"alwaysAllow" in mcp.json not honored for custom MCP servers #6298
Description
Description:
The alwaysAllow field in ~/.aws/amazonq/mcp.json is not respected for custom MCP servers. Despite configuring explicit tool names in alwaysAllow, Q Developer still prompts for permission on every tool invocation.
Config used:
" custom-agent": {
"command": "python",
"args": ["path/to/server.py"],
"timeout": 180000,
"disabled": false,
"alwaysAllow": [
"index_docs",
"search_docs",
"generate_yaml",
"run_script"
]
}
Steps to Reproduce:
Add a custom MCP server to ~/.aws/amazonq/mcp.json with alwaysAllow listing specific tool names
Fully restart PyCharm
Open Amazon Q chat and send a prompt that triggers one of the listed tools
Permission prompt appears despite tool being in alwaysAllow
Expected Behavior:
Tools listed in alwaysAllow should execute without any permission prompt.
Actual Behavior:
Permission prompt appears for every tool call regardless of alwaysAllow configuration.
Additional Notes:
Also tested with "alwaysAllow": [{"preset": "all"}] — same result, prompt still appears
mcp.json is also being silently overwritten by the IDE when MCP settings are opened, stripping the alwaysAllow field entirely — this may be a related issue
Workaround: manually click "Run" on every tool invocation
Impact:
Breaks agentic workflows that chain multiple MCP tool calls. An end-to-end pipeline (index_docs → search_docs → generate_yaml) requires 3 separate manual approvals, defeating the purpose of autonomous agent orchestration.