coder
diff --git a/‎cli/exp_mcp.go
Lines changed: 24 additions & 7 deletions b/‎cli/exp_mcp.go
Lines changed: 24 additions & 7 deletions
diff --git a/‎cli/exp_mcp_test.go
Lines changed: 61 additions & 3 deletions b/‎cli/exp_mcp_test.go
Lines changed: 61 additions & 3 deletions
diff --git a/‎mcp/mcp.go
Lines changed: 17 additions & 8 deletions b/‎mcp/mcp.go
Lines changed: 17 additions & 8 deletions
@@ -16,11 +16,12 @@ func (r *RootCmd) mcpCommand() *serpent.Command {
 	var (
 		client       = new(codersdk.Client)
 		instructions string
+		allowedTools []string
 	)
 	return &serpent.Command{
 		Use: "mcp",
 		Handler: func(inv *serpent.Invocation) error {
-			return mcpHandler(inv, client, instructions)
+			return mcpHandler(inv, client, instructions, allowedTools)
 		},
 		Short: "Start an MCP server that can be used to interact with a Coder depoyment.",
 		Middleware: serpent.Chain(
@@ -33,11 +34,17 @@ func (r *RootCmd) mcpCommand() *serpent.Command {
 				Flag:        "instructions",
 				Value:       serpent.StringOf(&instructions),
 			},
+			{
+				Name:        "allowed-tools",
+				Description: "Comma-separated list of allowed tools. If not specified, all tools are allowed.",
+				Flag:        "allowed-tools",
+				Value:       serpent.StringArrayOf(&allowedTools),
+			},
 		},
 	}
 }
 
-func mcpHandler(inv *serpent.Invocation, client *codersdk.Client, instructions string) error {
+func mcpHandler(inv *serpent.Invocation, client *codersdk.Client, instructions string, allowedTools []string) error {
 	ctx, cancel := context.WithCancel(inv.Context())
 	defer cancel()
 
@@ -51,9 +58,12 @@ func mcpHandler(inv *serpent.Invocation, client *codersdk.Client, instructions s
 		return err
 	}
 	cliui.Infof(inv.Stderr, "Starting MCP server")
-	cliui.Infof(inv.Stderr, "User         : %s", me.Username)
-	cliui.Infof(inv.Stderr, "URL          : %s", client.URL)
-	cliui.Infof(inv.Stderr, "Instructions : %q", instructions)
+	cliui.Infof(inv.Stderr, "User          : %s", me.Username)
+	cliui.Infof(inv.Stderr, "URL           : %s", client.URL)
+	cliui.Infof(inv.Stderr, "Instructions  : %q", instructions)
+	if len(allowedTools) > 0 {
+		cliui.Infof(inv.Stderr, "Allowed Tools : %v", allowedTools)
+	}
 	cliui.Infof(inv.Stderr, "Press Ctrl+C to stop the server")
 
 	// Capture the original stdin, stdout, and stderr.
@@ -66,12 +76,19 @@ func mcpHandler(inv *serpent.Invocation, client *codersdk.Client, instructions s
 		inv.Stderr = invStderr
 	}()
 
-	closer := codermcp.New(ctx, client,
+	options := []codermcp.Option{
 		codermcp.WithInstructions(instructions),
 		codermcp.WithLogger(&logger),
 		codermcp.WithStdin(invStdin),
 		codermcp.WithStdout(invStdout),
-	)
+	}
+
+	// Add allowed tools option if specified
+	if len(allowedTools) > 0 {
+		options = append(options, codermcp.WithAllowedTools(allowedTools))
+	}
+
+	closer := codermcp.New(ctx, client, options...)
 
 	<-ctx.Done()
 	if err := closer.Close(); err != nil {
 
@@ -3,6 +3,7 @@ package cli_test
 import (
 	"context"
 	"encoding/json"
+	"slices"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -17,6 +18,61 @@ import (
 func TestExpMcp(t *testing.T) {
 	t.Parallel()
 
+	t.Run("AllowedTools", func(t *testing.T) {
+		t.Parallel()
+
+		ctx := testutil.Context(t, testutil.WaitShort)
+		cancelCtx, cancel := context.WithCancel(ctx)
+		t.Cleanup(cancel)
+
+		// Given: a running coder deployment
+		client := coderdtest.New(t, nil)
+		_ = coderdtest.CreateFirstUser(t, client)
+
+		// Given: we run the exp mcp command with allowed tools set
+		inv, root := clitest.New(t, "exp", "mcp", "--allowed-tools=coder_whoami,coder_list_templates")
+		inv = inv.WithContext(cancelCtx)
+
+		pty := ptytest.New(t)
+		inv.Stdin = pty.Input()
+		inv.Stdout = pty.Output()
+		clitest.SetupConfig(t, client, root)
+
+		cmdDone := make(chan struct{})
+		go func() {
+			defer close(cmdDone)
+			err := inv.Run()
+			assert.NoError(t, err)
+		}()
+
+		// When: we send a tools/list request
+		toolsPayload := `{"jsonrpc":"2.0","id":2,"method":"tools/list"}`
+		pty.WriteLine(toolsPayload)
+		_ = pty.ReadLine(ctx) // ignore echoed output
+		output := pty.ReadLine(ctx)
+
+		cancel()
+		<-cmdDone
+
+		// Then: we should only see the allowed tools in the response
+		var toolsResponse struct {
+			Result struct {
+				Tools []struct {
+					Name string `json:"name"`
+				} `json:"tools"`
+			} `json:"result"`
+		}
+		err := json.Unmarshal([]byte(output), &toolsResponse)
+		require.NoError(t, err)
+		require.Len(t, toolsResponse.Result.Tools, 2, "should have exactly 2 tools")
+		foundTools := make([]string, 0, 2)
+		for _, tool := range toolsResponse.Result.Tools {
+			foundTools = append(foundTools, tool.Name)
+		}
+		slices.Sort(foundTools)
+		require.Equal(t, []string{"coder_list_templates", "coder_whoami"}, foundTools)
+	})
+
 	t.Run("OK", func(t *testing.T) {
 		t.Parallel()
 
@@ -34,10 +90,12 @@ func TestExpMcp(t *testing.T) {
 		inv.Stdout = pty.Output()
 		clitest.SetupConfig(t, client, root)
 
-		cmdDone := tGo(t, func() {
+		cmdDone := make(chan struct{})
+		go func() {
+			defer close(cmdDone)
 			err := inv.Run()
 			assert.NoError(t, err)
-		})
+		}()
 
 		payload := `{"jsonrpc":"2.0","id":1,"method":"initialize"}`
 		pty.WriteLine(payload)
@@ -75,4 +133,4 @@ func TestExpMcp(t *testing.T) {
 		err := inv.Run()
 		assert.ErrorContains(t, err, "your session has expired")
 	})
-}
+}
@@ -21,6 +21,7 @@ type mcpOptions struct {
 	out          io.Writer
 	instructions string
 	logger       *slog.Logger
+	allowedTools []string
 }
 
 // Option is a function that configures the MCP server.
@@ -54,6 +55,13 @@ func WithStdout(out io.Writer) Option {
 	}
 }
 
+// WithAllowedTools sets the allowed tools for the MCP server.
+func WithAllowedTools(tools []string) Option {
+	return func(o *mcpOptions) {
+		o.allowedTools = tools
+	}
+}
+
 // New creates a new MCP server with the given client and options.
 func New(ctx context.Context, client *codersdk.Client, opts ...Option) io.Closer {
 	options := &mcpOptions{
@@ -74,14 +82,15 @@ func New(ctx context.Context, client *codersdk.Client, opts ...Option) io.Closer
 
 	logger := slog.Make(sloghuman.Sink(os.Stdout))
 
-	mcptools.RegisterCoderReportTask(mcpSrv, client, logger)
-	mcptools.RegisterCoderWhoami(mcpSrv, client)
-	mcptools.RegisterCoderListTemplates(mcpSrv, client)
-	mcptools.RegisterCoderListWorkspaces(mcpSrv, client)
-	mcptools.RegisterCoderGetWorkspace(mcpSrv, client)
-	mcptools.RegisterCoderWorkspaceExec(mcpSrv, client)
-	mcptools.RegisterCoderStartWorkspace(mcpSrv, client)
-	mcptools.RegisterCoderStopWorkspace(mcpSrv, client)
+	// Register tools based on the allowed list (if specified)
+	reg := mcptools.AllTools()
+	if len(options.allowedTools) > 0 {
+		reg = reg.WithOnlyAllowed(options.allowedTools...)
+	}
+	reg.Register(mcpSrv, mcptools.ToolDeps{
+		Client: client,
+		Logger: &logger,
+	})
 
 	srv := server.NewStdioServer(mcpSrv)
 	srv.SetErrorLogger(log.New(options.out, "", log.LstdFlags))