Skip to content

Allow MCP/Bash tools by default in headless mode #9538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RomneyDa merged 4 commits into from
Jan 15, 2026
Merged

Allow MCP/Bash tools by default in headless mode #9538

RomneyDa merged 4 commits into from
Jan 15, 2026

Conversation

@RomneyDa
Copy link
Collaborator

@RomneyDa RomneyDa commented Jan 14, 2026
edited by continue bot
Loading

Summary

MCP tools are now allowed by default in both headless and interactive modes by adding an explicit policy for mcp__* pattern with allow permission.

Inspired by @aaronlippold's work here #9327

Problem

Previously, MCP tools fell under the wildcard * policy which defaults to ask permission. In headless mode, tools with ask permission are filtered out to prevent the AI from seeing tools it cannot call. This caused MCP tools to be unavailable in headless mode unless explicitly allowed via command-line flags or agent file configuration.

Solution

Added an explicit default policy for MCP tools (mcp__* pattern) with allow permission before the wildcard fallback policy.

With this change:

  • ✅ MCP tools work in both headless and interactive modes by default
  • ✅ No need to explicitly allow them with --allow flag
  • ✅ Consistent behavior with agent files which already allow MCP tools
  • ✅ Maintains security for other unmatched tools (still ask by default)

Changes

  1. defaultPolicies.ts: Added { tool: "mcp__*", permission: "allow" } policy
  2. defaultPolicies.test.ts: Added tests to verify MCP tools are allowed and positioned correctly
  3. README.md: Updated documentation to reflect new default behavior

Testing

  • Added unit tests to verify the mcp__* policy exists with allow permission
  • Added test to verify policy ordering (MCP policy comes before wildcard)
  • Existing tests for mcp__* pattern matching already verify the permission checker works correctly

This task was co-authored by dallin and Continue.

Continue Tasks

Status Task Actions
▶️ Queued Update docs on PR View
▶️ Queued Optimize Website Performance View

Powered by Continue

@RomneyDa RomneyDa requested a review from a team as a code owner January 14, 2026 22:32
@RomneyDa RomneyDa requested review from Patrick-Erichsen and removed request for a team January 14, 2026 22:32
@continue-staging
Copy link

continue-staging bot commented Jan 14, 2026

All Green - Keep your PRs mergeable

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

4 similar comments
@continue
Copy link
Contributor

continue bot commented Jan 14, 2026

All Green - Keep your PRs mergeable

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

@continue-development-app
Copy link

continue-development-app bot commented Jan 14, 2026

All Green - Keep your PRs mergeable

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

@continue-development-app
Copy link

continue-development-app bot commented Jan 14, 2026

All Green - Keep your PRs mergeable

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

@continue-development-app
Copy link

continue-development-app bot commented Jan 14, 2026

All Green - Keep your PRs mergeable

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Jan 14, 2026
@github-actions
Copy link

github-actions bot commented Jan 14, 2026

⚠️ PR Title Format

Your PR title doesn't follow the conventional commit format, but this won't block your PR from being merged. We recommend using this format for better project organization.

Expected Format:

<type>[optional scope]: <description>

Examples:

  • feat: add changelog generation support
  • fix: resolve login redirect issue
  • docs: update README with new instructions
  • chore: update dependencies

Valid Types:

feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert

This helps with:

  • 📝 Automatic changelog generation
  • 🚀 Automated semantic versioning
  • 📊 Better project history tracking

This is a non-blocking warning - your PR can still be merged without fixing this.

@github-actions
Copy link

github-actions bot commented Jan 14, 2026
edited
Loading

✅ Review Complete

Code Review Summary

⚠️ Continue API authentication failed. Please check your CONTINUE_API_KEY.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@RomneyDa
Allow MCP tools in headless mode, ask in TUI mode
913d00b 
MCP tools now have context-aware permissions:
- In headless mode: automatically allowed (no user to ask)
- In TUI mode: require user confirmation (ask permission)

Previously, MCP tools fell under the wildcard '*' policy which defaults to
'ask' permission. In headless mode, tools with 'ask' permission are filtered
out to prevent the AI from seeing tools it cannot call. This caused MCP tools
to be unavailable in headless mode unless explicitly allowed via command-line
flags or agent file configuration.

Implementation:
- Added generateHeadlessPolicies() method to ToolPermissionService
- Headless policies inject 'mcp__*' allow policy before other policies
- Default policies keep MCP tools as 'ask' (appropriate for TUI mode)
- Headless policy only applies when isHeadless flag is true

Benefits:
- ✅ MCP tools work in headless mode without explicit --allow flags
- ✅ MCP tools still require confirmation in TUI mode for safety
- ✅ Consistent with agent file behavior
- ✅ Maintains security for other unmatched tools

Changes:
- Added generateHeadlessPolicies() in ToolPermissionService
- Updated initializeSync to include headless policies
- Added comprehensive tests for headless mode behavior
- Updated documentation to reflect context-aware permissions

Co-authored-by: dallin <dallin@continue.dev>
Generated with [Continue](https://continue.dev)

Co-Authored-By: Continue <noreply@continue.dev>
@RomneyDa RomneyDa force-pushed the allow-mcp-tools-headless branch from a0b3127 to 913d00b Compare January 14, 2026 23:13
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Jan 14, 2026
@RomneyDa RomneyDa changed the title Allow MCP tools by default in headless mode Allow MCP/Bash tools by default in headless mode Jan 15, 2026
sestinj
sestinj previously approved these changes Jan 15, 2026
View reviewed changes
@github-project-automation github-project-automation bot moved this from Todo to In Progress in Issues and PRs Jan 15, 2026
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jan 15, 2026
@RomneyDa RomneyDa mentioned this pull request Jan 15, 2026
Closed
3 tasks
@RomneyDa RomneyDa merged commit 0f48341 into main Jan 15, 2026
56 of 59 checks passed
@RomneyDa RomneyDa deleted the allow-mcp-tools-headless branch January 15, 2026 22:42
@github-project-automation github-project-automation bot moved this from In Progress to Done in Issues and PRs Jan 15, 2026
@github-actions github-actions bot locked and limited conversation to collaborators Jan 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@sestinj sestinj sestinj approved these changes

@Patrick-Erichsen Patrick-Erichsen Awaiting requested review from Patrick-Erichsen Patrick-Erichsen is a code owner automatically assigned from continuedev/continue-code-reviewers

Assignees

No one assigned

Labels

continue-agent lgtm This PR has been approved by a maintainer size:L This PR changes 100-499 lines, ignoring generated files.

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RomneyDa @sestinj