Skip to content

Add tool filtering and readonly mode support #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hongkongkiwi wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add tool filtering and readonly mode support #81

hongkongkiwi wants to merge 1 commit into from

Conversation

@hongkongkiwi
Copy link

@hongkongkiwi hongkongkiwi commented Aug 18, 2025

Summary

  • Implements configurable security modes for the Google Calendar MCP server
  • Adds readonly mode to disable all write operations (create, update, delete)
  • Adds tool filtering with both blacklist and whitelist approaches

Features

1. Readonly Mode

  • New --readonly flag disables all write operations
  • Environment variable READONLY_MODE support
  • Automatically filters out create-event, update-event, and delete-event tools

2. Tool Filtering

  • Blacklist mode: --disable-tools flag to disable specific tools
  • Whitelist mode: --enable-tools flag to enable only specific tools
  • Environment variables DISABLED_TOOLS and ENABLED_TOOLS support
  • Tools are filtered at registration time, so disabled tools are not visible to the AI

3. Configuration Options

Both command-line arguments and environment variables are supported:

# Command line
npx @cocal/google-calendar-mcp start --readonly
npx @cocal/google-calendar-mcp start --disable-tools delete-event,update-event
npx @cocal/google-calendar-mcp start --enable-tools list-events,get-event

# Environment variables
READONLY_MODE=true npx @cocal/google-calendar-mcp start
DISABLED_TOOLS=delete-event,update-event npx @cocal/google-calendar-mcp start

Use Cases

  • Security-conscious deployments: Limit MCP server capabilities based on trust level
  • Read-only access: Perfect for monitoring or reporting scenarios
  • Granular control: Disable specific risky operations while keeping others
  • Testing: Easily test with limited tool sets

Implementation Details

  • Modified ServerConfig interface to include new configuration options
  • Updated ToolRegistry.registerAll() to filter tools based on configuration
  • Added comprehensive documentation in README.md
  • Updated help text in CLI

Test Plan

  • Build passes without errors
  • TypeScript type checking passes (npm run lint)
  • Help text displays new options correctly
  • Test readonly mode disables write operations
  • Test tool blacklisting works correctly
  • Test tool whitelisting works correctly
  • Verify environment variables are parsed correctly

🤖 Generated with Claude Code

@hongkongkiwi @claude
Add tool filtering and readonly mode support
c4fce35 
Implements configurable security modes for the Google Calendar MCP server:

- Added readonly mode to disable all write operations (create, update, delete)
- Added tool blacklisting via --disable-tools flag
- Added tool whitelisting via --enable-tools flag
- Support for both command-line arguments and environment variables
- Updated documentation with usage examples and configuration options

This allows users to restrict the MCP server's capabilities based on their
security requirements, enabling scenarios like read-only calendar access or
limiting specific operations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@hongkongkiwi
Copy link
Author

hongkongkiwi commented Aug 18, 2025

Basically I want to read calendar events and take actions but I don't want AI to ever change my events, so I added a little bit of helpers for that case, also added filtering because sometimes tool calls are limited.

Should be a flexible and backwards compatible change.

@nspady
Copy link
Owner

nspady commented Aug 18, 2025
edited
Loading

@hongkongkiwi Thanks for putting together this PR. I like the implementation filtering tools before they are registered.

It might be overkill to have three separate flags when the main goal is to allow read-only vs all operations, but I don't have strong opinions on this. However, if we do filter tools via a black list or whitelist let's make sure there is logic to determine if the supplied tools exist to prevent silent failures if there is a mismatch. Also, it would be good to throw errors if the user attempts an invalid combination of flags.

@hongkongkiwi
Copy link
Author

hongkongkiwi commented Aug 19, 2025
edited
Loading

The reason for the flags really is because some implementations e.g. cursor limit number of tool calls to 48 or something because they have their own bundled tools.

Sometimes you might want to have read write but you only needed a specific function, in that case limited tools might make sense.

I had to do this on the GitHub MCP due to the sheer overwhelming number. But totally agree might be overkill here. Since this is an issue some products e.g. cursor have added a function to ignore specific tool calls now. Which is recent.

@nspady
Copy link
Owner

nspady commented Aug 19, 2025

Thanks for the explanation, I have run into similar issues especially with the Github MCP. It probably makes sense to allow more granular filtering for the MCP clients that don't yet support enabling and disabling of specific tools.

Happy to merge this in once there is validation of the tool names being filtered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hongkongkiwi @nspady