MCP approval not persisted: 'Always allow' keeps prompting for desktop-commander

[jonathanzhan1975]

Summary

Even after selecting "Always allow" for Desktop Commander MCP tool calls in Codex Desktop, the approval prompt keeps appearing repeatedly for desktop-commander calls.

This looks like MCP approval is not being persisted (or not being reloaded), while shell prefix approvals are persisted normally.

Environment

• OS: Windows
• Codex Desktop client: codex-mcp-client 0.119.0-alpha.28
• Desktop Commander MCP server: 0.2.38
• MCP server config:
  • command: cmd
  • args: /c npx -y @wonderwhy-er/desktop-commander@latest
• Workspace: trusted

Steps to Reproduce

1. Use Codex Desktop with Desktop Commander MCP enabled.
2. Trigger any Desktop Commander tool call (e.g. list_directory, read_file).
3. In approval popup, choose Always allow.
4. Trigger another Desktop Commander tool call in same workspace/session.

Expected

No more approval popup for Desktop Commander MCP tool calls (at least for same server/workspace scope).

Actual

Approval popup appears again and again for Desktop Commander MCP tool calls.

Evidence

Evidence 1: rules/default.rules has no MCP persistent-approval entries

Search patterns for MCP-tool approval state in local rules file return no match:

• mcp_tool_call_approval
• ResolveElicitation
• decision: Accept
• always allow
• remember

Only shell prefix_rule(...) entries are persisted there.

Evidence 2: logs_2.sqlite shows repeated non-persistent Accept decisions

Querying logs shows repeated entries of:

• op: ResolveElicitation
• server_name: "desktop-commander"
• decision: Accept

Recent sample count: 6 rows, all decision=Accept.

This suggests approvals are treated as one-shot Accept, not durable "Always allow".

Notes

I already confirmed there is only one Desktop Commander MCP server configured (no duplicate server configs).

[jonathanzhan1975]

Additional context: this issue is reproduced in Codex Desktop (client codex-mcp-client 0.119.0-alpha.28, Windows), not due to duplicate Desktop Commander MCP server entries.

What we observed locally:

• ~/.codex/rules/default.rules persists shell prefix_rule(...) approvals but contains no MCP tool-level persistent approval marker.
• ~/.codex/logs_2.sqlite repeatedly records ResolveElicitation ... server_name: "desktop-commander" ... decision: Accept, suggesting one-shot accept rather than durable "Always allow" behavior.

So this may involve client-side approval persistence/rehydration behavior (or client-server integration), not just server config duplication.

[wonderwhy-er]

Hm. Need to test.
But sounds like host issue?
Not sure how we can stand in the way of it persisting user options.