Claude Code requires explicit approval before MCP tools can be used. This is a security feature to prevent unauthorized code execution.
When Claude tries to use a semcode tool for the first time, you'll see:
Do you want to proceed?
❯ 1. Yes
2. Yes, and don't ask again for plugin:semcode:semcode - find_function commands in /home/clm/local/linux
3. No, and tell Claude what to do differently (esc)
Choose option 2 to approve that tool permanently for that directory.
You'll need to do this once per tool (13 times total) unless you pre-approve.
When running the install script, you'll be prompted:
./plugin/semcode/install.sh
# When prompted:
Would you like to pre-approve semcode tools for a specific directory?
Enter directory path: /home/clm/local/linuxThis will automatically approve all 13 tools for that directory.
Use the standalone approval script:
cd /home/clm/local/src/semcode
./plugin/semcode/approve-tools.sh /home/clm/local/linuxThis approves all 13 semcode tools for the specified directory.
Edit ~/.claude.json directly:
# Backup first
cp ~/.claude.json ~/.claude.json.backup
# Edit the file
vim ~/.claude.jsonFind the project section and add tools to allowedTools:
{
"projects": {
"/home/clm/local/linux": {
"allowedTools": [
"mcp__semcode__find_function",
"mcp__semcode__find_type",
"mcp__semcode__find_callers",
"mcp__semcode__find_calls",
"mcp__semcode__find_callchain",
"mcp__semcode__diff_functions",
"mcp__semcode__grep_functions",
"mcp__semcode__vgrep_functions",
"mcp__semcode__find_commit",
"mcp__semcode__vcommit_similar_commits",
"mcp__semcode__lore_search",
"mcp__semcode__dig",
"mcp__semcode__vlore_similar_emails"
],
...
}
}
}These are all 13 semcode tools that need approval:
mcp__semcode__find_function- Find functions/macrosmcp__semcode__find_type- Find types/structsmcp__semcode__find_callers- Find callersmcp__semcode__find_calls- Find calleesmcp__semcode__find_callchain- Build call chainsmcp__semcode__diff_functions- Extract from diffsmcp__semcode__grep_functions- Regex searchmcp__semcode__vgrep_functions- Semantic searchmcp__semcode__find_commit- Find commitsmcp__semcode__vcommit_similar_commits- Semantic commit searchmcp__semcode__lore_search- Search email archivesmcp__semcode__dig- Find emails for commitmcp__semcode__vlore_similar_emails- Semantic email search
Tool approvals are per-directory. If you approve tools for /home/clm/local/linux, you'll need to approve them again for /home/clm/local/another-project.
To approve for multiple directories:
./plugin/semcode/approve-tools.sh /home/clm/local/linux
./plugin/semcode/approve-tools.sh /home/clm/local/btrfs
./plugin/semcode/approve-tools.sh /home/clm/projects/myprojectCheck your current approvals:
cat ~/.claude.json | jq '.projects["/home/clm/local/linux"].allowedTools'Should show all 13 tools.
Issue: Tools still asking for approval after pre-approval
Solution: Restart Claude Code. Changes to ~/.claude.json only take effect after restart.
Issue: jq: command not found
Solution: Install jq:
sudo apt-get install jqIssue: Accidentally broke ~/.claude.json
Solution: Restore from backup:
cp ~/.claude.json.backup ~/.claude.jsonApproving tools allows Claude to:
- Read your codebase database
- Execute semcode-mcp binary
- Search code, commits, and emails
This is read-only access to your indexed data. Semcode cannot:
- Modify your source code
- Execute arbitrary commands
- Access files outside the database
Pre-approving is safe for directories you trust and have already indexed.