How does MCP permission friction affect developer adoption?

It is cited as a key reason developers find "Claude Code is higher quality but unusable" vs Codex. Friction on zero-risk reads disrupts exploration and research workflows.

Why does Claude Desktop require approval for read-only MCP tools?

The MCP-in-Desktop integration triggers approval dialogs for every tool call including zero-risk reads. The CLI auto-allows these same tools. The inconsistency is a known product gap.

How many permission prompts does a research task trigger?

Dozens. A typical research task with Read, Grep, WebSearch, and WebFetch calls can trigger 20-50 approval dialogs in a single session with MCP tools in Claude Desktop.

What is claude_autoapprove_mcp?

A community MCP server that injected JavaScript into Claude Desktop to enable permanent tool approval configuration. Archived March 2026 as Anthropic changed the approval UX.

Did Anthropic fix the MCP permission friction?

GitHub issue #25966 was closed as "not planned" Feb 2026. Partial changes to approval UX happened but per-tool permanent auto-approval for read-only tools has not shipped as a native feature.

← Back to dashboard

clawsmith.com/signal/mcp-read-only-permission-friction

⚠ IssueWide OpenToolLive

Claude Desktop MCP Permission Prompt Hell: Read-Only Tool Calls Require Manual Approval Every Time

When Claude Code runs as MCP server inside Claude Desktop, every tool call — including zero-risk read-only tools like Read, Grep, Glob, WebSearch, WebFetch — requires manual permission approval. A single research task triggers dozens of prompts. The CLI already auto-allows these. Community workaround repo (claude_autoapprove_mcp) shipped and was archived as Anthropic changed approval behavior. GitHub issue #25966 filed Feb 2026. Top developer complaint driving "Claude Code is unusable" sentiment vs Codex.

Product Idea from this Signal

A CLI tool that dynamically prunes and caches MCP tool schemas per request to cut agent context bloat

1.1k ▲

Every MCP connection injects its full tool schema into the context window before any agent reasoning happens. Connecting 5 servers burns 50k+ tokens on definitions alone, 40-60% of a typical context budget gone before the first tool call. Existing fixes are partial: Atlassian mcp-compressor does static compression but cannot do dynamic per-request selection; Claude Code Tool Search cuts only 46.9%; Context Mode cannot intercept third-party MCP tool responses. This CLI proxy sits between the agent and all connected MCP servers, dynamically selecting only the schema slice relevant to the current request using lightweight semantic matching, caching permission profiles so read-only tools auto-approve, and compressing the remaining schema at request time. The result is a single local proxy that cuts context overhead by 80-95% and eliminates approval friction for pre-cleared tool categories without requiring changes to individual MCP servers or the host client.

mcpdeveloper-toolscontext-windowtoken-optimizationcli-proxyai-agentspermission-management

Competitive148 leadsView Opportunity →