fix(ux): status-aware TOOL_BLOCKED + lock-badge polish (review #468 #1-#4)

claude · claude · commit 7aa683b2853f · 2026-05-18T14:46:09.000+03:00
#1 (bug): config-denied tools returned the generic 'Tool is disabled and not callable' over MCP — identical to a user-toggled tool, but the remediation differs (edit mcp_config.json vs a UI toggle that 409s). blockedToolMessage() now branches on IsToolConfigDenied and tells the agent it is operator policy, not user-overridable. Split into a pure blockedToolMessageFor(bool) with a dedicated unit test. #2: config-lock badges badge-error (red/alarming) -> badge-neutral + 🔒; a policy lock is not an error. #3: 'Enable All' toast now reports 'N tools remain locked by config' (client-side from config_denied; no API contract change). #4: unified copy — stray 'config locked' label -> '🔒 locked by config'. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/frontend/src/views/ServerDetail.vue b/frontend/src/views/ServerDetail.vue
@@ -390,9 +390,9 @@
                     </div>
                     <template v-if="isToolConfigDenied(tool.tool_name)">
                       <span
-                        class="badge badge-error badge-sm ml-4 self-center"
+                        class="badge badge-neutral badge-sm ml-4 self-center"
                         title="Tool is denied by mcp_config.json; approval has no effect while the config lock is active"
-                      >locked by config</span>
+                      >🔒 locked by config</span>
                     </template>
                     <button
                       v-else
@@ -496,9 +496,9 @@
                       >changed</span>
                       <span
                         v-if="isToolConfigDenied(tool.name)"
-                        class="badge badge-error badge-sm"
+                        class="badge badge-neutral badge-sm"
                         title="Disabled by mcp_config.json (enabled_tools / disabled_tools)"
-                      >locked by config</span>
+                      >🔒 locked by config</span>
                     </div>
                     <label
                       v-if="isToolToggleAvailable(tool.name)"
@@ -520,7 +520,7 @@
                       v-else-if="isToolConfigDenied(tool.name)"
                       class="text-xs text-base-content/40 shrink-0 italic"
                       title="Remove from disabled_tools or add to enabled_tools in mcp_config.json to unlock"
-                    >config locked</span>
+                    >🔒 locked by config</span>
                   </div>
                   <div
                     class="transition-opacity"
@@ -1943,12 +1943,22 @@ async function bulkToggleAllTools(enabled: boolean) {
     const response = await api.setAllToolsEnabled(server.value.name, enabled)
     if (response.success && response.data) {
       const changed = response.data.changed ?? 0
+      // "Enable All" intentionally skips tools the server config denies
+      // (enabled_tools/disabled_tools) — surface that so the user isn't
+      // left wondering why some toggles stayed locked.
+      const lockedByConfig = enabled
+        ? serverTools.value.filter(t => t.config_denied === true).length
+        : 0
+      const baseMsg = changed === 0
+        ? 'No tools needed changes.'
+        : `${changed} tool${changed === 1 ? '' : 's'} ${enabled ? 'enabled' : 'disabled'}.`
+      const lockedMsg = lockedByConfig > 0
+        ? ` ${lockedByConfig} tool${lockedByConfig === 1 ? '' : 's'} remain locked by config.`
+        : ''
       systemStore.addToast({
         type: 'success',
         title: enabled ? 'Tools Enabled' : 'Tools Disabled',
-        message: changed === 0
-          ? 'No tools needed changes.'
-          : `${changed} tool${changed === 1 ? '' : 's'} ${enabled ? 'enabled' : 'disabled'}.`,
+        message: baseMsg + lockedMsg,
       })
       // Refresh server data + tool caches so the per-tool toggle, the
       // "N disabled" pill, and the Server List both lose any staleness.
diff --git a/internal/server/mcp.go b/internal/server/mcp.go
@@ -1547,7 +1547,7 @@ func (p *MCPProxyServer) handleCallToolVariant(ctx context.Context, request mcp.
 	}
 
 	if !p.isToolCallable(serverName, actualToolName) {
-		errMsg := "TOOL_BLOCKED: Tool is disabled and not callable."
+		errMsg := p.blockedToolMessage(serverName, actualToolName)
 		p.emitActivityPolicyDecision(serverName, actualToolName, sessionID, "blocked", errMsg)
 		return mcp.NewToolResultError(errMsg), nil
 	}
@@ -1913,7 +1913,7 @@ func (p *MCPProxyServer) handleCallTool(ctx context.Context, request mcp.CallToo
 		zap.String("server_name", serverName))
 
 	if !p.isToolCallable(serverName, actualToolName) {
-		errMsg := "TOOL_BLOCKED: Tool is disabled and not callable."
+		errMsg := p.blockedToolMessage(serverName, actualToolName)
 		p.emitActivityPolicyDecision(serverName, actualToolName, sessionID, "blocked", errMsg)
 		return mcp.NewToolResultError(errMsg), nil
 	}
@@ -4604,6 +4604,31 @@ func (p *MCPProxyServer) isToolCallable(serverName, toolName string) bool {
 	return true
 }
 
+// blockedToolMessage returns an agent-actionable reason a tool is not callable.
+// It distinguishes operator config policy (enabled_tools/disabled_tools — NOT
+// user-overridable from the UI; a UI/API enable attempt 409s) from a user or
+// runtime disable, so an agent relays the correct remediation instead of
+// telling the user to toggle a switch that cannot lift the lock.
+func (p *MCPProxyServer) blockedToolMessage(serverName, toolName string) string {
+	configDenied := p.mainServer != nil && p.mainServer.runtime != nil &&
+		p.mainServer.runtime.IsToolConfigDenied(serverName, toolName)
+	return blockedToolMessageFor(configDenied)
+}
+
+// blockedToolMessageFor is the pure message-selection half of
+// blockedToolMessage, split out so the operator-policy vs user-disable wording
+// is unit-testable without standing up a runtime.
+func blockedToolMessageFor(configDenied bool) string {
+	if configDenied {
+		return "TOOL_BLOCKED: Tool is denied by server config (enabled_tools/disabled_tools). " +
+			"This is operator policy and is NOT user-overridable from the UI; " +
+			"ask the operator to edit mcp_config.json to enable it."
+	}
+	return "TOOL_BLOCKED: Tool is disabled and not callable. " +
+		"It may be disabled by the user or pending security approval; " +
+		"ask the user to enable it in the mcpproxy UI (Server detail → Tools)."
+}
+
 func (p *MCPProxyServer) lookupToolAnnotations(serverName, toolName string) *config.ToolAnnotations {
 	if p.mainServer == nil || p.mainServer.runtime == nil {
 		return nil
diff --git a/internal/server/mcp_blocked_tools_test.go b/internal/server/mcp_blocked_tools_test.go
@@ -188,3 +188,19 @@ func TestIsToolCallable_FailsClosedOnStorageError(t *testing.T) {
 	assert.False(t, proxy.isToolCallable("badstore", "fragile-tool"),
 		"isToolCallable must be fail-closed on storage decode errors")
 }
+
+func TestBlockedToolMessageFor(t *testing.T) {
+	cfgDenied := blockedToolMessageFor(true)
+	assert.Contains(t, cfgDenied, "TOOL_BLOCKED")
+	assert.Contains(t, cfgDenied, "enabled_tools/disabled_tools")
+	assert.Contains(t, cfgDenied, "NOT user-overridable")
+	assert.Contains(t, cfgDenied, "mcp_config.json")
+	// Must NOT tell the user to flip a UI toggle — that 409s for config-denied.
+	assert.NotContains(t, cfgDenied, "enable it in the mcpproxy UI")
+
+	userDisabled := blockedToolMessageFor(false)
+	assert.Contains(t, userDisabled, "TOOL_BLOCKED")
+	// Preserves the legacy substring existing tests/agents key off of.
+	assert.Contains(t, userDisabled, "Tool is disabled and not callable.")
+	assert.Contains(t, userDisabled, "enable it in the mcpproxy UI")
+}
