Skip to content

[FEATURE]:Plan mode should block MCP write tools, not just local file operations #32813

Description

@vaibhavlaturkar

Feature hasn't been suggested before.

  • I have verified this feature I'm about to request hasn't been suggested before.

Describe the enhancement you want to request

Problem

Plan mode currently restricts local file system operations (file edits, bash
commands) but does NOT restrict MCP tool calls. This means an agent in plan
mode can still write to external services like Jira, Confluence, GitHub, etc.

This gives users a false sense of safety — "I'm in plan mode so nothing will
change" — but external API writes go through unblocked.

Expected behaviour

In plan mode, all MCP tools that perform write operations (create, update,
delete) should be blocked, the same way file edits are blocked. Read-only
MCP tools (search, get, list) should still be allowed.

Actual behaviour

MCP write tools execute freely in plan mode. A Jira ticket was updated during
a plan-mode session without any warning or block.

Suggested fix

  • Detect write-capable MCP tools (or tools not marked read-only) and block
    them in plan mode
  • Optionally show a warning: "This tool would make external changes —
    blocked in plan mode"

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions