kilocode icon indicating copy to clipboard operation
kilocode copied to clipboard
verified publisher icon Kilo-Org

feat(mcp): filter tools in system prompt to force tool calls only for those listed in alwaysAllow list

Open raymelon opened this issue 4 months ago • 1 comments

Solution implemented for Feature Request 2171

Commit

feat(mcp): filter tools in system prompt to force tool calls only for those listed in alwaysAllow list

Modify getMcpServersSection to only include tools that exist in alwaysAllow 
or are verified via fetchToolsList, preventing AI from attempting invalid 
tools like "search" and "query" that don't exist on connected MCP servers.

Summary

Kilo Code currently attempts MCP tool calls without validating tool existence on alwaysAllow list on mcp_settings.json, leading to wasted time and tokens.

An example is Kilo Code using invalid tools like "search" and "query" for deepwiki/devin MCP despite alwaysAllow listing the valid tool names: "read_wiki_structure", "read_wiki_contents", "ask_question" already.

Experienced it myself and I have to correct Kilo Code from time to time to use the correct tool names.

The existing alwaysAllow list can be repurposed as a pre-validation whitelist to prevent this cycle of guesswork.

Context

The AI model was attempting to use non-existent MCP tools like "search" and "query" because it could infer logical-sounding tool names that don't actually exist on connected MCP servers. This led to wasted time and tokens when these invalid tool calls were made.

Implementation

Modified the getMcpServersSection function mcp-servers.ts:19-29 to filter tools before presenting them to the AI model in the system prompt. The solution:

  1. Prioritizes alwaysAllow tools - assumes tools in the user-configured alwaysAllow list exist
  2. Validates other tools - verifies existence via fetchToolsList() for tools not in alwaysAllow
  3. Only presents verified tools to the AI in the system prompt

This prevents the AI from ever knowing about non-existent tools, eliminating the hallucination problem at its source rather than trying to catch invalid calls during execution.

Benefits

  • Prevents tool hallucination - AI can only attempt tools it knows exist
  • Leverages existing infrastructure - uses the alwaysAllow configuration from MCP settings McpHub.ts:873-875
  • Solves at source - prevents the problem during prompt generation rather than execution
  • No breaking changes - maintains backward compatibility with existing MCP configurations

How to Test

  1. Connect an MCP server with limited tools (not including "search" or "query")
  2. Verify the AI no longer attempts to use non-existent tools
  3. Confirm tools in alwaysAllow are still presented and functional
  4. Test that new tools are properly validated before being shown to the AI

Wiki pages you might want to explore:

  • System Prompt Generation (Kilo-Org/kilocode)

raymelon avatar Aug 27 '25 21:08 raymelon

⚠️ No Changeset found

Latest commit: 913b27832575f25f6604af8f5e688d51bf900e62

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

changeset-bot[bot] avatar Aug 27 '25 21:08 changeset-bot[bot]