fix(mcp): make tool approval annotations explicit#297
Conversation
commit: |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| description: Set sim location. | ||
| annotations: | ||
| title: Set Simulator Location | ||
| readOnlyHint: true |
There was a problem hiding this comment.
Simulator-mutating tools incorrectly marked as read-only
High Severity
set_sim_location, set_sim_appearance, reset_sim_location, and sim_statusbar are all newly marked readOnlyHint: true, yet their implementations execute state-mutating xcrun simctl commands (location set, ui appearance, location clear, status_bar override). The MCP spec defines readOnlyHint: true as "the tool does not modify its environment," and clients skip user-approval dialogs for such tools. This contradicts the PR's stated goal of "describing behavior honestly" and is inconsistent with erase_sims, which is correctly marked readOnlyHint: false.
Additional Locations (2)
1 participant
Summary
Context
Codex now treats missing MCP approval hints as risky defaults. This change makes the approval-related annotations explicit so local XcodeBuildMCP tools can stay low-friction while still describing their behavior honestly.