Skip to content

fix(amazonq): suppress MCP consent re-prompts within session on deny#2703

Merged
aseemxs merged 1 commit intofeature/mcp-legacy-loader-defaultfrom
aseemxs/deny-cache
Apr 23, 2026
Merged

fix(amazonq): suppress MCP consent re-prompts within session on deny#2703
aseemxs merged 1 commit intofeature/mcp-legacy-loader-defaultfrom
aseemxs/deny-cache

Conversation

@aseemxs
Copy link
Copy Markdown
Contributor

@aseemxs aseemxs commented Apr 23, 2026

Follow-up to #2702: session-scoped denial cache to stop re-prompt spam.

@aseemxs aseemxs requested a review from a team as a code owner April 23, 2026 23:14
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 23, 2026

Codecov Report

❌ Patch coverage is 44.44444% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.32%. Comparing base (f7877c3) to head (ff014ed).

Files with missing lines Patch % Lines
...anguage-server/agenticChat/tools/mcp/mcpManager.ts 44.44% 5 Missing ⚠️
Additional details and impacted files 
@@                          Coverage Diff                          @@
##           feature/mcp-legacy-loader-default    #2703      +/-   ##
=====================================================================
- Coverage                              60.38%   60.32%   -0.07%     
=====================================================================
  Files                                    279      279              
  Lines                                  66231    66239       +8     
  Branches                                4217     4216       -1     
=====================================================================
- Hits                                   39991    39956      -35     
- Misses                                 26152    26199      +47     
+ Partials                                  88       84       -4
Flag Coverage Δ
unittests 60.32% <44.44%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@aseemxs aseemxs merged commit 928df81 into feature/mcp-legacy-loader-default Apr 23, 2026
5 checks passed
@aseemxs aseemxs deleted the aseemxs/deny-cache branch April 23, 2026 23:23
laileni-aws added a commit that referenced this pull request Apr 28, 2026
@laileni-aws @aseemxs
feat(amazonq): add consent prompt for workspace-scoped MCP servers (#…
7b8595a 
…2708)

* feat(amazonq): add consent prompt for workspace-scoped MCP servers

* fix(amazonq): suppress MCP consent re-prompts within session on deny (#2703)

* test: add consent gate tests for workspace-scoped MCP servers (#2705)

* fix: add missing closing brace in mcpManager.test.ts

* fix: use getGlobalMcpConfigPath for cross-platform path in consent gate test

* fix: addressing review feedback

---------

Co-authored-by: Aseem Sharma <aseemxs@amazon.com>
Co-authored-by: Aseem sharma <198968351+aseemxs@users.noreply.github.com>
ashishrp-aws pushed a commit that referenced this pull request Apr 29, 2026
@laileni-aws @aseemxs
fix(amazonq): improve MCP consent gate reliability and cleanup (#2711)
f5aa1a3 
* feat(amazonq): add consent prompt for workspace-scoped MCP servers

* fix(amazonq): suppress MCP consent re-prompts within session on deny (#2703)

* test: add consent gate tests for workspace-scoped MCP servers (#2705)

* fix: add missing closing brace in mcpManager.test.ts

* fix: use getGlobalMcpConfigPath for cross-platform path in consent gate test

* fix: addressing review feedback

* fix(amazonq): improve MCP consent gate reliability and cleanup

- Fix spurious re-prompts on IDE reload by using OR matching in
  hasApproval: match on (serverName, fingerprint) OR (serverName,
  workspaceHash). The fingerprint can change slightly between reloads
  due to config migration, and the workspaceHash covers that case.
- Add getGlobalPersonaConfigPath to the trusted set so persona configs
  don't trigger unnecessary consent prompts.
- Clear sessionDeniedConsent in close() for consistency with other state.
- Replace non-null assertion with inline Set initialization.
- Evict stale approval entries when config changes for the same server
  and workspace instead of accumulating them.
- Normalize configPath via normalizePathFromUri before consent checks.
- Add removeApproval and call it from removeServer so deleting a
  workspace MCP server clears its persisted approval.
- Improve prompt text to explain persistence semantics to the user.
- Normalize paths with path.resolve and forward slashes for cross-
  platform consistency in fingerprintWorkspace.

---------

Co-authored-by: Aseem Sharma <aseemxs@amazon.com>
Co-authored-by: Aseem sharma <198968351+aseemxs@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Will-ShaoHua Will-ShaoHua Will-ShaoHua approved these changes

@ashishrp-aws ashishrp-aws ashishrp-aws approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aseemxs @codecov-commenter @Will-ShaoHua @ashishrp-aws