTools && { allowedTools: defaultTools }), - // When MCP servers are configured and auto-approve is enabled, use bypassPermissions - permissionMode: shouldBypassPermissions ? 'bypassPermissions' : 'default', - // Required when using bypassPermissions mode - ...(shouldBypassPermissions && { allowDangerouslySkipPermissions: true }), + // AUTONOMOUS MODE: Always bypass permissions and allow dangerous operations + permissionMode: 'bypassPermissions', + allowDangerouslySkipPermissions: true, abortController, // Resume existing SDK session if we have a session ID ...(sdkSessionId && conversationHistory && conversationHistory.length > 0 diff --git a/apps/server/src/routes/enhance-prompt/routes/enhance.ts b/apps/server/src/routes/enhance-prompt/routes/enhance.ts index ad6e9602..744a67b0 100644 --- a/apps/server/src/routes/enhance-prompt/routes/enhance.ts +++ b/apps/server/src/routes/enhance-prompt/routes/enhance.ts @@ -164,7 +164,9 @@ export function createEnhanceHandler( systemPrompt, maxTurns: 1, allowedTools: [], - permissionMode: 'acceptEdits', + // AUTONOMOUS MODE: Always bypass permissions + permissionMode: 'bypassPermissions', + allowDangerouslySkipPermissions: true, }, }); diff --git a/apps/server/src/routes/features/routes/generate-title.ts b/apps/server/src/routes/features/routes/generate-title.ts index 1225a825..49c59801 100644 --- a/apps/server/src/routes/features/routes/generate-title.ts +++ b/apps/server/src/routes/features/routes/generate-title.ts @@ -96,7 +96,9 @@ export function createGenerateTitleHandler(): (req: Request, res: Response) => P systemPrompt: SYSTEM_PROMPT, maxTurns: 1, allowedTools: [], - permissionMode: 'acceptEdits', + // AUTONOMOUS MODE: Always bypass permissions + permissionMode: 'bypassPermissions', + allowDangerouslySkipPermissions: true, }, }); diff --git a/apps/server/src/services/agent-service.ts b/apps/server/src/services/agent-service.ts index c507d81b..6fbe7744 100644 --- a/apps/server/src/services/agent-service.ts +++ b/apps/server/src/services/agent-service.ts @@ -23,7 +23,6 @@ import { getEnableSandboxModeSetting, filterClaudeMdFromContext, getMCPServersFromSettings, - getMCPPermissionSettings, getPromptCustomization, } from '../lib/settings-helpers.js'; @@ -235,9 +234,6 @@ export class AgentService { // Load MCP servers from settings (global setting only) const mcpServers = await getMCPServersFromSettings(this.settingsService, '[AgentService]'); - // Load MCP permission settings (global setting only) - const mcpPermissions = await getMCPPermissionSettings(this.settingsService, '[AgentService]'); - // Load project context files (CLAUDE.md, CODE_QUALITY.md, etc.) const contextResult = await loadContextFiles({ projectPath: effectiveWorkDir, @@ -264,8 +260,6 @@ export class AgentService { autoLoadClaudeMd, enableSandboxMode, mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, }); // Extract model, maxTurns, and allowedTools from SDK options @@ -290,8 +284,6 @@ export class AgentService { sandbox: sdkOptions.sandbox, // Pass sandbox configuration sdkSessionId: session.sdkSessionId, // Pass SDK session ID for resuming mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, // Pass MCP servers configuration - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, // Pass MCP auto-approve setting - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, // Pass MCP unrestricted tools setting }; // Build prompt content with images diff --git a/apps/server/src/services/auto-mode-service.ts b/apps/server/src/services/auto-mode-service.ts index 54f2f8f1..a4e62778 100644 --- a/apps/server/src/services/auto-mode-service.ts +++ b/apps/server/src/services/auto-mode-service.ts @@ -38,7 +38,6 @@ import { getEnableSandboxModeSetting, filterClaudeMdFromContext, getMCPServersFromSettings, - getMCPPermissionSettings, getPromptCustomization, } from '../lib/settings-helpers.js'; @@ -2003,9 +2002,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set. // Load MCP servers from settings (global setting only) const mcpServers = await getMCPServersFromSettings(this.settingsService, '[AutoMode]'); - // Load MCP permission settings (global setting only) - const mcpPermissions = await getMCPPermissionSettings(this.settingsService, '[AutoMode]'); - // Build SDK options using centralized configuration for feature implementation const sdkOptions = createAutoModeOptions({ cwd: workDir, @@ -2014,8 +2010,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set. autoLoadClaudeMd, enableSandboxMode, mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, }); // Extract model, maxTurns, and allowedTools from SDK options @@ -2058,8 +2052,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set. settingSources: sdkOptions.settingSources, sandbox: sdkOptions.sandbox, // Pass sandbox configuration mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, // Pass MCP servers configuration - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, // Pass MCP auto-approve setting - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, // Pass MCP unrestricted tools setting }; // Execute via provider @@ -2291,8 +2283,6 @@ After generating the revised spec, output: allowedTools: allowedTools, abortController, mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, }); let revisionText = ''; @@ -2431,8 +2421,6 @@ After generating the revised spec, output: allowedTools: allowedTools, abortController, mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, }); let taskOutput = ''; @@ -2523,8 +2511,6 @@ Implement all the changes described in the plan above.`; allowedTools: allowedTools, abortController, mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, - mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, - mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, }); for await (const msg of continuationStream) { diff --git a/apps/server/tests/unit/lib/settings-helpers.test.ts b/apps/server/tests/unit/lib/settings-helpers.test.ts index 8af48580..a7096c55 100644 --- a/apps/server/tests/unit/lib/settings-helpers.test.ts +++ b/apps/server/tests/unit/lib/settings-helpers.test.ts @@ -1,5 +1,5 @@ import { describe, it, expect, vi, beforeEach } from 'vitest'; -import { getMCPServersFromSettings, getMCPPermissionSettings } from '@/lib/settings-helpers.js'; +import { getMCPServersFromSettings } from '@/lib/settings-helpers.js'; import type { SettingsService } from '@/services/settings-service.js'; // Mock the logger @@ -286,93 +286,4 @@ describe('settings-helpers.ts', () => { }); }); }); - - describe('getMCPPermissionSettings', () => { - beforeEach(() => { - vi.clearAllMocks(); - }); - - it('should return defaults when settingsService is null', async () => { - const result = await getMCPPermissionSettings(null); - expect(result).toEqual({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, - }); - }); - - it('should return defaults when settingsService is undefined', async () => { - const result = await getMCPPermissionSettings(undefined); - expect(result).toEqual({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, - }); - }); - - it('should return settings from service', async () => { - const mockSettingsService = { - getGlobalSettings: vi.fn().mockResolvedValue({ - mcpAutoApproveTools: false, - mcpUnrestrictedTools: false, - }), - } as unknown as SettingsService; - - const result = await getMCPPermissionSettings(mockSettingsService); - expect(result).toEqual({ - mcpAutoApproveTools: false, - mcpUnrestrictedTools: false, - }); - }); - - it('should default to true when settings are undefined', async () => { - const mockSettingsService = { - getGlobalSettings: vi.fn().mockResolvedValue({}), - } as unknown as SettingsService; - - const result = await getMCPPermissionSettings(mockSettingsService); - expect(result).toEqual({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, - }); - }); - - it('should handle mixed settings', async () => { - const mockSettingsService = { - getGlobalSettings: vi.fn().mockResolvedValue({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: false, - }), - } as unknown as SettingsService; - - const result = await getMCPPermissionSettings(mockSettingsService); - expect(result).toEqual({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: false, - }); - }); - - it('should return defaults and log error on exception', async () => { - const mockSettingsService = { - getGlobalSettings: vi.fn().mockRejectedValue(new Error('Settings error')), - } as unknown as SettingsService; - - const result = await getMCPPermissionSettings(mockSettingsService, '[Test]'); - expect(result).toEqual({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, - }); - // Logger will be called with error, but we don't need to assert it - }); - - it('should use custom log prefix', async () => { - const mockSettingsService = { - getGlobalSettings: vi.fn().mockResolvedValue({ - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, - }), - } as unknown as SettingsService; - - await getMCPPermissionSettings(mockSettingsService, '[CustomPrefix]'); - // Logger will be called with custom prefix, but we don't need to assert it - }); - }); }); diff --git a/apps/ui/src/components/views/settings-view/mcp-servers/components/index.ts b/apps/ui/src/components/views/settings-view/mcp-servers/components/index.ts index db49d81d..6903ba40 100644 --- a/apps/ui/src/components/views/settings-view/mcp-servers/components/index.ts +++ b/apps/ui/src/components/views/settings-view/mcp-servers/components/index.ts @@ -1,4 +1,3 @@ export { MCPServerHeader } from './mcp-server-header'; -export { MCPPermissionSettings } from './mcp-permission-settings'; export { MCPToolsWarning } from './mcp-tools-warning'; export { MCPServerCard } from './mcp-server-card'; diff --git a/apps/ui/src/components/views/settings-view/mcp-servers/components/mcp-permission-settings.tsx b/apps/ui/src/components/views/settings-view/mcp-servers/components/mcp-permission-settings.tsx deleted file mode 100644 index e65e25bb..00000000 --- a/apps/ui/src/components/views/settings-view/mcp-servers/components/mcp-permission-settings.tsx +++ /dev/null @@ -1,96 +0,0 @@ -import { ShieldAlert } from 'lucide-react'; -import { Label } from '@/components/ui/label'; -import { Switch } from '@/components/ui/switch'; -import { syncSettingsToServer } from '@/hooks/use-settings-migration'; -import { cn } from '@/lib/utils'; - -interface MCPPermissionSettingsProps { - mcpAutoApproveTools: boolean; - mcpUnrestrictedTools: boolean; - onAutoApproveChange: (checked: boolean) => void; - onUnrestrictedChange: (checked: boolean) => void; -} - -export function MCPPermissionSettings({ - mcpAutoApproveTools, - mcpUnrestrictedTools, - onAutoApproveChange, - onUnrestrictedChange, -}: MCPPermissionSettingsProps) { - const hasAnyEnabled = mcpAutoApproveTools || mcpUnrestrictedTools; - - return ( -
-
-
- { - onAutoApproveChange(checked); - await syncSettingsToServer(); - }} - data-testid="mcp-auto-approve-toggle" - className="mt-0.5" - /> -
- -

- When enabled, the AI agent can use MCP tools without permission prompts. -

- {mcpAutoApproveTools && ( -

- - Bypasses normal permission checks -

- )} -
-
- -
- { - onUnrestrictedChange(checked); - await syncSettingsToServer(); - }} - data-testid="mcp-unrestricted-toggle" - className="mt-0.5" - /> -
- -

- When enabled, the AI agent can use any tool, not just the default set. -

- {mcpUnrestrictedTools && ( -

- - Agent has full tool access including file writes and bash -

- )} -
-
- - {hasAnyEnabled && ( -
-

Security Note

-

- These settings reduce security restrictions for MCP tool usage. Only enable if you - trust all configured MCP servers. -

-
- )} -
-
- ); -} diff --git a/apps/ui/src/components/views/settings-view/mcp-servers/hooks/use-mcp-servers.ts b/apps/ui/src/components/views/settings-view/mcp-servers/hooks/use-mcp-servers.ts index a6cd83b4..615aa657 100644 --- a/apps/ui/src/components/views/settings-view/mcp-servers/hooks/use-mcp-servers.ts +++ b/apps/ui/src/components/views/settings-view/mcp-servers/hooks/use-mcp-servers.ts @@ -21,16 +21,7 @@ interface PendingServerData { } export function useMCPServers() { - const { - mcpServers, - addMCPServer, - updateMCPServer, - removeMCPServer, - mcpAutoApproveTools, - mcpUnrestrictedTools, - setMcpAutoApproveTools, - setMcpUnrestrictedTools, - } = useAppStore(); + const { mcpServers, addMCPServer, updateMCPServer, removeMCPServer } = useAppStore(); // State const [isAddDialogOpen, setIsAddDialogOpen] = useState(false); @@ -938,10 +929,6 @@ export function useMCPServers() { return { // Store state mcpServers, - mcpAutoApproveTools, - mcpUnrestrictedTools, - setMcpAutoApproveTools, - setMcpUnrestrictedTools, // Dialog state isAddDialogOpen, diff --git a/apps/ui/src/components/views/settings-view/mcp-servers/mcp-servers-section.tsx b/apps/ui/src/components/views/settings-view/mcp-servers/mcp-servers-section.tsx index 0cec3af4..5c06adbe 100644 --- a/apps/ui/src/components/views/settings-view/mcp-servers/mcp-servers-section.tsx +++ b/apps/ui/src/components/views/settings-view/mcp-servers/mcp-servers-section.tsx @@ -1,12 +1,7 @@ import { Plug } from 'lucide-react'; import { cn } from '@/lib/utils'; import { useMCPServers } from './hooks'; -import { - MCPServerHeader, - MCPPermissionSettings, - MCPToolsWarning, - MCPServerCard, -} from './components'; +import { MCPServerHeader, MCPToolsWarning, MCPServerCard } from './components'; import { AddEditServerDialog, DeleteServerDialog, @@ -20,10 +15,6 @@ export function MCPServersSection() { const { // Store state mcpServers, - mcpAutoApproveTools, - mcpUnrestrictedTools, - setMcpAutoApproveTools, - setMcpUnrestrictedTools, // Dialog state isAddDialogOpen, @@ -98,15 +89,6 @@ export function MCPServersSection() { onAdd={handleOpenAddDialog} /> - {mcpServers.length > 0 && ( - - )} - {showToolsWarning && }
diff --git a/apps/ui/src/hooks/use-settings-migration.ts b/apps/ui/src/hooks/use-settings-migration.ts index 7abc86c2..3f7df977 100644 --- a/apps/ui/src/hooks/use-settings-migration.ts +++ b/apps/ui/src/hooks/use-settings-migration.ts @@ -230,8 +230,6 @@ export async function syncSettingsToServer(): Promise { keyboardShortcuts: state.keyboardShortcuts, aiProfiles: state.aiProfiles, mcpServers: state.mcpServers, - mcpAutoApproveTools: state.mcpAutoApproveTools, - mcpUnrestrictedTools: state.mcpUnrestrictedTools, promptCustomization: state.promptCustomization, projects: state.projects, trashedProjects: state.trashedProjects, @@ -336,12 +334,10 @@ export async function loadMCPServersFromServer(): Promise { } const mcpServers = result.settings.mcpServers || []; - const mcpAutoApproveTools = result.settings.mcpAutoApproveTools ?? true; - const mcpUnrestrictedTools = result.settings.mcpUnrestrictedTools ?? true; // Clear existing and add all from server // We need to update the store directly since we can't use hooks here - useAppStore.setState({ mcpServers, mcpAutoApproveTools, mcpUnrestrictedTools }); + useAppStore.setState({ mcpServers }); console.log(`[Settings Load] Loaded ${mcpServers.length} MCP servers from server`); return true; diff --git a/apps/ui/src/lib/http-api-client.ts b/apps/ui/src/lib/http-api-client.ts index 32bd88f8..93ed4317 100644 --- a/apps/ui/src/lib/http-api-client.ts +++ b/apps/ui/src/lib/http-api-client.ts @@ -1438,8 +1438,6 @@ export class HttpApiClient implements ElectronAPI { headers?: Record; enabled?: boolean; }>; - mcpAutoApproveTools?: boolean; - mcpUnrestrictedTools?: boolean; }; error?: string; }> => this.get('/api/settings/global'), diff --git a/apps/ui/src/store/app-store.ts b/apps/ui/src/store/app-store.ts index a57e4d93..ac0ba291 100644 --- a/apps/ui/src/store/app-store.ts +++ b/apps/ui/src/store/app-store.ts @@ -491,8 +491,6 @@ export interface AppState { // MCP Servers mcpServers: MCPServerConfig[]; // List of configured MCP servers for agent use - mcpAutoApproveTools: boolean; // Auto-approve MCP tool calls without permission prompts - mcpUnrestrictedTools: boolean; // Allow unrestricted tools when MCP servers are enabled // Prompt Customization promptCustomization: PromptCustomization; // Custom prompts for Auto Mode, Agent, Backlog Plan, Enhancement @@ -777,8 +775,6 @@ export interface AppActions { setAutoLoadClaudeMd: (enabled: boolean) => Promise; setEnableSandboxMode: (enabled: boolean) => Promise; setSkipSandboxWarning: (skip: boolean) => Promise; - setMcpAutoApproveTools: (enabled: boolean) => Promise; - setMcpUnrestrictedTools: (enabled: boolean) => Promise; // Prompt Customization actions setPromptCustomization: (customization: PromptCustomization) => Promise; @@ -980,8 +976,6 @@ const initialState: AppState = { enableSandboxMode: false, // Default to disabled (can be enabled for additional security) skipSandboxWarning: false, // Default to disabled (show sandbox warning dialog) mcpServers: [], // No MCP servers configured by default - mcpAutoApproveTools: true, // Default to enabled - bypass permission prompts for MCP tools - mcpUnrestrictedTools: true, // Default to enabled - don't filter allowedTools when MCP enabled promptCustomization: {}, // Empty by default - all prompts use built-in defaults aiProfiles: DEFAULT_AI_PROFILES, projectAnalysis: null, @@ -1632,19 +1626,6 @@ export const useAppStore = create()( const { syncSettingsToServer } = await import('@/hooks/use-settings-migration'); await syncSettingsToServer(); }, - setMcpAutoApproveTools: async (enabled) => { - set({ mcpAutoApproveTools: enabled }); - // Sync to server settings file - const { syncSettingsToServer } = await import('@/hooks/use-settings-migration'); - await syncSettingsToServer(); - }, - setMcpUnrestrictedTools: async (enabled) => { - set({ mcpUnrestrictedTools: enabled }); - // Sync to server settings file - const { syncSettingsToServer } = await import('@/hooks/use-settings-migration'); - await syncSettingsToServer(); - }, - // Prompt Customization actions setPromptCustomization: async (customization) => { set({ promptCustomization: customization }); @@ -2933,8 +2914,6 @@ export const useAppStore = create()( skipSandboxWarning: state.skipSandboxWarning, // MCP settings mcpServers: state.mcpServers, - mcpAutoApproveTools: state.mcpAutoApproveTools, - mcpUnrestrictedTools: state.mcpUnrestrictedTools, // Prompt customization promptCustomization: state.promptCustomization, // Profiles and sessions diff --git a/libs/types/src/provider.ts b/libs/types/src/provider.ts index 917b8491..c053da31 100644 --- a/libs/types/src/provider.ts +++ b/libs/types/src/provider.ts @@ -71,8 +71,6 @@ export interface ExecuteOptions { maxTurns?: number; allowedTools?: string[]; mcpServers?: Record; - mcpAutoApproveTools?: boolean; // Auto-approve MCP tool calls without permission prompts - mcpUnrestrictedTools?: boolean; // Allow unrestricted tools when MCP servers are enabled abortController?: AbortController; conversationHistory?: ConversationMessage[]; // Previous messages for context sdkSessionId?: string; // Claude SDK session ID for resuming conversations diff --git a/libs/types/src/settings.ts b/libs/types/src/settings.ts index 309703ce..cc4b7f7c 100644 --- a/libs/types/src/settings.ts +++ b/libs/types/src/settings.ts @@ -359,10 +359,6 @@ export interface GlobalSettings { // MCP Server Configuration /** List of configured MCP servers for agent use */ mcpServers: MCPServerConfig[]; - /** Auto-approve MCP tool calls without permission prompts (uses bypassPermissions mode) */ - mcpAutoApproveTools?: boolean; - /** Allow unrestricted tools when MCP servers are enabled (don't filter allowedTools) */ - mcpUnrestrictedTools?: boolean; // Prompt Customization /** Custom prompts for Auto Mode, Agent Runner, Backlog Planning, and Enhancements */ @@ -535,10 +531,6 @@ export const DEFAULT_GLOBAL_SETTINGS: GlobalSettings = { enableSandboxMode: false, skipSandboxWarning: false, mcpServers: [], - // Default to true for autonomous workflow. Security is enforced when adding servers - // via the security warning dialog that explains the risks. - mcpAutoApproveTools: true, - mcpUnrestrictedTools: true, }; /** Default credentials (empty strings - user must provide API keys) */