mcp: wire extra server allowedTools into --allowedTools arg

hive-ag3nt/src/mcp.rs

@@ -544,6 +544,8 @@ impl ManagerServer {
 )]
 impl ServerHandler for ManagerServer {}
 
+
+
 /// Name of the hyperhive MCP server inside claude's view. Claude prefixes
 /// tools as `mcp__<this>__<tool>` (e.g. `mcp__hyperhive__send`).
 pub const SERVER_NAME: &str = "hyperhive";
@@ -606,7 +608,9 @@ pub fn allowed_mcp_tools(flavor: Flavor) -> Vec<String> {
 }
 
 /// Combined allow-list passed to `--allowedTools` (auto-approve) — covers
-/// both the built-ins and the MCP surface.
+/// the built-ins, the hyperhive MCP surface, and any extra MCP servers.
+/// Extra server tools are read from the same `/etc/hyperhive/extra-mcp.json`
+/// file that `render_claude_config` uses, so the two are always in sync.
 #[must_use]
 pub fn allowed_tools_arg(flavor: Flavor) -> String {
     let mut all: Vec<String> = ALLOWED_BUILTIN_TOOLS
@@ -614,6 +618,18 @@ pub fn allowed_tools_arg(flavor: Flavor) -> String {
         .map(|s| (*s).to_owned())
         .collect();
     all.extend(allowed_mcp_tools(flavor));
+    for (name, spec) in load_extra_mcp() {
+        if name == SERVER_NAME {
+            continue; // already covered above
+        }
+        for tool in &spec.allowed_tools {
+            if tool == "*" {
+                all.push(format!("mcp__{name}__*"));
+            } else {
+                all.push(format!("mcp__{name}__{tool}"));
+            }
+        }
+    }
     all.join(",")
 }