docs: add allowHeadless documentation for MCP servers in CLI headless mode #9328
+420
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds `allowHeadless: true` config option for MCP servers, enabling
specific MCP tools to work in headless mode without requiring --auto flag.
Changes:
- Add allowHeadless to MCP config schema
- Pass allowHeadless from connection config to Tool objects
- Check allowHeadless in tool enumeration (getRequestTools)
- Check allowHeadless in execution permission (checkToolPermissionApproval)
- Add 8 tests covering enumeration and execution permission
Usage:
```yaml
mcpServers:
- name: Brave Search
command: npx
args: ["-y", "@modelcontextprotocol/server-brave-search"]
allowHeadless: true # Enable in headless mode
```
Authored by: Aaron Lippold<[email protected]>
… mode - Add allowHeadless property to mcpServers reference documentation - Add comprehensive section in MCP deep dive explaining headless mode behavior - Update CLI overview to mention MCP tools headless mode exclusion - Include examples and security considerations for allowHeadless usage Generated with [Continue](https://continue.dev) Co-Authored-By: Continue <[email protected]> Co-authored-by: nate <[email protected]>
dosubot
bot
added
the
size:L
3 tasks
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
…ned in tests Issue 1 (P1): allowMcpInHeadless now only upgrades 'ask' permissions, not 'exclude' - Modified logic to check result.permission === 'ask' before applying allowHeadless - This prevents allowHeadless from bypassing explicit tool exclusions - Added test case to verify excluded tools remain excluded Issue 2 (P2): Test helper now preserves undefined allowHeadless values - Changed from 'allowHeadless ?? false' to conditional property spread - This allows tests to properly verify undefined behavior vs explicit false Generated with [Continue](https://continue.dev) Co-Authored-By: Continue <[email protected]> Co-authored-by: nate <[email protected]>
Contributor
Author
✅ Code Review Issues FixedI've addressed both P1 and P2 issues identified by the review: Issue 1 (P1): Security Fix - Respect Explicit ExclusionsProblem: Fix: Modified the logic so // Before: Could bypass exclusions
const allowMcpInHeadless =
!tool.isBuiltIn && isHeadless && tool.allowHeadless;
// After: Only upgrades "ask" permissions
const allowMcpInHeadless =
result.permission === "ask" &&
!tool.isBuiltIn &&
isHeadless &&
tool.allowHeadless;Added test case to verify excluded tools remain excluded even with Issue 2 (P2): Test Accuracy - Preserve Undefined ValuesProblem: Test helper coerced Fix: Changed from // Before: Coerced undefined to false
allowHeadless: allowHeadless ?? false,
// After: Preserves undefined
...(allowHeadless !== undefined ? { allowHeadless } : {}),Both fixes maintain the security-first design while ensuring proper test coverage. Commit: 2cfb204 |
continue-development-app bot
pushed a commit
that referenced
this pull request
Dec 26, 2025
- Add edge case tests for disconnected servers, empty connections, and empty tools - Add permission policy interaction tests with wildcards and argumentMatches - Add integration tests for mixed built-in and MCP tools - Add test for built-in tools behavior in headless mode - Add tool ordering and mode transition tests Improves test coverage for PR #9328 with 12 new test cases covering: - Error handling and graceful degradation - Complex permission policy scenarios - Real-world integration scenarios - Security boundary validation Generated with [Continue](https://continue.dev) Co-Authored-By: Continue <[email protected]> Co-authored-by: peter-parker <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Documentation Updates for PR #9327
This PR adds documentation for the new
allowHeadlessconfiguration option for MCP servers introduced in #9327.Changes
Reference Documentation (reference.mdx)
allowHeadlessproperty to mcpServers configuration sectionMCP Deep Dive (customize/deep-dives/mcp.mdx)
CLI Overview (cli/overview.mdx)
Documentation Approach
The documentation is scoped to explain the feature without changing the overall level of detail in the docs. It:
allowHeadless: trueScreenshots
Reference Documentation Example
Added
allowHeadlessproperty with clear description and usage example:MCP Deep Dive Section
Added comprehensive section with:
Related: #9327
This task was co-authored by nate and Continue.
Summary by cubic
Adds an allowHeadless option for MCP servers to safely enable trusted MCP tools in CLI headless mode, and updates docs with clear guidance and examples.
Written for commit 2cfb204. Summary will update automatically on new commits.