MCP Allowlist doesn't work, also can't be edited

Support Bug Reports
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

When I use an MCP tool, and the AI agent makes the tool call, it will prompt me to either add the tool call to the allowlist, or to run.
When I use the shell command allowlist, it works as expected. Things that go on the allowlist will run without prompting me.
However, when I use the MCP allowlist, it will always ask me to run the tool, even if that tool is on the allowlist.
So, the MCP allowlist appears to be useless, in that adding tool calls to the allowlist does not actually let the Cursor IDE to auto-run those tool calls in the future.

Steps to Reproduce

  1. Have at least one MCP server installed with at least 1 tool
  2. in the AI chat sidebar, prompt the AI agent to make a tool call to your MCP server’s tool(s)
  3. The AI agent will show a prompt to either ‘skip’, ‘add <> to allowlist’, and ‘run’
  4. click on ‘add <> to allowlist’
  5. prompt the AI agent to run the tool again

Expected Behavior

My expected behavior is that, after clicking on the ‘add tool to allowlist’ button in a chat, Cursor will add that tool call to the MCP allowlist, and then future calls to that tool will not require user intervention.

Operating System

MacOS

Current Cursor Version (Menu → About Cursor → Copy)

Version: 1.7.17 (Universal)
VSCode Version: 1.99.3
Commit: 34881053400013f38e2354f1479c88c9067039a0
Date: 2025-09-29T03:10:26.099Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 25.0.0

For AI issues: which model did you use?

I’m using the ‘auto’ model setting in the chat screen.

Does this stop you from using Cursor

No - Cursor works, but with this issue

6 Likes
Atlassian MCP `autoApprove: true` Not Being Respected
Add the ability to pre-configure which MCP tools are enabled/disabled via the `mcp.json` configuration file, eliminating the need to manually enable tools in the UI after every Cursor restart
2

Hey, thanks for the report. We’ll investigate this.

4

I got the same issue :cry:

5

Hey, this issue was fixed in version 1.7.38 Let me know if the problem persists.

1 Like
6

Hi, just updated to 1.7.38, its still not working, settings still shows a “disabled” hover cursor, still readonly. If I get prompted to run an MCP tool, it still doesn’t recognize that its already allowlisted. Trying to add new tools results on the UI showing it added briefly and then gets removed.

image
image1742×487 56.2 KB

4 Likes
7

Thanks for the info. We’re investigating this.

8

I’m also seeing this exact same issue in the latest MacOS Cursor version (1.7.44) and its bugging the hell out of me.

I wonder if it might be related to the content of “~/.cursor/mcp.json” or some other setting or file or logic that changed recently in cursor?

9

Hello !

I’m on 1.7.44

Even in “Run Everything“ mode, it asks me for permission.

Also, I found out if you click on “Add to allowlist“ while being in “run everything“ mode, it toggles your mode automatically to “Use Allowlist“ mode

1 Like
10

I also have this issue. As of this morning I am running the latest available build, 1.7.44, but the issue persists. I’ve been experiencing this for about 3 weeks. I feel like it was fixed briefly about a week ago and is now broken again. Regression?

My system info:

Version: 1.7.44 (Universal)
VSCode Version: 1.99.3
Commit: 9d178a4■■■89981b62546448bb32920a8219a5d0
Date: 2025-10-10T15:43:37.500Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.6.0

11

Just updated to the latest build, issue persists. Build info:

Version: 1.7.46 (Universal)
VSCode Version: 1.99.3
Commit: b9e5948c1ad20443a5cecba6b84a3c9b99d62580
Date: 2025-10-14T01:21:46.830Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.6.0

12

same issue in latest build with macos

13

Same here, very annoying to press enter 17 times in a row for the MCP to work.

Could it be that the (now removed) option that blocks MCP auto-run is still in effect and overrides the new auto run options?
I remember turning it on, and my colleagues who didnt turn it on don’t have this issue at all.

5 Likes
14

@lironle thanks for this comment :+1:

I also had suspected some previously visible manually enabled cursor setting to be a likely root cause of the problem, potentially “MCP Tools Protection” and related YOLO/allowlist stuff which I had altered in the past.

After several cursor upgrades and profanity and lost productivity I decided to look deeper and to resolve this bs issue.

There was a lot of wasted hours and head banging and begging codex to help me out… and eventually I managed to get the MCP allow list, autorun etc to work in both sandboxed and unsanboxed modes.

Previously the list was indeed not editable manually (but new allowList entries did get added when I tried MCP tools), but the allow listed MCP tool calls finally run without frustratung manual confirmation.

Here is the issue description and the solution which worked for me, written by codex cli, which deserves the credit:

Problem

Even with MCP servers approved and auto-run enabled, Cursor kept prompting for every MCP tool call(Playwright, Python, Task Master, etc.) after restarts.

The UI toggles were useless because the some of these flags live in the global reactive store, but not in the currently visible profile settings, eg. “MCP Tools Protection”, which was likely manually enabled by the user in a previous cursor version which still exposed this in the UI.

Root cause

~/Library/Application Support/Cursor/User/globalStorage/state.vscdb
has a giant JSON blob (src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser). Inside composerState the following keys were stuck in “safety” mode:

  • composerState.shouldAutoContinueToolCall = 0
  • composerState.yoloMcpToolsDisabled = 1
  • composerState.useYoloMode = 1
  • composerState.modes4[0].fullAutoRun = false

Every time Cursor boots, it reads those values and immediately overrides whatever you set in the UI. That is why approvals kept coming back.

Compact fix script

  1. Quit Cursor completely
  2. Save the script below as cursor-mcp-autorun-fix.sh anywhere.
  3. Run it. It backs up each state.vscdb, flips the booleans in both global + profile DBs, and confirms the results.
  4. Launch Cursor and test your MCP tools (sandboxed or unsandboxed).
#!/usr/bin/env bash
set -euo pipefail
ROOT="$HOME/Library/Application Support/Cursor"
STAMP=$(date +%Y%m%d-%H%M%S)
KEY='src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser'
find "$ROOT/User" "$ROOT/User/profiles" -type f -name state.vscdb -print0 2>/dev/null | while IFS= read -r -d '' DB; do
  cp "$DB" "$DB.bak.$STAMP" || true
  /usr/bin/sqlite3 "$DB" "PRAGMA busy_timeout=5000; BEGIN;
    UPDATE ItemTable SET value=json_set(value,
      '$.shouldAutoContinueToolCall', 1,
      '$.yoloMcpToolsDisabled', 0,
      '$.isAutoApplyEnabled', 1
    ) WHERE key='$KEY' AND json_valid(value);
    UPDATE ItemTable SET value=json_set(value,
      '$.composerState.useYoloMode', 0,
      '$.composerState.shouldAutoContinueToolCall', 1,
      '$.composerState.yoloMcpToolsDisabled', 0,
      '$.composerState.isAutoApplyEnabled', 1,
      '$.composerState.modes4[0].autoRun', 1,
      '$.composerState.modes4[0].fullAutoRun', 1
    ) WHERE key='$KEY' AND json_valid(value);
    UPDATE ItemTable SET value=REPLACE(value,'\"mcpEnabled\": false','\"mcpEnabled\": true')
      WHERE key='$KEY' AND value LIKE '%\"mcpEnabled\": false%';
    COMMIT;";
  /usr/bin/sqlite3 -readonly "$DB" "SELECT '$DB',
    json_extract(value,'$.composerState.shouldAutoContinueToolCall'),
    json_extract(value,'$.composerState.yoloMcpToolsDisabled'),
    json_extract(value,'$.composerState.modes4[0].fullAutoRun')
    FROM ItemTable WHERE key='$KEY';"
done
echo "Done. Restart Cursor and retest MCP autorun."

After running the script, both “Run everything (unsandboxed)” and “Run everything (sandboxed)” modes finally work as expected: MCP tool calls auto-run, the allowlist UI reappears as editable in sandboxed mode, and no more confirmation dialogs.

12 Likes
Separate "Auto-run MCP" Option from "Enable auto-run mode"
Atlassian MCP `autoApprove: true` Not Being Respected
Run Everything does not work with MCP calls
YOLO mode doesn't auto-run MCP tools
2.0 has lost a lot of functionality I can no longer use Cursor
Even with “Run Everything (Unsandboxed)” and “Legacy Terminal Tool” enabled, chrome-devtools MCP still asks for confirmation every time
MCP tools allowlist to autorun
15

Thanks @primate that seems to have solved it! I was trying to find cursor config, did not imagine finding it inside a huge json database :sweat_smile:

However, instead of running the script you pasted I opened the db in notepad++ and changed shouldAutoContinueToolCall to true and yoloMcpToolsDisabled to false which seems to have corrected the issue.

Thanks again!

1 Like
16

Can confirm @primate script works! Thank you so much!

1 Like
19

Here’s a version of the script for windows enjoyoors. You’ll need the sqlite3 executable that can be downloaded @ https://www.sqlite.org/2017/sqlite-tools-win32-x86-3170000.zip.

# enable-cursor-auto-features.ps1

# Stop on errors
$ErrorActionPreference = "Stop"

# Configuration
$ROOT = "$env:USERPROFILE\AppData\Roaming\Cursor"
$SQLITE3 = "$env:USERPROFILE\Downloads\sqlite3.exe"
$STAMP = Get-Date -Format "yyyyMMdd-HHmmss"
$KEY = 'src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser'

# Check if sqlite3.exe exists
if (-not (Test-Path $SQLITE3)) {
    Write-Error "sqlite3.exe not found at: $SQLITE3"
    exit 1
}

# Find all state.vscdb files
$dbFiles = @()
$searchPaths = @(
    "$ROOT\User",
    "$ROOT\User\profiles"
)

foreach ($path in $searchPaths) {
    if (Test-Path $path) {
        $dbFiles += Get-ChildItem -Path $path -Filter "state.vscdb" -Recurse -ErrorAction SilentlyContinue
    }
}

if ($dbFiles.Count -eq 0) {
    Write-Warning "No state.vscdb files found in $ROOT"
    exit 0
}

Write-Host "Found $($dbFiles.Count) database file(s)" -ForegroundColor Green

# Process each database
foreach ($dbFile in $dbFiles) {
    $DB = $dbFile.FullName
    Write-Host "`nProcessing: $DB" -ForegroundColor Cyan
    
    # Create backup
    $backupFile = "$DB.bak.$STAMP"
    try {
        Copy-Item -Path $DB -Destination $backupFile -Force
        Write-Host "  [OK] Backup created: $backupFile" -ForegroundColor Green
    } catch {
        Write-Warning "  Failed to create backup: $_"
    }
    
    # SQL update commands - using literal here-string to prevent PowerShell parsing
    $sqlUpdate = @'
PRAGMA busy_timeout=5000;
BEGIN;
UPDATE ItemTable SET value=json_set(value,
  '$.shouldAutoContinueToolCall', 1,
  '$.yoloMcpToolsDisabled', 0,
  '$.isAutoApplyEnabled', 1
) WHERE key='KEYPLACEHOLDER' AND json_valid(value);
UPDATE ItemTable SET value=json_set(value,
  '$.composerState.useYoloMode', 0,
  '$.composerState.shouldAutoContinueToolCall', 1,
  '$.composerState.yoloMcpToolsDisabled', 0,
  '$.composerState.isAutoApplyEnabled', 1,
  '$.composerState.modes4[0].autoRun', 1,
  '$.composerState.modes4[0].fullAutoRun', 1
) WHERE key='KEYPLACEHOLDER' AND json_valid(value);
UPDATE ItemTable SET value=REPLACE(value,'\"mcpEnabled\": false','\"mcpEnabled\": true')
  WHERE key='KEYPLACEHOLDER' AND value LIKE '%\"mcpEnabled\": false%';
COMMIT;
'@
    
    # Replace the placeholder with actual key
    $sqlUpdate = $sqlUpdate -replace 'KEYPLACEHOLDER', $KEY
    
    # Execute update
    try {
        $sqlUpdate | & $SQLITE3 $DB 2>&1 | Out-Null
        Write-Host "  [OK] Database updated successfully" -ForegroundColor Green
    } catch {
        Write-Error "  Failed to update database: $_"
        continue
    }
    
    # Verify changes
    $sqlVerify = @'
SELECT 'DBPLACEHOLDER',
  json_extract(value,'$.composerState.shouldAutoContinueToolCall') as autoContinue,
  json_extract(value,'$.composerState.yoloMcpToolsDisabled') as yoloDisabled,
  json_extract(value,'$.composerState.modes4[0].fullAutoRun') as fullAutoRun
FROM ItemTable WHERE key='KEYPLACEHOLDER';
'@
    
    $sqlVerify = $sqlVerify -replace 'KEYPLACEHOLDER', $KEY
    $sqlVerify = $sqlVerify -replace 'DBPLACEHOLDER', $DB
    
    Write-Host "  Verification:" -ForegroundColor Yellow
    $sqlVerify | & $SQLITE3 $DB
}

Write-Host "`n=========================================" -ForegroundColor Green
Write-Host "Done! Restart Cursor and retest MCP autorun." -ForegroundColor Green
Write-Host "=========================================" -ForegroundColor Green
Write-Host "`nPress any key to exit..."
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Run everything runs nothing
20

I’m on windows, the script doesn’t seem to help. Any word from Cursor? When are we going to get a fix.
UPDATE: After running the script a second time, it appears to have worked…

23

Would be nice to get an official fix for this, especially since I’m on Linux. Any ETA?

24

Change the ROOT line of the script to ROOT=“$HOME/.config/Cursor” and it’ll run on linux and seems to works for me.

Version : 2.3.39

#!/usr/bin/env bash
set -euo pipefail

# Define the specific Global Storage database path
ROOT="$HOME/.config/Cursor"
DB="$ROOT/User/globalStorage/state.vscdb"
STAMP=$(date +%Y%m%d-%H%M%S)
KEY='src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser'

# 1. Safety Check: Ensure the database exists
if [ ! -f "$DB" ]; then
    echo "Error: Global storage database not found at $DB"
    exit 1
fi

echo "Processing Global Storage: $DB"

# 2. Create a backup
cp "$DB" "$DB.bak.$STAMP" || true

# 3. Apply changes using -cmd for the PRAGMA to keep output clean
sqlite3 "$DB" -cmd "PRAGMA busy_timeout=5000" "BEGIN;
    UPDATE ItemTable SET value=json_set(value,
      '$.shouldAutoContinueToolCall', 1,
      '$.yoloMcpToolsDisabled', 0,
      '$.isAutoApplyEnabled', 1
    ) WHERE key='$KEY' AND json_valid(value);
    UPDATE ItemTable SET value=json_set(value,
      '$.composerState.useYoloMode', 0,
      '$.composerState.shouldAutoContinueToolCall', 1,
      '$.composerState.yoloMcpToolsDisabled', 0,
      '$.composerState.isAutoApplyEnabled', 1,
      '$.composerState.modes4[0].autoRun', 1,
      '$.composerState.modes4[0].fullAutoRun', 1
    ) WHERE key='$KEY' AND json_valid(value);
    UPDATE ItemTable SET value=REPLACE(value,'\"mcpEnabled\": false','\"mcpEnabled\": true')
      WHERE key='$KEY' AND value LIKE '%\"mcpEnabled\": false%';
    COMMIT;"

# 4. Verify and display results
echo "-----------------------------------------------"
echo "VERIFICATION:"
sqlite3 -readonly "$DB" "SELECT 
    'Auto-Continue: ' || json_extract(value,'$.composerState.shouldAutoContinueToolCall'),
    'MCP Enabled:   ' || (CASE WHEN json_extract(value,'$.composerState.yoloMcpToolsDisabled') = 0 THEN 'YES' ELSE 'NO' END),
    'Full AutoRun:  ' || json_extract(value,'$.composerState.modes4[0].fullAutoRun')
    FROM ItemTable WHERE key='$KEY';"
echo "-----------------------------------------------"

echo "Done. Restart Cursor and retest MCP autorun."

Gemini suggested a few changes - here’s the script I used.

If you are using a snap or flatpak I guess there might be issues - check if the config folder exists before running.

2 Likes
25

The fix doesn’t work for me.

Version: 2.3.41
VSCode Version: 1.105.1
Commit: 2ca326e0d1ce10956aea33d54c0e2d8c13c58a30
Date: 2026-01-16T19:14:00.150Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Darwin arm64 25.2.0