@berthojoris/mcp-mysql-server 1.17.0 → 1.18.0

package/README.md

@@ -78,7 +78,6 @@ DB_USER=root
 DB_PASSWORD=yourpassword
 DB_NAME=yourdatabase
 MCP_CONFIG=list,read,utility
-MCP_MASKING_PROFILE=partial
 ```
 
 ### 2. Build Project (If Cloned Locally)
@@ -194,40 +193,14 @@ Alternative approach using environment variables instead of connection string:
         "DB_PASSWORD": "your_password",
         "DB_NAME": "your_database",
         "MCP_PERMISSIONS": "list,read,utility",
-        "MCP_CATEGORIES": "database_discovery,performance_monitoring",
-        "MCP_MASKING_PROFILE": "partial"
+        "MCP_CATEGORIES": "database_discovery,performance_monitoring"
       }
     }
   }
 }
 ```
 
-**Option 3: Adaptive Preset (Merges with Overrides)**
-
-```json
-{
-  "mcpServers": {
-    "mysql": {
-      "command": "npx",
-      "args": ["-y", "@berthojoris/mysql-mcp"],
-      "env": {
-        "DB_HOST": "localhost",
-        "DB_PORT": "3306",
-        "DB_USER": "root",
-        "DB_PASSWORD": "your_password",
-        "DB_NAME": "your_database",
-        "MCP_PRESET": "readonly",
-        "MCP_PERMISSIONS": "list,read,utility",
-        "MCP_CATEGORIES": "performance_monitoring"
-      }
-    }
-  }
-}
-```
-
-Add `MCP_PRESET` for the base bundle and optionally layer on `MCP_PERMISSIONS` / `MCP_CATEGORIES` for project-specific overrides.
-
-For more environment-variable patterns (presets/profiles, client-specific env blocks), see **[DOCUMENTATIONS.md → Setup & Configuration](DOCUMENTATIONS.md#setup--configuration-extended)**.
+For more client-specific config snippets, see **[DOCUMENTATIONS.md → Setup & Configuration](DOCUMENTATIONS.md#setup--configuration-extended)**.
 
 ---
 
@@ -244,16 +217,64 @@ Control database access with a **dual-layer filtering system** that provides bot
 
 Use documentation categories to fine-tune which tools are exposed (Layer 2):
 
+<table>
+  <thead>
+    <tr>
+      <th align="left">Category A</th>
+      <th align="left">Category B</th>
+      <th align="left">Category C</th>
+      <th align="left">Category D</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>database_discovery</code></td>
+      <td><code>crud_operations</code></td>
+      <td><code>bulk_operations</code></td>
+      <td><code>custom_queries</code></td>
+    </tr>
+    <tr>
+      <td><code>schema_management</code></td>
+      <td><code>utilities</code></td>
+      <td><code>transaction_management</code></td>
+      <td><code>stored_procedures</code></td>
+    </tr>
+    <tr>
+      <td><code>views_management</code></td>
+      <td><code>triggers_management</code></td>
+      <td><code>functions_management</code></td>
+      <td><code>index_management</code></td>
+    </tr>
+    <tr>
+      <td><code>constraint_management</code></td>
+      <td><code>table_maintenance</code></td>
+      <td><code>server_management</code></td>
+      <td><code>performance_monitoring</code></td>
+    </tr>
+    <tr>
+      <td><code>cache_management</code></td>
+      <td><code>query_optimization</code></td>
+      <td><code>backup_restore</code></td>
+      <td><code>import_export</code></td>
+    </tr>
+    <tr>
+      <td><code>data_migration</code></td>
+      <td><code>schema_migrations</code></td>
+      <td><code>analysis</code></td>
+      <td><code>ai_enhancement</code></td>
+    </tr>
+  </tbody>
+</table>
+
+<details>
+  <summary>Copy/paste list (comma-separated, no spaces)</summary>
+
 ```text
-database_discovery,crud_operations,bulk_operations,custom_queries,
-schema_management,utilities,transaction_management,stored_procedures,
-views_management,triggers_management,functions_management,index_management,
-constraint_management,table_maintenance,server_management,
-performance_monitoring,cache_management,query_optimization,
-backup_restore,import_export,data_migration,schema_migrations,
-analysis,ai_enhancement
+database_discovery,crud_operations,bulk_operations,custom_queries,schema_management,utilities,transaction_management,stored_procedures,views_management,triggers_management,functions_management,index_management,constraint_management,table_maintenance,server_management,performance_monitoring,cache_management,query_optimization,backup_restore,import_export,data_migration,schema_migrations,analysis,ai_enhancement
 ```
 
+</details>
+
 Full category → tool mapping (and examples) lives in **[DOCUMENTATIONS.md → Category Filtering System](DOCUMENTATIONS.md#🆕-category-filtering-system)**.
 
 ### Legacy Categories (Backward Compatible)
@@ -271,7 +292,7 @@ Full category → tool mapping (and examples) lives in **[DOCUMENTATIONS.md →
 | `transaction` | BEGIN, COMMIT, ROLLBACK | ACID operations |
 | `utility` | Connection testing, diagnostics | Troubleshooting |
 
-Common presets, environment bundles, and multi-environment examples are documented in **[DOCUMENTATIONS.md → Category Filtering System](DOCUMENTATIONS.md#🆕-category-filtering-system)**.
+Common configuration examples are documented in **[DOCUMENTATIONS.md → Category Filtering System](DOCUMENTATIONS.md#🆕-category-filtering-system)**.
 
 ---
 

package/bin/mcp-mysql.js

@@ -10,55 +10,32 @@ const path = require("path");
 const { spawn } = require("child_process");
 require("dotenv").config();
 
-// Get MySQL connection string, permissions, categories, and optional preset
-const args = process.argv.slice(2);
-const mysqlUrl = args.shift();
-
-let permissions;
-let categories;
-let preset;
-
-for (let i = 0; i < args.length; i++) {
-  const arg = args[i];
-  const normalized = (arg || "").toLowerCase();
-
-  if (normalized === "--preset") {
-    preset = args[i + 1];
-    i++;
-    continue;
-  }
-
-  if (normalized.startsWith("--preset=")) {
-    preset = arg.split("=")[1];
-    continue;
-  }
-
-  if (normalized.startsWith("preset:")) {
-    preset = arg.split(":")[1];
-    continue;
-  }
-
-  if (["readonly", "analyst", "dba-lite", "dba_lite", "dba lite"].includes(normalized)) {
-    preset = arg;
-    continue;
-  }
-
-  if (permissions === undefined) {
-    permissions = arg;
-    continue;
-  }
-
-  if (categories === undefined) {
-    categories = arg;
-    continue;
-  }
-}
+// Get MySQL connection string, permissions, and optional categories
+const args = process.argv.slice(2);
+const mysqlUrl = args.shift();
+
+let permissions;
+let categories;
+
+for (let i = 0; i < args.length; i++) {
+  const arg = args[i];
+
+  if (permissions === undefined) {
+    permissions = arg;
+    continue;
+  }
+
+  if (categories === undefined) {
+    categories = arg;
+    continue;
+  }
+}
 
 if (!mysqlUrl) {
   console.error("Error: MySQL connection URL is required");
-  console.error(
-    "Usage: mcp-mysql mysql://user:password@host:port/dbname [permissions] [categories] [--preset <name>]",
-  );
+  console.error(
+    "Usage: mcp-mysql mysql://user:password@host:port/dbname [permissions] [categories]",
+  );
   console.error("");
   console.error("Examples:");
   console.error("  # All tools enabled (no filtering)");
@@ -72,17 +49,9 @@ if (!mysqlUrl) {
   console.error(
     "  # Dual-layer: Permissions + Categories (fine-grained control)",
   );
-  console.error(
-    '  mcp-mysql mysql://root:pass@localhost:3306/mydb "list,read,utility" "database_discovery,performance_monitoring"',
-  );
-  console.error("");
-  console.error("  # Adaptive presets (auto-merge with overrides)");
-  console.error(
-    '  mcp-mysql mysql://root:pass@localhost:3306/mydb --preset readonly',
-  );
-  console.error(
-    '  mcp-mysql mysql://root:pass@localhost:3306/mydb --preset analyst "performance_monitoring"',
-  );
+  console.error(
+    '  mcp-mysql mysql://root:pass@localhost:3306/mydb "list,read,utility" "database_discovery,performance_monitoring"',
+  );
   console.error("");
   console.error("Permissions (Layer 1 - Broad Control):");
   console.error(
@@ -105,26 +74,20 @@ if (!mysqlUrl) {
   console.error(
     "  performance_monitoring, cache_management, query_optimization,",
   );
-  console.error(
-    "  backup_restore, import_export, data_migration, schema_migrations",
-  );
-  console.error("");
-  console.error("Filtering Logic:");
+  console.error(
+    "  backup_restore, import_export, data_migration, schema_migrations",
+  );
+  console.error("");
+  console.error("Filtering Logic:");
   console.error(
     "  - If only permissions: All tools within those permissions enabled",
   );
-  console.error(
-    "  - If permissions + categories: Only tools matching BOTH layers enabled",
-  );
-  console.error("  - If nothing specified: All 119 tools enabled");
-  console.error("");
-  console.error("Presets:");
-  console.error("  readonly, analyst, dba-lite");
-  console.error(
-    "  Presets merge with provided permissions/categories so you can add project-specific overrides.",
-  );
-  process.exit(1);
-}
+  console.error(
+    "  - If permissions + categories: Only tools matching BOTH layers enabled",
+  );
+  console.error("  - If nothing specified: All tools enabled");
+  process.exit(1);
+}
 
 // Parse the MySQL URL to extract connection details
 let connectionConfig;
@@ -168,39 +131,26 @@ const dbMessage = database
   ? `${connectionConfig.host}:${connectionConfig.port}/${database}`
   : `${connectionConfig.host}:${connectionConfig.port} (no specific database selected)`;
 
-// Set permissions/categories/preset as environment variables if provided
-if (permissions) {
-  process.env.MCP_PERMISSIONS = permissions;
-  console.error(`Permissions (Layer 1): ${permissions}`);
-}
-
-if (categories) {
-  process.env.MCP_CATEGORIES = categories;
-  console.error(`Categories (Layer 2): ${categories}`);
-}
-
-if (preset) {
-  process.env.MCP_PRESET = preset;
-  console.error(`Permission preset: ${preset}`);
-}
-
-if (!permissions && !categories && !preset) {
-  console.error("Access Control: All tools enabled (no filtering)");
-} else if (preset && !permissions && !categories) {
-  console.error("Filtering Mode: Preset-based (auto permissions + categories)");
-} else if (permissions && categories) {
-  console.error(
-    `Filtering Mode: Dual-layer (Permissions + Categories${preset ? ", preset merged" : ""})`,
-  );
-} else if (permissions && !categories) {
-  console.error(
-    `Filtering Mode: Permission-based only${preset ? " (preset merged)" : ""}`,
-  );
-} else if (!permissions && categories) {
-  console.error(
-    `Filtering Mode: Category-only${preset ? " (preset merged)" : ""}`,
-  );
-}
+// Set permissions/categories as environment variables if provided
+if (permissions) {
+  process.env.MCP_PERMISSIONS = permissions;
+  console.error(`Permissions (Layer 1): ${permissions}`);
+}
+
+if (categories) {
+  process.env.MCP_CATEGORIES = categories;
+  console.error(`Categories (Layer 2): ${categories}`);
+}
+
+if (!permissions && !categories) {
+  console.error("Access Control: All tools enabled (no filtering)");
+} else if (permissions && categories) {
+  console.error("Filtering Mode: Dual-layer (Permissions + Categories)");
+} else if (permissions && !categories) {
+  console.error("Filtering Mode: Permission-based only");
+} else if (!permissions && categories) {
+  console.error("Filtering Mode: Category-only");
+}
 
 // Log to stderr (not stdout, which is used for MCP protocol)
 console.error(`Starting MySQL MCP server with connection to ${dbMessage}`);

package/dist/config/featureConfig.d.ts

@@ -43,17 +43,6 @@ export declare enum DocCategory {
     ANALYSIS = "analysis",
     AI_ENHANCEMENT = "ai_enhancement"
 }
-/**
- * Permission preset bundles for faster, safer configuration
- */
-export interface PermissionPreset {
-    name: string;
-    description: string;
-    permissions: ToolCategory[];
-    categories: DocCategory[];
-    allowedTools?: string[];
-    deniedTools?: string[];
-}
 /**
  * Map of tool names to their legacy categories
  */
@@ -71,22 +60,14 @@ export declare const toolDocCategoryMap: Record<string, DocCategory>;
 export declare class FeatureConfig {
     private enabledLegacyCategories;
     private enabledDocCategories;
-    private allowedTools;
-    private deniedTools;
     private originalPermissionsString;
     private originalCategoriesString;
     private useDualLayer;
-    private activePreset?;
-    private presetName?;
-    constructor(permissionsStr?: string, categoriesStr?: string, presetName?: string);
+    constructor(permissionsStr?: string, categoriesStr?: string);
     /**
      * Normalize and merge preset + user-supplied configuration lists
      */
     private mergeConfigStrings;
-    /**
-     * Resolve a preset name to its configuration
-     */
-    private resolvePreset;
     /**
      * Parse permissions and categories for dual-layer filtering
      * Layer 1 (permissions): Broad control using legacy categories
@@ -96,7 +77,7 @@ export declare class FeatureConfig {
     /**
      * Update configuration at runtime
      */
-    setConfig(permissionsStr: string, categoriesStr?: string, presetName?: string): void;
+    setConfig(permissionsStr: string, categoriesStr?: string): void;
     /**
      * Check if a specific tool is enabled
      * Dual-layer logic:
@@ -136,18 +117,10 @@ export declare class FeatureConfig {
      * Check if using dual-layer filtering mode
      */
     isUsingDualLayer(): boolean;
-    /**
-     * Get the active preset (if any)
-     */
-    getActivePreset(): PermissionPreset | undefined;
     /**
      * Snapshot of the resolved configuration for logging/telemetry
      */
     getConfigSnapshot(): {
-        preset?: {
-            name: string;
-            description: string;
-        };
         permissions: string;
         categories: string;
         filteringMode: string;

package/dist/config/featureConfig.js

@@ -54,122 +54,6 @@ var DocCategory;
     DocCategory["ANALYSIS"] = "analysis";
     DocCategory["AI_ENHANCEMENT"] = "ai_enhancement";
 })(DocCategory || (exports.DocCategory = DocCategory = {}));
-const normalizePresetName = (value) => (value || "").toLowerCase().replace(/[\s_-]/g, "");
-const permissionPresets = {
-    readonly: {
-        name: "readonly",
-        description: "Safe read-only profile with discovery, querying, exports, and diagnostics",
-        permissions: [ToolCategory.LIST, ToolCategory.READ, ToolCategory.UTILITY],
-        categories: [
-            DocCategory.DATABASE_DISCOVERY,
-            DocCategory.CRUD_OPERATIONS,
-            DocCategory.CUSTOM_QUERIES,
-            DocCategory.UTILITIES,
-            DocCategory.IMPORT_EXPORT,
-            DocCategory.PERFORMANCE_MONITORING,
-            DocCategory.ANALYSIS,
-        ],
-    },
-    analyst: {
-        name: "analyst",
-        description: "Exploratory analytics profile with query insights and safe exports",
-        permissions: [ToolCategory.LIST, ToolCategory.READ, ToolCategory.UTILITY],
-        categories: [
-            DocCategory.DATABASE_DISCOVERY,
-            DocCategory.CRUD_OPERATIONS,
-            DocCategory.CUSTOM_QUERIES,
-            DocCategory.UTILITIES,
-            DocCategory.IMPORT_EXPORT,
-            DocCategory.PERFORMANCE_MONITORING,
-            DocCategory.ANALYSIS,
-            DocCategory.QUERY_OPTIMIZATION,
-            DocCategory.CACHE_MANAGEMENT,
-            DocCategory.SERVER_MANAGEMENT,
-            DocCategory.AI_ENHANCEMENT,
-        ],
-    },
-    dbalite: {
-        name: "dba-lite",
-        description: "Admin-lite profile for schema care, migrations, and maintenance",
-        permissions: [
-            ToolCategory.LIST,
-            ToolCategory.READ,
-            ToolCategory.UTILITY,
-            ToolCategory.DDL,
-            ToolCategory.TRANSACTION,
-            ToolCategory.PROCEDURE,
-        ],
-        categories: [
-            DocCategory.DATABASE_DISCOVERY,
-            DocCategory.CUSTOM_QUERIES,
-            DocCategory.UTILITIES,
-            DocCategory.SERVER_MANAGEMENT,
-            DocCategory.SCHEMA_MANAGEMENT,
-            DocCategory.TABLE_MAINTENANCE,
-            DocCategory.INDEX_MANAGEMENT,
-            DocCategory.CONSTRAINT_MANAGEMENT,
-            DocCategory.BACKUP_RESTORE,
-            DocCategory.SCHEMA_MIGRATIONS,
-            DocCategory.PERFORMANCE_MONITORING,
-            DocCategory.VIEWS_MANAGEMENT,
-            DocCategory.TRIGGERS_MANAGEMENT,
-            DocCategory.FUNCTIONS_MANAGEMENT,
-            DocCategory.STORED_PROCEDURES,
-        ],
-    },
-    dev: {
-        name: "dev",
-        description: "Development profile with full access to all tools",
-        permissions: Object.values(ToolCategory),
-        categories: Object.values(DocCategory),
-        deniedTools: [], // Explicitly allow everything
-    },
-    stage: {
-        name: "stage",
-        description: "Staging profile with data modification but no destructive DDL",
-        permissions: [
-            ToolCategory.LIST,
-            ToolCategory.READ,
-            ToolCategory.CREATE,
-            ToolCategory.UPDATE,
-            ToolCategory.DELETE,
-            ToolCategory.UTILITY,
-            ToolCategory.TRANSACTION,
-        ],
-        categories: [
-            DocCategory.DATABASE_DISCOVERY,
-            DocCategory.CRUD_OPERATIONS,
-            DocCategory.BULK_OPERATIONS,
-            DocCategory.CUSTOM_QUERIES,
-            DocCategory.UTILITIES,
-            DocCategory.TRANSACTION_MANAGEMENT,
-            DocCategory.IMPORT_EXPORT,
-            DocCategory.DATA_MIGRATION,
-            DocCategory.PERFORMANCE_MONITORING,
-            DocCategory.ANALYSIS,
-        ],
-        deniedTools: ["drop_table", "truncate_table", "drop_database"],
-    },
-    prod: {
-        name: "prod",
-        description: "Production profile with strict read-only access and safety checks",
-        permissions: [ToolCategory.LIST, ToolCategory.READ, ToolCategory.UTILITY],
-        categories: [
-            DocCategory.DATABASE_DISCOVERY,
-            DocCategory.CRUD_OPERATIONS, // Read only via permissions
-            DocCategory.CUSTOM_QUERIES,
-            DocCategory.UTILITIES,
-            DocCategory.PERFORMANCE_MONITORING,
-            DocCategory.ANALYSIS,
-        ],
-        deniedTools: [
-            "create_table", "alter_table", "drop_table", "truncate_table",
-            "create_record", "update_record", "delete_record",
-            "bulk_insert", "bulk_update", "bulk_delete",
-            "execute_sql", "execute_ddl"
-        ],
-    },
-};
 /**
  * Map of tool names to their legacy categories
  */
@@ -570,52 +454,21 @@ const legacyToDocCategoryMap = {
  * - Layer 2 (Categories): Documentation categories (fine-grained control, optional)
  */
 class FeatureConfig {
-    constructor(permissionsStr, categoriesStr, presetName) {
-        const presetInput = presetName ||
-            process.env.MCP_PERMISSION_PRESET ||
-            process.env.MCP_PRESET ||
-            "";
-        this.activePreset = this.resolvePreset(presetInput);
-        this.presetName = this.activePreset?.name;
-        const presetRequested = !!presetInput.trim();
+    constructor(permissionsStr, categoriesStr) {
         // Support both old single-parameter and new dual-parameter signatures
         const permissionsInput = permissionsStr ||
             process.env.MCP_PERMISSIONS ||
             process.env.MCP_CONFIG ||
             "";
         const categoriesInput = categoriesStr || process.env.MCP_CATEGORIES || "";
-        // Use preset values when available, otherwise fall back to user input
-        // If an unknown preset is requested without explicit permissions/categories,
-        // default to a safe read-only baseline rather than enabling everything.
-        const basePermissions = this.activePreset
-            ? this.activePreset.permissions.join(",")
-            : presetRequested && !permissionsInput
-                ? [ToolCategory.LIST, ToolCategory.READ, ToolCategory.UTILITY].join(",")
-                : "";
-        const baseCategories = this.activePreset
-            ? this.activePreset.categories.join(",")
-            : presetRequested && !categoriesInput
-                ? [
-                    DocCategory.DATABASE_DISCOVERY,
-                    DocCategory.CRUD_OPERATIONS,
-                    DocCategory.CUSTOM_QUERIES,
-                    DocCategory.UTILITIES,
-                ].join(",")
-                : "";
-        if (presetRequested && !this.activePreset) {
-            console.warn(`Preset '${presetInput}' not recognized. Falling back to safe read-only defaults.`);
-        }
-        const mergedPermissions = this.mergeConfigStrings(basePermissions, permissionsInput);
-        const mergedCategories = this.mergeConfigStrings(baseCategories, categoriesInput);
+        const mergedPermissions = this.mergeConfigStrings("", permissionsInput);
+        const mergedCategories = this.mergeConfigStrings("", categoriesInput);
         this.originalPermissionsString = mergedPermissions;
         this.originalCategoriesString = mergedCategories;
         this.useDualLayer = !!mergedCategories.trim();
         const parsed = this.parseConfig(mergedPermissions, mergedCategories);
         this.enabledLegacyCategories = parsed.legacy;
         this.enabledDocCategories = parsed.doc;
-        // Initialize Allow/Deny Lists
-        this.allowedTools = new Set(this.activePreset?.allowedTools || []);
-        this.deniedTools = new Set(this.activePreset?.deniedTools || []);
     }
     /**
      * Normalize and merge preset + user-supplied configuration lists
@@ -626,13 +479,6 @@ class FeatureConfig {
             .filter(Boolean);
         return Array.from(new Set(items)).join(",");
     }
-    /**
-     * Resolve a preset name to its configuration
-     */
-    resolvePreset(name) {
-        const normalized = normalizePresetName(name);
-        return normalized ? permissionPresets[normalized] : undefined;
-    }
     /**
      * Parse permissions and categories for dual-layer filtering
      * Layer 1 (permissions): Broad control using legacy categories
@@ -674,9 +520,6 @@ class FeatureConfig {
                 docCats.forEach((dc) => docSet.add(dc));
             });
         }
-        // Re-initialize Allow/Deny Lists if preset changed
-        this.allowedTools = new Set(this.activePreset?.allowedTools || []);
-        this.deniedTools = new Set(this.activePreset?.deniedTools || []);
         return {
             legacy: legacySet,
             doc: docSet,
@@ -685,33 +528,9 @@ class FeatureConfig {
     /**
      * Update configuration at runtime
      */
-    setConfig(permissionsStr, categoriesStr, presetName) {
-        const presetRequested = presetName !== undefined ? !!presetName.trim() : !!this.presetName;
-        this.activePreset =
-            presetName === ""
-                ? undefined
-                : this.resolvePreset(presetName || this.presetName);
-        this.presetName = this.activePreset?.name;
-        const basePermissions = this.activePreset
-            ? this.activePreset.permissions.join(",")
-            : presetRequested && !permissionsStr
-                ? [ToolCategory.LIST, ToolCategory.READ, ToolCategory.UTILITY].join(",")
-                : "";
-        const baseCategories = this.activePreset
-            ? this.activePreset.categories.join(",")
-            : presetRequested && !categoriesStr
-                ? [
-                    DocCategory.DATABASE_DISCOVERY,
-                    DocCategory.CRUD_OPERATIONS,
-                    DocCategory.CUSTOM_QUERIES,
-                    DocCategory.UTILITIES,
-                ].join(",")
-                : "";
-        if (presetRequested && !this.activePreset) {
-            console.warn(`Preset '${presetName}' not recognized. Falling back to safe read-only defaults.`);
-        }
-        const mergedPermissions = this.mergeConfigStrings(basePermissions, permissionsStr);
-        const mergedCategories = this.mergeConfigStrings(baseCategories, categoriesStr || "");
+    setConfig(permissionsStr, categoriesStr) {
+        const mergedPermissions = this.mergeConfigStrings("", permissionsStr);
+        const mergedCategories = this.mergeConfigStrings("", categoriesStr || "");
         this.originalPermissionsString = mergedPermissions;
         this.originalCategoriesString = mergedCategories;
         this.useDualLayer = !!(mergedCategories && mergedCategories.trim());
@@ -733,15 +552,6 @@ class FeatureConfig {
             console.warn(`Unknown tool: ${toolName}`);
             return false;
         }
-        // Layer 0: Check explicit Deny/Allow lists
-        // Deny takes precedence
-        if (this.deniedTools.has(toolName)) {
-            return false;
-        }
-        // Allow overrides other checks
-        if (this.allowedTools.has(toolName)) {
-            return true;
-        }
         // Layer 1: Check permission (legacy category)
         const hasPermission = legacyCategory
             ? this.enabledLegacyCategories.has(legacyCategory)
@@ -768,9 +578,6 @@ class FeatureConfig {
         if (!docCategory && !legacyCategory) {
             return `Unknown tool '${toolName}'. This tool is not recognized by the MCP server.`;
         }
-        if (this.deniedTools.has(toolName)) {
-            return `Permission denied: Tool '${toolName}' is explicitly denied by the current profile ('${this.presetName}').`;
-        }
         const isAllEnabled = !this.originalPermissionsString.trim() &&
             !this.originalCategoriesString.trim();
         if (isAllEnabled) {
@@ -853,23 +660,11 @@ class FeatureConfig {
     isUsingDualLayer() {
         return this.useDualLayer;
     }
-    /**
-     * Get the active preset (if any)
-     */
-    getActivePreset() {
-        return this.activePreset;
-    }
     /**
      * Snapshot of the resolved configuration for logging/telemetry
      */
     getConfigSnapshot() {
         return {
-            preset: this.activePreset
-                ? {
-                    name: this.activePreset.name,
-                    description: this.activePreset.description,
-                }
-                : undefined,
             permissions: this.originalPermissionsString || "all",
             categories: this.originalCategoriesString ||
                 (this.useDualLayer ? "" : "derived from permissions"),