( serverName: string, )
| 349 | } |
| 350 | |
| 351 | export function getProjectMcpServerStatus( |
| 352 | serverName: string, |
| 353 | ): 'approved' | 'rejected' | 'pending' { |
| 354 | const settings = getSettings_DEPRECATED() |
| 355 | const normalizedName = normalizeNameForMCP(serverName) |
| 356 | |
| 357 | // TODO: This fails an e2e test if the ?. is not present. This is likely a bug in the e2e test. |
| 358 | // Will fix this in a follow-up PR. |
| 359 | if ( |
| 360 | settings?.disabledMcpjsonServers?.some( |
| 361 | name => normalizeNameForMCP(name) === normalizedName, |
| 362 | ) |
| 363 | ) { |
| 364 | return 'rejected' |
| 365 | } |
| 366 | |
| 367 | if ( |
| 368 | settings?.enabledMcpjsonServers?.some( |
| 369 | name => normalizeNameForMCP(name) === normalizedName, |
| 370 | ) || |
| 371 | settings?.enableAllProjectMcpServers |
| 372 | ) { |
| 373 | return 'approved' |
| 374 | } |
| 375 | |
| 376 | // In bypass permissions mode (--dangerously-skip-permissions), there's no way |
| 377 | // to show an approval popup. Auto-approve if projectSettings is enabled since |
| 378 | // the user has explicitly chosen to bypass all permission checks. |
| 379 | // SECURITY: We intentionally only check skipDangerousModePermissionPrompt via |
| 380 | // hasSkipDangerousModePermissionPrompt(), which reads from userSettings/localSettings/ |
| 381 | // flagSettings/policySettings but NOT projectSettings (repo-level .claude/settings.json). |
| 382 | // This is intentional: a repo should not be able to accept the bypass dialog on behalf of |
| 383 | // users. We also do NOT check getSessionBypassPermissionsMode() here because |
| 384 | // sessionBypassPermissionsMode can be set from project settings before the dialog is shown, |
| 385 | // which would allow RCE attacks via malicious project settings. |
| 386 | if ( |
| 387 | hasSkipDangerousModePermissionPrompt() && |
| 388 | isSettingSourceEnabled('projectSettings') |
| 389 | ) { |
| 390 | return 'approved' |
| 391 | } |
| 392 | |
| 393 | // In non-interactive mode (SDK, claude -p, piped input), there's no way to |
| 394 | // show an approval popup. Auto-approve if projectSettings is enabled since: |
| 395 | // 1. The user/developer explicitly chose to run in this mode |
| 396 | // 2. For SDK, projectSettings is off by default - they must explicitly enable it |
| 397 | // 3. For -p mode, the help text warns to only use in trusted directories |
| 398 | if ( |
| 399 | getIsNonInteractiveSession() && |
| 400 | isSettingSourceEnabled('projectSettings') |
| 401 | ) { |
| 402 | return 'approved' |
| 403 | } |
| 404 | |
| 405 | return 'pending' |
| 406 | } |
| 407 | |
| 408 | /** |
no test coverage detected