Feature Request: Use alwaysAllow List as Pre-Validation Whitelist to Prevent Invalid MCP Tool Calls

[raymelon]

Feature Request: Use alwaysAllow list as Pre-Validation Whitelist to Prevent guesswork on MCP Tool Calls

UPDATE: I made a PR implementing this: #2175

Description

Kilo Code currently attempts MCP tool calls without validating tool existence on alwaysAllow list on mcp_settings.json, leading to wasted time and tokens.

An example is Kilo Code using invalid tools like "search" and "query" for deepwiki MCP despite alwaysAllow listing the valid tool names: "read_wiki_structure", "read_wiki_contents", "ask_question". Experienced it myself and I have to correct Kilo Code from time to time to use the correct tool names.

The existing alwaysAllow list can be repurposed as a pre-validation whitelist to prevent this cycle of guesswork.

Problem

The AI model attempts to use non-existent MCP tools like "search" and "query" because it can "hallucinate" or infer tool names that seem logical but don't actually exist on connected MCP servers. This leads to wasted time and tokens when these invalid tool calls are made.

Current Behavior

• No pre-validation: Tools are called without checking if they exist on allwaysAllow list
• Post-failure discovery: Invalid tools are only discovered when MCP server rejects them
• Wasted resources: Time and tokens spent on doomed tool calls with a chance of not actually hitting the correct tool name unless the user corrects the AI.

Root Cause

The issue occurs because the AI learns about available tools through the system prompt, but there's no filtering to prevent it from attempting tools that don't exist. Once the AI has already chosen a non-existent tool name in useMcpToolTool(), it's too late to change that choice.

Proposed Solution (Updated)

Solution Approach

Filter tools at the system prompt generation level rather than trying to validate after the AI has already made its choice. This prevents the AI from ever knowing about non-existent tools.

Implementation Location

Modify the getMcpServersSection function in mcp-servers.ts:4-8 where MCP server information is formatted for the system prompt.

What to Change

1. In the tool filtering section mcp-servers.ts:19-29 - enhance the existing filter that checks enabledForPrompt
2. Add alwaysAllow validation - prioritize tools in the alwaysAllow list (assume they exist)
3. Verify other tools - for tools not in alwaysAllow, validate they exist via fetchToolsList() before including them
4. Only present verified tools to the AI in the final system prompt

Key Benefits of this approach

• Prevents hallucination - AI can't attempt tools it doesn't know about
• Leverages existing infrastructure - uses the alwaysAllow configuration from McpHub.ts:873-886
• Solves at source - prevents the problem before it occurs rather than catching it after
• No execution-level changes needed - all filtering happens during prompt generation

More Benefits

• Zero wasted time on invalid tool calls
• 100% validation ensures all tools exist before execution
• Performance optimization for trusted (alwaysAllow) tools via auto-approval
• No new configuration needed - uses existing alwaysAllow infrastructure
• Backward compatible - existing setups continue to work
• Immediate prevention vs post-failure discovery

Result

The AI model will only see and attempt to use MCP tools that are guaranteed to exist, eliminating the "search" and "query" inference problem entirely.

Open for discussion. If this is approved, let me know, so I can submit a PR. Thanks!

[raymelon]

UPDATE: I made a PR implementing this: #2175