You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PreToolUseWebFetch branch hard-denies WebFetch in the main session and redirects to ctx_fetch_and_index (hooks/core/routing.mjs ~L800, action: "deny"). This is intentional and valuable as a default, but there is currently no first-class way to opt out of just this interception while keeping the rest of context-mode enabled. I'd like to request an env-var opt-out, e.g. CONTEXT_MODE_ALLOW_WEBFETCH=1, checked in the canonical === "WebFetch" branch and returning pass-through (null) when set.
Environment
context-mode 1.0.162 (plugin via marketplace), Claude Code CLI, macOS
MCP server running normally in the main session (ctx_doctor all green)
Why this is needed
Confirmed (source + DeepWiki) that no env var, config file, or per-tool allowlist/denylist disables the WebFetch deny — the routing is hardcoded. The only way to restore WebFetch today is to edit the plugin-cache hooks/hooks.json (drop the WebFetch matcher) or patch the routing.mjs branch to return null. Both work, but live under the install-cache path and are silently overwritten on every plugin update, so they aren't durable.
There are legitimate reasons to want WebFetch directly in the main session:
Users who have their own context discipline and just want the native tool back, without losing the Bash/Read/Grep nudges, the ctx_* sandbox tools, or session capture.
Precedent
This is the same shape already requested for a different hook branch in #832 (CONTEXT_MODE_DISABLE_AGENT_INJECTION=1 for the Agent-injection branch). A symmetric WebFetch flag would be consistent with that, and with the existing env-var surface (CONTEXT_MODE_REQUIRE_SECURITY, CONTEXT_MODE_PLATFORM, CONTEXT_MODE_DEBUG, …).
Env-var opt-out CONTEXT_MODE_ALLOW_WEBFETCH=1 (or CONTEXT_MODE_DISABLE_WEBFETCH_REDIRECT=1), checked in the canonical === "WebFetch" branch of routing.mjs, returning null (pass-through) instead of the deny.
Summary
The
PreToolUseWebFetchbranch hard-denies WebFetch in the main session and redirects toctx_fetch_and_index(hooks/core/routing.mjs~L800,action: "deny"). This is intentional and valuable as a default, but there is currently no first-class way to opt out of just this interception while keeping the rest of context-mode enabled. I'd like to request an env-var opt-out, e.g.CONTEXT_MODE_ALLOW_WEBFETCH=1, checked in thecanonical === "WebFetch"branch and returning pass-through (null) when set.Environment
ctx_doctorall green)Why this is needed
Confirmed (source + DeepWiki) that no env var, config file, or per-tool allowlist/denylist disables the WebFetch deny — the routing is hardcoded. The only way to restore WebFetch today is to edit the plugin-cache
hooks/hooks.json(drop theWebFetchmatcher) or patch therouting.mjsbranch toreturn null. Both work, but live under the install-cache path and are silently overwritten on every plugin update, so they aren't durable.There are legitimate reasons to want WebFetch directly in the main session:
ctx_fetch_and_index+ctx_search; for small/one-off pages the index round-trip is more overhead than the bytes saved (overlaps with PreToolUse/PostToolUse hooks intercept small Bash/WebFetch calls without a size threshold (Claude Code) — unlike Gemini CLI's size-aware BeforeTool matcher #817).ctx_*sandbox tools, or session capture.Precedent
This is the same shape already requested for a different hook branch in #832 (
CONTEXT_MODE_DISABLE_AGENT_INJECTION=1for theAgent-injection branch). A symmetricWebFetchflag would be consistent with that, and with the existing env-var surface (CONTEXT_MODE_REQUIRE_SECURITY,CONTEXT_MODE_PLATFORM,CONTEXT_MODE_DEBUG, …).Relationship to existing issues
Proposed (any one resolves it)
CONTEXT_MODE_ALLOW_WEBFETCH=1(orCONTEXT_MODE_DISABLE_WEBFETCH_REDIRECT=1), checked in thecanonical === "WebFetch"branch ofrouting.mjs, returningnull(pass-through) instead of the deny.Rationale for opt-out over removal: the default deny stays for everyone who wants it; this only adds an escape hatch.
Happy to send a PR for option 1 if you're open to it.
🤖 Filed with Claude Code