📚 Documentation Updates Available

I've created documentation updates for this feature in a separate branch: docs/mcp-allow-headless-9327

Changes Overview

Reference Documentation (reference.mdx)

• Added allowHeadless property to mcpServers configuration section
• Added example showing usage with Brave Search MCP server

MCP Deep Dive (customize/deep-dives/mcp.mdx)

• Added comprehensive section "How to Use MCP Servers in CLI Headless Mode"
• Explained security rationale with Note and Warning components
• Provided usage examples and best practices
• Added CardGroup showing good candidates vs. cautionary use cases

CLI Overview (cli/overview.mdx)

• Updated tool permissions Info box to mention MCP tools headless behavior
• Linked to detailed documentation

Next Steps

You can:

1. Review the changes in my branch: docs/mcp-allow-headless-9327
2. Cherry-pick the documentation commit (8aff77c) into your PR branch
3. Or I can create a separate PR to main after this PR merges

The documentation changes are scoped to explain the feature without adding unnecessary detail, using Mintlify components for effective information display.

View the commit: 8aff77c

📚 Documentation PR Created

I've created PR #9328 with documentation updates for the allowHeadless feature.

The PR adds comprehensive documentation covering:

• ✅ Reference documentation for the allowHeadless property
• ✅ Detailed explanation in the MCP deep dive guide
• ✅ Updated CLI overview to mention MCP headless behavior
• ✅ Security considerations and best practices
• ✅ Usage examples with Mintlify components

The documentation PR is ready to merge once this PR is merged.

Preview: #9328

Review Comments Addressed

Both AI review comments have been resolved:

P1 (Security) - allowHeadless bypassing explicit exclusions ✅

Fixed in 4062ff6

The allowMcpInHeadless check now respects explicit "exclude" permissions:

const allowMcpInHeadless =
  !tool.isBuiltIn &&
  isHeadless &&
  tool.allowHeadless &&
  result.permission !== "exclude";  // ← Added this check

P2 (Test) - Helper coercing undefined to false ✅

Fixed in 4062ff6

The test helper now preserves undefined instead of coercing to false:

// Before (bug):
allowHeadless: allowHeadless ?? false,

// After (fixed):
...(allowHeadless !== undefined && { allowHeadless }),

This ensures the test "should deny MCP tool with allowHeadless=undefined" actually tests undefined behavior, not false.

Both review threads are now outdated as the underlying code has been updated.

That could be a different way to solve it. I can go through it again and see if that would fix it.

@aaronlippold double checked this with the team and confirmed that we want MCP tools to just work out of the box in headless, so likely just a tweak to tool permissions should fix. Currently when using --agent any MCP tools in the agent will be allowed, and I think using --mcp you'd expect the same, so I think --config acting differently is probably more confusing than not, although I agree that the ultra-security conscious approach would be to default to false. I think for now, security-conscious users can pass a custom --config or use --mcps with only the tools they want.

That being said we should fix the bug where MCP tools simply aren't available in headless. I think the bug is likely here in tool permission service, where we don't actually have handling for the mcp: syntax (likely an uncaught hallucination)

// Allow MCP tools (no way to know if they're read only but shouldn't disable mcp usage in plan)
          { tool: "mcp:*", permission: "allow" },

What are your thoughts on this?