MCP Permissions

The setting amp.mcpPermissions defines rules that block or allow MCP servers.

MCP permissions are evaluated using a rule-based system with the same pattern matching syntax that is used for tool permissions. The first matching rule determines the action. If no rules match, the MCP server is allowed by default.

The following configuration would block all MCP servers except locally-executed servers from the @modelcontextprotocol npm organization and remote servers from trusted-service.com:

{
	"amp.mcpPermissions": [
		{
			"matches": { "command": "npx @modelcontextprotocol/server-*" },
			"action": "allow"
		},
		{
			"matches": { "url": "https://trusted-service.com/mcp/*" },
			"action": "allow"
		},
		{
			"matches": { "url": "*" },
			"action": "reject"
		}
		{
			"matches": { "command": "*" },
			"action": "reject"
		}
	]
}

Read more about amp.mcpPermissions in the manual.