fix: mcp agent policies and deduplicate blocks when merging unrolled assistants (#8376)

* fix: deduplicate blocks when merging config yaml

* fix: tool policies for mcp servers in agent mode

* fix: syntax error

* fix: cli tests

* fix: don't log

* fix: lint/format

* fix: better comments for tool policies

* fix: one test left

* fix: failing services test

* fix: lint and format

Author: RomneyDa

extensions/cli/src/onboarding.test.ts

@@ -108,11 +108,8 @@ name: "Incomplete Config"
   });
 
   test("should handle empty string config path", async () => {
-    // Empty string should be treated differently from undefined
-    // Note: empty string triggers onboarding flow, but should still fail in our error format
-    await expect(
-      initializeWithOnboarding(mockAuthConfig, ""),
-    ).rejects.toThrow();
+    // Loads default agent with no error
+    await initializeWithOnboarding(mockAuthConfig, "");
   });
 
   test("should not fall back to default config when explicit config fails", async () => {

extensions/cli/src/services/MCPService.ts

@@ -52,7 +52,7 @@ export class MCPService
   private isShuttingDown = false;
 
   getDependencies(): string[] {
-    return [SERVICE_NAMES.AUTH, SERVICE_NAMES.API_CLIENT, SERVICE_NAMES.CONFIG];
+    return [SERVICE_NAMES.CONFIG];
   }
   constructor() {
     super("MCPService", {

extensions/cli/src/services/ToolPermissionService.ts

@@ -1,4 +1,4 @@
-import { parseAgentFileTools } from "@continuedev/config-yaml";
+import { ALL_BUILT_IN_TOOLS } from "src/tools/allBuiltIns.js";
 
 import { ensurePermissionsYamlExists } from "../permissions/permissionsYamlLoader.js";
 import { resolvePermissionPrecedence } from "../permissions/precedenceResolver.js";
@@ -11,7 +11,11 @@ import { logger } from "../util/logger.js";
 
 import { BaseService, ServiceWithDependencies } from "./BaseService.js";
 import { serviceContainer } from "./ServiceContainer.js";
-import { AgentFileServiceState, SERVICE_NAMES } from "./types.js";
+import {
+  AgentFileServiceState,
+  MCPServiceState,
+  SERVICE_NAMES,
+} from "./types.js";
 
 export interface InitializeToolServiceOverrides {
   allow?: string[];
@@ -61,55 +65,94 @@ export class ToolPermissionService
    * Declare dependencies on other services
    */
   getDependencies(): string[] {
-    return [SERVICE_NAMES.AGENT_FILE];
+    return [SERVICE_NAMES.AGENT_FILE, SERVICE_NAMES.MCP];
   }
 
   /**
    * Generate agent-file-specific policies if an agent file is active
    */
-  private generateAgentFilePolicies(
+  generateAgentFilePolicies(
     agentFileServiceState?: AgentFileServiceState,
+    mcpServiceState?: MCPServiceState,
   ): undefined | ToolPermissionPolicy[] {
-    if (!agentFileServiceState?.agentFile?.tools) {
+    const parsedTools = agentFileServiceState?.parsedTools;
+    if (!parsedTools?.tools.length) {
       return undefined;
     }
 
-    const parsedTools = parseAgentFileTools(
-      agentFileServiceState.agentFile.tools,
-    );
-    if (parsedTools.tools.length === 0) {
-      return undefined;
-    }
     const policies: ToolPermissionPolicy[] = [];
+    const servers = Array.from(mcpServiceState?.connections?.values() ?? []);
+    for (const mcpServer of parsedTools.mcpServers) {
+      const server = servers?.find(
+        (s) => s.config?.sourceSlug && s.config.sourceSlug === mcpServer,
+      );
+      if (!server) {
+        logger.warn("No connected MCP server found ");
+        continue;
+      }
+
+      const specificTools = parsedTools.tools.filter(
+        (t) => t.mcpServer && t.toolName && t.mcpServer === mcpServer,
+      );
 
-    for (const toolRef of parsedTools.tools) {
-      if (toolRef.mcpServer) {
-        if (toolRef.toolName) {
-          policies.push({
-            tool: `mcp:${toolRef.mcpServer}:${toolRef.toolName}`,
-            permission: "allow",
-          });
-        } else {
-          policies.push({
-            tool: `mcp:${toolRef.mcpServer}:*`,
-            permission: "allow",
-          });
-        }
-      } else if (toolRef.toolName) {
-        policies.push({ tool: toolRef.toolName, permission: "allow" });
+      // In the `tools` key of an agent is comma separated strings like
+      // mcp/server, mcp/server2:tool_name, Bash
+      // - this would give the agent access to ALL tools from mcp/server, ONLY tool_name from mcp/server2, and Bash, and no other tools
+      // mcp/server
+      // - this would give the agent access to ALL tools from mcp/server, and no built-ins
+      // built_in, mcp/server
+      // - "built_in" keyword can be used to include all built ins
+      // Blank = all built-in tools
+
+      // Handle MCP first
+      // If ANY mcp tools are specifically called out, only allow those ones for that mcp server
+      // Otherwise the blanket allow will cover all MCP tools
+      if (specificTools.length) {
+        const specificSet = new Set(specificTools.map((t) => t.toolName));
+        const notMentioned = server.tools.filter(
+          (t) => !specificSet.has(t.name),
+        );
+        const allowed: ToolPermissionPolicy[] = specificTools.map((t) => ({
+          tool: t.toolName!,
+          permission: "allow",
+        }));
+        policies.push(...allowed);
+        const disallowed: ToolPermissionPolicy[] = notMentioned.map((t) => ({
+          tool: t.name,
+          permission: "exclude",
+        }));
+        policies.push(...disallowed);
       }
     }
 
-    if (policies.length > 0) {
-      logger.debug(`Generated ${policies.length} agent file tool policies`);
+    // If mcp servers or specific built-in tools are specified
+    // then we only inclue listed built-in tools and exclude all others
+    const hasMcp = !!parsedTools.mcpServers?.length;
+    const specificBuiltIns = parsedTools.tools
+      .filter((t) => !t.mcpServer)
+      .map((t) => t.toolName!);
+    if (specificBuiltIns.length || (hasMcp && !parsedTools.allBuiltIn)) {
+      const allowed: ToolPermissionPolicy[] = specificBuiltIns.map((tool) => ({
+        tool,
+        permission: "allow",
+      }));
+      policies.push(...allowed);
+      const specificBuiltInSet = new Set(specificBuiltIns);
+      const notMentioned = ALL_BUILT_IN_TOOLS.map((t) => t.name).filter(
+        (name) => !specificBuiltInSet.has(name),
+      );
+      const disallowed: ToolPermissionPolicy[] = notMentioned.map((tool) => ({
+        tool,
+        permission: "exclude",
+      }));
+      policies.push(...disallowed);
     }
 
-    if (parsedTools.allBuiltIn) {
-      policies.push({ tool: "*", permission: "allow" });
-      policies.push({ tool: "mcp:*", permission: "exclude" });
-    } else {
-      policies.push({ tool: "*", permission: "exclude" });
-    }
+    // Allow all other tools
+    policies.push({
+      tool: "*",
+      permission: "allow",
+    });
 
     return policies;
   }
@@ -165,6 +208,7 @@ export class ToolPermissionService
   initializeSync(
     runtimeOverrides?: InitializeToolServiceOverrides,
     agentFileServiceState?: AgentFileServiceState,
+    mcpServiceState?: MCPServiceState,
   ): ToolPermissionServiceState {
     logger.debug("Synchronously initializing ToolPermissionService");
 
@@ -180,6 +224,7 @@ export class ToolPermissionService
 
     const agentFilePolicies = this.generateAgentFilePolicies(
       agentFileServiceState,
+      mcpServiceState,
     );
     const modePolicies = this.generateModePolicies();
 
@@ -224,11 +269,16 @@ export class ToolPermissionService
   async doInitialize(
     runtimeOverrides?: InitializeToolServiceOverrides,
     agentFileServiceState?: AgentFileServiceState,
+    mcpServiceState?: MCPServiceState,
   ): Promise<ToolPermissionServiceState> {
     await ensurePermissionsYamlExists();
 
     // Use the synchronous version after ensuring the file exists
-    return this.initializeSync(runtimeOverrides, agentFileServiceState);
+    return this.initializeSync(
+      runtimeOverrides,
+      agentFileServiceState,
+      mcpServiceState,
+    );
   }
 
   /**

extensions/cli/src/services/index.test.ts

@@ -1,71 +1,10 @@
-import { Configuration, DefaultApi } from "@continuedev/sdk/dist/api";
 import { vi } from "vitest";
 
-import { initializeServices, services } from "./index.js";
-
-// Mock the onboarding module
-vi.mock("../onboarding.js", () => ({
-  initializeWithOnboarding: vi.fn().mockResolvedValue({ wasOnboarded: false }),
-  createOrUpdateConfig: vi.fn().mockResolvedValue(undefined),
-}));
+import { MCPService } from "./MCPService.js";
 
-// Mock auth module
-vi.mock("../auth/workos.js", () => ({
-  loadAuthConfig: vi.fn().mockReturnValue({}),
-  getConfigUri: vi.fn().mockReturnValue(null),
-}));
-
-// Mock the config loader
-vi.mock("../configLoader.js", () => ({
-  loadConfiguration: vi.fn().mockResolvedValue({
-    config: { name: "test", version: "1.0.0" },
-    source: { type: "test" },
-  }),
-}));
+import { initializeServices, services } from "./index.js";
 
 describe("initializeServices", () => {
-  // let mockToolPermissionsService: any;
-
-  beforeEach(() => {
-    // Reset all mocks
-    vi.clearAllMocks();
-
-    // Mock service methods to avoid actual initialization
-    vi.spyOn(services.auth, "initialize").mockResolvedValue({
-      authConfig: {
-        accessToken: "",
-        expiresAt: 123,
-        organizationId: "",
-        refreshToken: "",
-        userEmail: "",
-      },
-      isAuthenticated: false,
-    });
-    vi.spyOn(services.apiClient, "initialize").mockResolvedValue({
-      apiClient: new DefaultApi(
-        new Configuration({
-          basePath: "",
-          accessToken: "",
-        }),
-      ),
-    });
-    vi.spyOn(services.agentFile, "initialize").mockResolvedValue({
-      slug: null,
-      agentFile: null,
-      agentFileModel: null,
-      parsedRules: null,
-      parsedTools: null,
-    });
-    vi.spyOn(services.config, "initialize").mockResolvedValue({
-      config: { name: "test", version: "1.0.0" },
-      configPath: undefined,
-    });
-  });
-
-  afterEach(() => {
-    vi.restoreAllMocks();
-  });
-
   describe("mode conversion", () => {
     it("should pass only auto flag for auto mode", async () => {
       const spy = vi.spyOn(services.toolPermissions, "initialize");
@@ -94,6 +33,12 @@ describe("initializeServices", () => {
           parsedRules: null,
           parsedTools: null,
         },
+        {
+          connections: [],
+          mcpService: expect.any(MCPService),
+          prompts: [],
+          tools: [],
+        },
       );
     });
   });

extensions/cli/src/services/index.ts

@@ -113,9 +113,10 @@ export async function initializeServices(initOptions: ServiceInitOptions = {}) {
   serviceContainer.register(
     SERVICE_NAMES.TOOL_PERMISSIONS,
     async () => {
-      const agentFileState = await serviceContainer.get<AgentFileServiceState>(
-        SERVICE_NAMES.AGENT_FILE,
-      );
+      const [mcpState, agentFileState] = await Promise.all([
+        serviceContainer.get<AuthServiceState>(SERVICE_NAMES.MCP),
+        serviceContainer.get<AgentFileServiceState>(SERVICE_NAMES.AGENT_FILE),
+      ]);
 
       // Initialize mode service with tool permission overrides
       if (initOptions.toolPermissionOverrides) {
@@ -128,24 +129,28 @@ export async function initializeServices(initOptions: ServiceInitOptions = {}) {
           exclude: overrides.exclude,
           isHeadless: initOptions.headless,
         };
-
         // Only set the boolean flag that corresponds to the mode
         if (overrides.mode) {
           initArgs.mode = overrides.mode;
         }
         // If mode is "normal" or undefined, no flags are set
-        return await toolPermissionService.initialize(initArgs, agentFileState);
+        return await toolPermissionService.initialize(
+          initArgs,
+          agentFileState,
+          mcpState,
+        );
       } else {
         // Even if no overrides, we need to initialize with defaults
         return await toolPermissionService.initialize(
           {
             isHeadless: initOptions.headless,
           },
           agentFileState,
+          mcpState,
         );
       }
     },
-    [SERVICE_NAMES.AGENT_FILE],
+    [SERVICE_NAMES.AGENT_FILE, SERVICE_NAMES.MCP],
   );
 
   // Initialize SystemMessageService with command options
@@ -257,7 +262,10 @@ export async function initializeServices(initOptions: ServiceInitOptions = {}) {
       if (!configState.config) {
         throw new Error("Config not available for MCP service");
       }
-      return mcpService.initialize(configState.config, initOptions.headless);
+      return mcpService.initialize(
+        configState.config,
+        initOptions.headless || initOptions.options?.agent,
+      );
     },
     [SERVICE_NAMES.CONFIG], // Depends on config
   );

extensions/cli/src/tools/allBuiltIns.ts

@@ -0,0 +1,26 @@
+import { editTool } from "./edit.js";
+import { exitTool } from "./exit.js";
+import { fetchTool } from "./fetch.js";
+import { listFilesTool } from "./listFiles.js";
+import { multiEditTool } from "./multiEdit.js";
+import { readFileTool } from "./readFile.js";
+import { runTerminalCommandTool } from "./runTerminalCommand.js";
+import { searchCodeTool } from "./searchCode.js";
+import { statusTool } from "./status.js";
+import { writeChecklistTool } from "./writeChecklist.js";
+import { writeFileTool } from "./writeFile.js";
+
+// putting in here for circular import issue
+export const ALL_BUILT_IN_TOOLS = [
+  readFileTool,
+  editTool,
+  multiEditTool,
+  writeFileTool,
+  listFilesTool,
+  searchCodeTool,
+  runTerminalCommandTool,
+  fetchTool,
+  writeChecklistTool,
+  exitTool,
+  statusTool,
+];