Feature hasn't been suggested before.
Describe the enhancement you want to request
Problem
Plan mode currently restricts local file system operations (file edits, bash
commands) but does NOT restrict MCP tool calls. This means an agent in plan
mode can still write to external services like Jira, Confluence, GitHub, etc.
This gives users a false sense of safety — "I'm in plan mode so nothing will
change" — but external API writes go through unblocked.
Expected behaviour
In plan mode, all MCP tools that perform write operations (create, update,
delete) should be blocked, the same way file edits are blocked. Read-only
MCP tools (search, get, list) should still be allowed.
Actual behaviour
MCP write tools execute freely in plan mode. A Jira ticket was updated during
a plan-mode session without any warning or block.
Suggested fix
- Detect write-capable MCP tools (or tools not marked read-only) and block
them in plan mode
- Optionally show a warning: "This tool would make external changes —
blocked in plan mode"
Feature hasn't been suggested before.
Describe the enhancement you want to request
Problem
Plan mode currently restricts local file system operations (file edits, bash
commands) but does NOT restrict MCP tool calls. This means an agent in plan
mode can still write to external services like Jira, Confluence, GitHub, etc.
This gives users a false sense of safety — "I'm in plan mode so nothing will
change" — but external API writes go through unblocked.
Expected behaviour
In plan mode, all MCP tools that perform write operations (create, update,
delete) should be blocked, the same way file edits are blocked. Read-only
MCP tools (search, get, list) should still be allowed.
Actual behaviour
MCP write tools execute freely in plan mode. A Jira ticket was updated during
a plan-mode session without any warning or block.
Suggested fix
them in plan mode
blocked in plan mode"