mirror of
https://github.com/qwibitai/nanoclaw.git
synced 2026-06-12 18:11:51 +08:00
Alex Mashkovtsev
f68f6da406
Claude Code 2.1.116+ treats SDK `allowedTools` as a hard whitelist: servers whose namespace isnt listed are filtered out before the agent ever sees them, regardless of `permissionMode: bypassPermissions` or any `permissions.allow` in settings. The static TOOL_ALLOWLIST only contained `mcp__nanoclaw__*`, so any MCP wired via add_mcp_server (or directly in container.json) was silently dropped. Derive `mcp__<sanitized-name>__*` entries at the SDK call site from the already-aggregated `this.mcpServers` map, mirroring the SDKs own sanitization rule (chars outside [A-Za-z0-9_-] become _). Prior diagnosis by @jsboige in #2028 (withdrawn, not upstreamed).