Update mcp's list function to check for disablement.

packages/cli/src/commands/mcp/list.test.ts

@@ -19,6 +19,7 @@ import { createTransport, debugLogger } from '@google/gemini-cli-core';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { ExtensionStorage } from '../../config/extensions/storage.js';
 import { ExtensionManager } from '../../config/extension-manager.js';
+import { McpServerEnablementManager } from '../../config/mcp/index.js';
 
 vi.mock('../../config/settings.js', async (importOriginal) => {
   const actual =
@@ -45,6 +46,8 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
       CONNECTED: 'CONNECTED',
       CONNECTING: 'CONNECTING',
       DISCONNECTED: 'DISCONNECTED',
+      BLOCKED: 'BLOCKED',
+      DISABLED: 'DISABLED',
     },
     Storage: Object.assign(
       vi.fn().mockImplementation((_cwd: string) => ({
@@ -54,6 +57,7 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
       })),
       {
         getGlobalSettingsPath: () => '/tmp/gemini/settings.json',
+        getGlobalGeminiDir: () => '/tmp/gemini',
       },
     ),
     GEMINI_DIR: '.gemini',
@@ -96,6 +100,12 @@ describe('mcp list command', () => {
   beforeEach(() => {
     vi.resetAllMocks();
     vi.spyOn(debugLogger, 'log').mockImplementation(() => {});
+    McpServerEnablementManager.resetInstance();
+    // Use a mock for isFileEnabled to avoid reading real files
+    vi.spyOn(
+      McpServerEnablementManager.prototype,
+      'isFileEnabled',
+    ).mockResolvedValue(true);
 
     mockTransport = { close: vi.fn() };
     mockClient = {
@@ -304,4 +314,29 @@ describe('mcp list command', () => {
       ),
     );
   });
+
+  it('should display blocked status for servers in excluded list', async () => {
+    const defaultMergedSettings = mergeSettings({}, {}, {}, {}, true);
+    mockedLoadSettings.mockReturnValue({
+      merged: {
+        ...defaultMergedSettings,
+        mcp: {
+          excluded: ['blocked-server'],
+        },
+        mcpServers: {
+          'blocked-server': { command: '/test/server' },
+        },
+      },
+      isTrusted: true,
+    });
+
+    await listMcpServers();
+
+    expect(debugLogger.log).toHaveBeenCalledWith(
+      expect.stringContaining(
+        'blocked-server: /test/server  (stdio) - Blocked',
+      ),
+    );
+    expect(mockedCreateTransport).not.toHaveBeenCalled();
+  });
 });

packages/cli/src/commands/mcp/list.ts

@@ -6,17 +6,25 @@
 
 // File for 'gemini mcp list' command
 import type { CommandModule } from 'yargs';
-import { type MergedSettings, loadSettings } from '../../config/settings.js';
-import type { MCPServerConfig } from '@google/gemini-cli-core';
+import {
+  type MergedSettings,
+  loadSettings,
+  type LoadedSettings,
+} from '../../config/settings.js';
 import {
   MCPServerStatus,
   createTransport,
   debugLogger,
   applyAdminAllowlist,
   getAdminBlockedMcpServersMessage,
 } from '@google/gemini-cli-core';
+import type { MCPServerConfig } from '@google/gemini-cli-core';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { ExtensionManager } from '../../config/extension-manager.js';
+import {
+  canLoadServer,
+  McpServerEnablementManager,
+} from '../../config/mcp/index.js';
 import { requestConsentNonInteractive } from '../../config/extensions/consent.js';
 import { promptForSetting } from '../../config/extensions/extensionSettings.js';
 import { exitCli } from '../utils.js';
@@ -61,9 +69,8 @@ export async function getMcpServersFromConfig(
 async function testMCPConnection(
   serverName: string,
   config: MCPServerConfig,
+  settings: LoadedSettings,
 ): Promise<MCPServerStatus> {
-  const settings = loadSettings();
-
   // SECURITY: Only test connection if workspace is trusted or if it's a remote server.
   // stdio servers execute local commands and must never run in untrusted workspaces.
   const isStdio = !!config.command;
@@ -135,15 +142,36 @@ async function testMCPConnection(
 async function getServerStatus(
   serverName: string,
   server: MCPServerConfig,
+  settings: LoadedSettings,
 ): Promise<MCPServerStatus> {
+  const mcpEnablementManager = McpServerEnablementManager.getInstance();
+  const loadResult = await canLoadServer(serverName, {
+    adminMcpEnabled: settings.merged.admin?.mcp?.enabled ?? true,
+    allowedList: settings.merged.mcp?.allowed,
+    excludedList: settings.merged.mcp?.excluded,
+    enablement: mcpEnablementManager.getEnablementCallbacks(),
+  });
+
+  if (!loadResult.allowed) {
+    if (
+      loadResult.blockType === 'admin' ||
+      loadResult.blockType === 'allowlist' ||
+      loadResult.blockType === 'excludelist'
+    ) {
+      return MCPServerStatus.BLOCKED;
+    }
+    return MCPServerStatus.DISABLED;
+  }
+
   // Test all server types by attempting actual connection
-  return testMCPConnection(serverName, server);
+  return testMCPConnection(serverName, server, settings);
 }
 
 export async function listMcpServers(settings?: MergedSettings): Promise<void> {
   const { mcpServers, blockedServerNames } =
     await getMcpServersFromConfig(settings);
   const serverNames = Object.keys(mcpServers);
+  const loadedSettings = loadSettings();
 
   if (blockedServerNames.length > 0) {
     const message = getAdminBlockedMcpServersMessage(
@@ -165,7 +193,7 @@ export async function listMcpServers(settings?: MergedSettings): Promise<void> {
   for (const serverName of serverNames) {
     const server = mcpServers[serverName];
 
-    const status = await getServerStatus(serverName, server);
+    const status = await getServerStatus(serverName, server, loadedSettings);
 
     let statusIndicator = '';
     let statusText = '';
@@ -178,6 +206,14 @@ export async function listMcpServers(settings?: MergedSettings): Promise<void> {
         statusIndicator = chalk.yellow('…');
         statusText = 'Connecting';
         break;
+      case MCPServerStatus.BLOCKED:
+        statusIndicator = chalk.red('⛔');
+        statusText = 'Blocked';
+        break;
+      case MCPServerStatus.DISABLED:
+        statusIndicator = chalk.gray('○');
+        statusText = 'Disabled';
+        break;
       case MCPServerStatus.DISCONNECTED:
       default:
         statusIndicator = chalk.red('✗');

packages/core/src/tools/mcp-client.ts

@@ -104,6 +104,10 @@ export enum MCPServerStatus {
   CONNECTING = 'connecting',
   /** Server is connected and ready to use */
   CONNECTED = 'connected',
+  /** Server is blocked via configuration and cannot be used */
+  BLOCKED = 'blocked',
+  /** Server is disabled and cannot be used */
+  DISABLED = 'disabled',
 }
 
 /**