Unable to use --allow-tool with --prompt and --additional-mcp-config (works only with --yolo) #1592
Description
Unable to use --allow-tool iot-local-debug with --prompt and --additional-mcp-config (works only with --yolo)
Description
When running copilot.exe (version 0.0.414) with the --prompt and --additional-mcp-config flags, I am not able to use the MCP iot-local-debug (defined in my $mcp_config). All attempts to allow the tool with --allow-tool (including different variations) fail, but using --yolo works.
Notably, when using --interactive mode instead of --prompt, --allow-tool iot-local-debug works as expected. This suggests the issue is specific to non-interactive (--prompt) mode.
How to Reproduce
The MCP config:
$mcp_config = '{"mcpServers":{"iot-local-debug":{"type":"http","url":"http://localhost:8080/mcp","headers":{},"tools":["*"]}}}'The quick test script for --prompt:
$p_quick = @'
IMPORTANT: You are ONLY allowed to use MCP tools for testing. Do NOT use direct REST API calls (curl, Invoke-RestMethod, etc.).
Use mcp iot-local-debug to interact with the local MCP server.
Quick Test: Generate Key Pair Only
Step 1: "Generate a key pair for my IoT device"
↓
MCP calls: generate_key_pair (no parameters needed)
↓
Expected: Receive {"upload_key": "...", "download_key": "..."}
CONSTRAINT: You MUST use only the MCP tool generate_key_pair from the iot-local-debug server.
Please execute the step using MCP tools only and confirm the expected outcome.
'@The main command (failing with --prompt):
& copilot.exe @(
"--prompt"
$p_quick
"--additional-mcp-config"
$mcp_config
"--model"
"gpt-5-mini"
"--allow-all-paths"
"--no-ask-user"
"--no-auto-update"
"--no-custom-instructions"
"--allow-tool"
"iot-local-debug"
"--allow-tool"
"iot-local-debug-generate_key_pair"
"--allow-tool"
"iot-local-debug(*)"
"--allow-tool"
"generate_key_pair"
# "--yolo" # Uncommenting this is the only thing that works
)The equivalent command (working with --interactive):
& copilot.exe @(
"--interactive"
"--additional-mcp-config"
$mcp_config
"--model"
"gpt-5-mini"
"--allow-all-paths"
"--no-ask-user"
"--no-auto-update"
"--no-custom-instructions"
"--allow-tool"
"iot-local-debug"
)Observed Behavior
All --allow-tool variations fail in --prompt mode and produce the following output:
(This may take a minute as the AI processes the request)
Running MCP iot-local-debug generate_key_pair to create an upload/download key pair for the IoT device using the local MCP tool. I'll also report intent "Generating keypair" alongside the MCP call.
✗ iot-local-debug-generate_key_pair
Permission denied and could not request permission from user
Requesting user's permission to allow MCP generate_key_pair because the MCP tool reported permission denied.
Expected Behavior
Passing --allow-tool iot-local-debug (or any of the other variations) in --prompt mode should allow the MCP tool to execute, consistent with the behavior in --interactive mode — and without requiring --yolo.
Workarounds
| Mode | --allow-tool iot-local-debug |
--yolo |
|---|---|---|
--interactive |
✅ Works | ✅ Works |
--prompt |
❌ Permission denied | ✅ Works |
Version
copilot --version
GitHub Copilot CLI 0.0.414
Additional Context
$mcp_configdefines theiot-local-debugMCP server as an HTTP server athttp://localhost:8080/mcpwith a wildcard tools allowlist ("tools": ["*"]).- The failure occurs regardless of which
--allow-toolpattern is used in--promptmode. --yoloworks as a workaround, but is not desirable for security reasons.
Questions / Possible Bug
- Is
--allow-toolhandled differently between--promptand--interactivemodes? - Is the correct format for
--allow-toolwith MCP tools<server-name>-<tool-name>,<server-name>(<tool-name>), or something else entirely? - Is there a known incompatibility between
--additional-mcp-configand--allow-toolin--promptmode? - Why does
--yolosucceed where explicit--allow-toolpatterns do not in--promptmode? - Does the
"tools": ["*"]wildcard in$mcp_configconflict with or get overridden by--allow-toolresolution?