From 30bd34dd7e708da99fb5fd4589e41cb7f4fb63c8 Mon Sep 17 00:00:00 2001
From: Gio Della-Libera <giodl73@gmail.com>
Date: Mon, 15 Jun 2026 06:43:11 -0700
Subject: [PATCH] fix(policy): honor plugin group for declared mcp denies

---
 src/agents/tool-policy-declared-context.ts |  1 +
 src/agents/tool-policy-pipeline.test.ts    | 29 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/src/agents/tool-policy-declared-context.ts b/src/agents/tool-policy-declared-context.ts
index 636075e9cbe..69a1256fdd2 100644
--- a/src/agents/tool-policy-declared-context.ts
+++ b/src/agents/tool-policy-declared-context.ts
@@ -46,6 +46,7 @@ function denylistBlocksMcpServer(params: {
 }): boolean {
   return (
     denylistBlocksName("bundle-mcp", params.denylist) ||
+    matchesAnyGlobPattern("group:plugins", params.denylist) ||
     denylistContainsMcpServerEntry({
       safeServerName: params.safeServerName,
       rawDenylist: params.rawDenylist,
diff --git a/src/agents/tool-policy-pipeline.test.ts b/src/agents/tool-policy-pipeline.test.ts
index bf7fc69a963..6e5b99abb5e 100644
--- a/src/agents/tool-policy-pipeline.test.ts
+++ b/src/agents/tool-policy-pipeline.test.ts
@@ -336,6 +336,35 @@ describe("tool-policy-pipeline", () => {
     ]);
   });
 
+  test("warns when plugin group is denied and MCP server namespace is allowlisted", () => {
+    const warnings: string[] = [];
+    const declared = buildDeclaredToolAllowlistContext({
+      config: {
+        mcp: { servers: { paperless: { command: "paperless-mcp" } } },
+      },
+      workspaceDir: process.cwd(),
+      toolDenylist: ["group:plugins"],
+    });
+
+    applyToolPolicyPipeline({
+      tools: [{ name: "exec" }] as any,
+      toolMeta: () => undefined,
+      warn: (msg) => warnings.push(msg),
+      declaredToolAllowlist: declared,
+      steps: [
+        {
+          policy: { allow: ["paperless__*"] },
+          label: "tools.allow",
+          stripPluginOnlyAllowlist: true,
+        },
+      ],
+    });
+
+    expect(warnings).toEqual([
+      "tools: tools.allow allowlist contains unknown entries (paperless__*). These entries won't match any tool unless the plugin is enabled.",
+    ]);
+  });
+
   test("warns when denied duplicate-safe MCP server namespace is allowlisted", () => {
     const warnings: string[] = [];
     const declared = buildDeclaredToolAllowlistContext({