From 8542b1fa453c91460551a3706a8069119c73c7cc Mon Sep 17 00:00:00 2001
From: hatayama <booqle@gmail.com>
Date: Sat, 2 May 2026 05:15:40 +0900
Subject: [PATCH 1/5] Always allow third-party tools

Third-party tool access no longer needs a separate permission toggle, so remove the editor control and normalize persisted settings to keep custom tools available. Update docs and tests to match the always-on behavior.
---
 .../Tests/Editor/ToolSettingsSectionTests.cs  | 10 -------
 Assets/Tests/Editor/ULoopSettingsTests.cs     | 25 ++++++++++++----
 Packages/src/Editor/Config/ULoopSettings.cs   | 24 ++++++++++++---
 .../src/Editor/Config/ULoopSettingsData.cs    |  2 +-
 .../src/Editor/Security/McpSecurityChecker.cs |  2 +-
 Packages/src/Editor/UI/McpEditorModel.cs      |  8 -----
 Packages/src/Editor/UI/McpEditorWindow.cs     |  7 -----
 .../Components/ToolSettingsSection.cs         | 30 ++++---------------
 .../Editor/UI/UIToolkit/McpEditorWindow.uxml  | 11 -------
 .../Editor/UI/UIToolkit/McpEditorWindowUI.cs  |  2 --
 Packages/src/README.md                        | 11 ++-----
 Packages/src/README_ja.md                     | 11 ++-----
 README.md                                     | 11 ++-----
 README_ja.md                                  | 11 ++-----
 14 files changed, 59 insertions(+), 106 deletions(-)

diff --git a/Assets/Tests/Editor/ToolSettingsSectionTests.cs b/Assets/Tests/Editor/ToolSettingsSectionTests.cs
index f07ba08d8..7dba3180a 100644
--- a/Assets/Tests/Editor/ToolSettingsSectionTests.cs
+++ b/Assets/Tests/Editor/ToolSettingsSectionTests.cs
@@ -177,14 +177,6 @@ private static VisualElement CreateRootElement()
             {
                 name = "cli-reference-link"
             };
-            Toggle allowThirdPartyToggle = new Toggle
-            {
-                name = "allow-third-party-toggle"
-            };
-            Label allowThirdPartyLabel = new Label
-            {
-                name = "allow-third-party-label"
-            };
             Button securityLevelRestrictedButton = new Button
             {
                 name = "security-level-restricted-button"
@@ -202,8 +194,6 @@ private static VisualElement CreateRootElement()
                 name = "tool-settings-info-container"
             };
 
-            foldout.Add(allowThirdPartyToggle);
-            foldout.Add(allowThirdPartyLabel);
             foldout.Add(securityLevelRestrictedButton);
             foldout.Add(securityLevelFullAccessButton);
             foldout.Add(securityLevelDescription);
diff --git a/Assets/Tests/Editor/ULoopSettingsTests.cs b/Assets/Tests/Editor/ULoopSettingsTests.cs
index 5b92fab9b..b1a4aebd8 100644
--- a/Assets/Tests/Editor/ULoopSettingsTests.cs
+++ b/Assets/Tests/Editor/ULoopSettingsTests.cs
@@ -142,7 +142,7 @@ public void SetAndGet_RoundTrip_ShouldPreserveRemainingValues()
         {
             ULoopSettingsData written = new ULoopSettingsData
             {
-                allowThirdPartyTools = true,
+                allowThirdPartyTools = false,
                 dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
             };
             ULoopSettings.SaveSettings(written);
@@ -150,10 +150,25 @@ public void SetAndGet_RoundTrip_ShouldPreserveRemainingValues()
 
             ULoopSettingsData readBack = ULoopSettings.GetSettings();
 
-            Assert.AreEqual(written.allowThirdPartyTools, readBack.allowThirdPartyTools);
+            Assert.IsTrue(readBack.allowThirdPartyTools);
             Assert.AreEqual(written.dynamicCodeSecurityLevel, readBack.dynamicCodeSecurityLevel);
         }
 
+        [Test]
+        public void SetAllowThirdPartyTools_WhenFalse_ShouldKeepThirdPartyToolsAllowed()
+        {
+            ULoopSettings.SaveSettings(new ULoopSettingsData
+            {
+                allowThirdPartyTools = true,
+                dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
+            });
+
+            ULoopSettings.SetAllowThirdPartyTools(false);
+
+            Assert.IsTrue(ULoopSettings.GetAllowThirdPartyTools());
+            Assert.IsTrue(ULoopSettings.GetSettings().allowThirdPartyTools);
+        }
+
         [Test]
         public void Migration_ShouldPurgeRemainingSecurityFieldsAndPreserveOtherSettings()
         {
@@ -189,7 +204,7 @@ public void GetSettings_WhenBothFilesAbsent_ShouldReturnDefaults()
 
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
-            Assert.IsFalse(result.allowThirdPartyTools);
+            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
             Assert.IsFalse(File.Exists(LegacySettingsFilePath),
                 "Legacy file should not be created when both files are absent");
@@ -211,7 +226,7 @@ public void GetSettings_WhenPrimaryMissingAndBackupExists_ShouldRecoverFromBacku
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
             Assert.IsTrue(File.Exists(SettingsFilePath), $"{SettingsFilePath} should be recovered from .bak");
-            Assert.IsFalse(result.allowThirdPartyTools);
+            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.FullAccess, result.dynamicCodeSecurityLevel);
             Assert.IsFalse(File.Exists(SettingsBackupPath), ".bak should be consumed by recovery");
         }
@@ -234,7 +249,7 @@ public void GetSettings_WhenOldSecurityJsonExists_ShouldRenameToPermissions()
 
             Assert.IsTrue(File.Exists(SettingsFilePath), "New settings file should exist after rename");
             Assert.IsFalse(File.Exists(OldSettingsFilePath), "Old settings file should be removed after rename");
-            Assert.IsFalse(result.allowThirdPartyTools);
+            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
         }
 
diff --git a/Packages/src/Editor/Config/ULoopSettings.cs b/Packages/src/Editor/Config/ULoopSettings.cs
index 055d70d97..e9ebb9f73 100644
--- a/Packages/src/Editor/Config/ULoopSettings.cs
+++ b/Packages/src/Editor/Config/ULoopSettings.cs
@@ -36,6 +36,7 @@ public static ULoopSettingsData GetSettings()
         public static void SaveSettings(ULoopSettingsData settings)
         {
             Debug.Assert(settings != null, "settings must not be null");
+            settings = settings with { allowThirdPartyTools = true };
 
             string directory = Path.GetDirectoryName(SettingsFilePath);
             if (!string.IsNullOrEmpty(directory) && !Directory.Exists(directory))
@@ -65,13 +66,13 @@ public static void UpdateSettings(Func<ULoopSettingsData, ULoopSettingsData> tra
 
         public static bool GetAllowThirdPartyTools()
         {
-            return GetSettings().allowThirdPartyTools;
+            return true;
         }
 
         public static void SetAllowThirdPartyTools(bool value)
         {
             ULoopSettingsData settings = GetSettings();
-            ULoopSettingsData updated = settings with { allowThirdPartyTools = value };
+            ULoopSettingsData updated = settings with { allowThirdPartyTools = true };
             SaveSettings(updated);
         }
 
@@ -159,7 +160,8 @@ private static void LoadSettings()
                 _cachedSettings = JsonUtility.FromJson<ULoopSettingsData>(json);
                 bool migratedToolToggles = ApplyLegacyToolToggleMigrations(json);
                 bool normalizedDynamicCode = NormalizeLegacyDisabledDynamicCode();
-                if (migratedToolToggles || normalizedDynamicCode)
+                bool normalizedThirdPartyTools = NormalizeThirdPartyToolsAllowed();
+                if (migratedToolToggles || normalizedDynamicCode || normalizedThirdPartyTools)
                 {
                     SaveSettings(_cachedSettings);
                 }
@@ -227,12 +229,13 @@ private static void MigrateFromLegacySettings()
 
             _cachedSettings = new ULoopSettingsData
             {
-                allowThirdPartyTools = probe.allowThirdPartyTools,
+                allowThirdPartyTools = true,
                 dynamicCodeSecurityLevel = probe.dynamicCodeSecurityLevel
             };
 
             ApplyLegacyToolToggleMigrations(legacyJson);
             NormalizeLegacyDisabledDynamicCode();
+            NormalizeThirdPartyToolsAllowed();
             SaveSettings(_cachedSettings);
 
             // Re-save legacy file to purge security fields that are no longer in
@@ -258,6 +261,19 @@ private static bool NormalizeLegacyDisabledDynamicCode()
             return true;
         }
 
+        private static bool NormalizeThirdPartyToolsAllowed()
+        {
+            Debug.Assert(_cachedSettings != null, "_cachedSettings must not be null");
+
+            if (_cachedSettings.allowThirdPartyTools)
+            {
+                return false;
+            }
+
+            _cachedSettings = _cachedSettings with { allowThirdPartyTools = true };
+            return true;
+        }
+
         private static bool ApplyLegacyToolToggleMigrations(string json)
         {
             if (string.IsNullOrWhiteSpace(json))
diff --git a/Packages/src/Editor/Config/ULoopSettingsData.cs b/Packages/src/Editor/Config/ULoopSettingsData.cs
index de03d32a3..760b105b2 100644
--- a/Packages/src/Editor/Config/ULoopSettingsData.cs
+++ b/Packages/src/Editor/Config/ULoopSettingsData.cs
@@ -9,7 +9,7 @@ namespace io.github.hatayama.uLoopMCP
     [Serializable]
     public record ULoopSettingsData
     {
-        public bool allowThirdPartyTools = false;
+        public bool allowThirdPartyTools = true;
         public int dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted;
     }
 }
diff --git a/Packages/src/Editor/Security/McpSecurityChecker.cs b/Packages/src/Editor/Security/McpSecurityChecker.cs
index d543a2e46..e47193b54 100644
--- a/Packages/src/Editor/Security/McpSecurityChecker.cs
+++ b/Packages/src/Editor/Security/McpSecurityChecker.cs
@@ -153,7 +153,7 @@ public static string GetBlockReason(string toolName)
                 case SecuritySettings.None:
                     if (IsThirdPartyTool(toolName))
                     {
-                        return "Third party tools execution is disabled. Enable 'Allow Third Party Tools' in uLoopMCP Security Settings.";
+                        return $"Tool '{toolName}' is not allowed by security policy.";
                     }
                     return $"Tool '{toolName}' is not allowed by security policy.";
                     
diff --git a/Packages/src/Editor/UI/McpEditorModel.cs b/Packages/src/Editor/UI/McpEditorModel.cs
index 8e051cb43..874223619 100644
--- a/Packages/src/Editor/UI/McpEditorModel.cs
+++ b/Packages/src/Editor/UI/McpEditorModel.cs
@@ -209,14 +209,6 @@ public void UpdateToolEnabled(string toolName, bool enabled)
             ToolSettings.SetToolEnabled(toolName, enabled);
         }
 
-        /// <summary>
-        /// Update AllowThirdPartyTools setting with persistence
-        /// </summary>
-        public void UpdateAllowThirdPartyTools(bool allow)
-        {
-            ULoopSettings.SetAllowThirdPartyTools(allow);
-        }
-
         public void UpdateShowConfiguration(bool show)
         {
             UpdateUIState(ui => new UIState(
diff --git a/Packages/src/Editor/UI/McpEditorWindow.cs b/Packages/src/Editor/UI/McpEditorWindow.cs
index 83fb2ed0a..483a972bb 100644
--- a/Packages/src/Editor/UI/McpEditorWindow.cs
+++ b/Packages/src/Editor/UI/McpEditorWindow.cs
@@ -101,7 +101,6 @@ private void SetupViewCallbacks()
             _view.OnConnectedToolsFoldoutChanged += UpdateShowConnectedTools;
             _view.OnToolSettingsFoldoutChanged += UpdateShowToolSettings;
             _view.OnToolToggled += HandleToolToggled;
-            _view.OnAllowThirdPartyChanged += UpdateAllowThirdPartyTools;
             _view.OnSecurityLevelChanged += UpdateDynamicCodeSecurityLevel;
         }
 
@@ -561,12 +560,6 @@ private void UpdateShowConfiguration(bool show)
             _model.UpdateShowConfiguration(show);
         }
 
-        private void UpdateAllowThirdPartyTools(bool allow)
-        {
-            _model.UpdateAllowThirdPartyTools(allow);
-            RefreshToolSettingsHeader();
-        }
-
         private void UpdateDynamicCodeSecurityLevel(DynamicCodeSecurityLevel level)
         {
             ULoopSettings.SetDynamicCodeSecurityLevel(level);
diff --git a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
index f6daae226..3e02542e7 100644
--- a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
+++ b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
@@ -16,8 +16,6 @@ public class ToolSettingsSection
         private const int InlineToolRowLimit = 40;
 
         private readonly Foldout _foldout;
-        private readonly Toggle _allowThirdPartyToggle;
-        private readonly Label _allowThirdPartyLabel;
         private readonly Button _securityLevelRestrictedButton;
         private readonly Button _securityLevelFullAccessButton;
         private readonly Label _securityLevelDescription;
@@ -35,14 +33,11 @@ public class ToolSettingsSection
 
         public event Action<bool> OnFoldoutChanged;
         public event Action<string, bool> OnToolToggled;
-        public event Action<bool> OnAllowThirdPartyChanged;
         public event Action<DynamicCodeSecurityLevel> OnSecurityLevelChanged;
 
         public ToolSettingsSection(VisualElement root)
         {
             _foldout = root.Q<Foldout>("tool-settings-foldout");
-            _allowThirdPartyToggle = root.Q<Toggle>("allow-third-party-toggle");
-            _allowThirdPartyLabel = root.Q<Label>("allow-third-party-label");
             _securityLevelRestrictedButton = root.Q<Button>("security-level-restricted-button");
             _securityLevelFullAccessButton = root.Q<Button>("security-level-full-access-button");
             _securityLevelDescription = root.Q<Label>("security-level-description");
@@ -69,30 +64,15 @@ private void SetupBindings()
         {
             _foldout.RegisterValueChangedCallback(evt => OnFoldoutChanged?.Invoke(evt.newValue));
 
-            _allowThirdPartyToggle.RegisterValueChangedCallback(evt =>
-            {
-                evt.StopPropagation();
-                OnAllowThirdPartyChanged?.Invoke(evt.newValue);
-            });
-
-            _allowThirdPartyLabel.RegisterCallback<ClickEvent>(evt =>
-            {
-                evt.StopPropagation();
-                bool newValue = !_allowThirdPartyToggle.value;
-                _allowThirdPartyToggle.SetValueWithoutNotify(newValue);
-                OnAllowThirdPartyChanged?.Invoke(newValue);
-            });
-
             _securityLevelRestrictedButton.clicked += () => UpdateSecurityLevel(DynamicCodeSecurityLevel.Restricted);
             _securityLevelFullAccessButton.clicked += () => UpdateSecurityLevel(DynamicCodeSecurityLevel.FullAccess);
         }
 
         public void Update(ToolSettingsSectionData data)
         {
-            _allowThirdPartyTools = data.AllowThirdPartyTools;
+            _allowThirdPartyTools = true;
 
             ViewDataBinder.UpdateFoldout(_foldout, data.ShowToolSettings);
-            ViewDataBinder.UpdateToggle(_allowThirdPartyToggle, data.AllowThirdPartyTools);
             UpdateSecurityLevelSelection(data.DynamicCodeSecurityLevel);
             UpdateSecurityLevelDescription(data.DynamicCodeSecurityLevel);
 
@@ -143,7 +123,7 @@ private void UpdateDeferredState()
         {
             if (_toolListRows.Count > 0 || _isUnavailableStateShown)
             {
-                UpdateThirdPartyGroupState(_allowThirdPartyTools);
+                UpdateThirdPartyGroupState();
                 return;
             }
 
@@ -234,7 +214,7 @@ private void UpdateToolList(ToolSettingsSectionData data)
             ViewDataBinder.SetVisible(_toolListStatusLabel, false);
             ViewDataBinder.SetVisible(_toolListView, true);
             SetToolSettingsInfoVisible(true);
-            UpdateThirdPartyGroupState(data.AllowThirdPartyTools);
+            UpdateThirdPartyGroupState();
 
             _isRegistryAvailable = true;
             _isUnavailableStateShown = false;
@@ -354,9 +334,9 @@ private static void AppendGroupSignature(StringBuilder builder, IReadOnlyList<To
             builder.Append(';');
         }
 
-        private void UpdateThirdPartyGroupState(bool allowThirdPartyTools)
+        private void UpdateThirdPartyGroupState()
         {
-            _allowThirdPartyTools = allowThirdPartyTools;
+            _allowThirdPartyTools = true;
             RefreshToolListView();
         }
 
diff --git a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
index abcb44d42..1731d80d3 100644
--- a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
+++ b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
@@ -50,17 +50,6 @@
                             <ui:VisualElement class="mcp-tool-settings-card">
                                 <ui:Label text="Permissions" class="mcp-section-header mcp-tool-settings-card__header" />
                                 <ui:VisualElement class="mcp-permission-item mcp-permission-item--first">
-                                    <ui:Label text="Allow Third Party Tools" class="mcp-permission-item__title mcp-section-header--danger" />
-                                    <ui:VisualElement class="mcp-permission-item__control-row">
-                                        <ui:VisualElement class="mcp-toggle-row mcp-permission-item__toggle-row">
-                                            <ui:Toggle name="allow-third-party-toggle" class="mcp-toggle-row__toggle" />
-                                            <ui:Label text="Enable" class="mcp-permission-item__control-label" />
-                                            <ui:Label name="allow-third-party-label" text="Allow Third Party Tools" class="mcp-toggle-row__label mcp-toggle-row__label--danger mcp-permission-item__assistive-label" />
-                                        </ui:VisualElement>
-                                    </ui:VisualElement>
-                                </ui:VisualElement>
-
-                                <ui:VisualElement class="mcp-permission-item">
                                     <ui:Label text="execute-dynamic-code" class="mcp-permission-item__title mcp-permission-item__title--dynamic-code mcp-section-header--danger" />
                                     <ui:Label text="Security Level" class="mcp-permission-item__control-label" />
                                     <ui:VisualElement class="mcp-segmented-control">
diff --git a/Packages/src/Editor/UI/UIToolkit/McpEditorWindowUI.cs b/Packages/src/Editor/UI/UIToolkit/McpEditorWindowUI.cs
index 3dc8d7d20..428c0b74e 100644
--- a/Packages/src/Editor/UI/UIToolkit/McpEditorWindowUI.cs
+++ b/Packages/src/Editor/UI/UIToolkit/McpEditorWindowUI.cs
@@ -38,7 +38,6 @@ public class McpEditorWindowUI : IDisposable
         public event Action<bool> OnConnectedToolsFoldoutChanged;
         public event Action<bool> OnToolSettingsFoldoutChanged;
         public event Action<string, bool> OnToolToggled;
-        public event Action<bool> OnAllowThirdPartyChanged;
         public event Action<DynamicCodeSecurityLevel> OnSecurityLevelChanged;
 
         public McpEditorWindowUI(VisualElement root)
@@ -105,7 +104,6 @@ private void InitializeSections()
             _toolSettingsSection = new ToolSettingsSection(_root);
             _toolSettingsSection.OnFoldoutChanged += value => OnToolSettingsFoldoutChanged?.Invoke(value);
             _toolSettingsSection.OnToolToggled += (toolName, enabled) => OnToolToggled?.Invoke(toolName, enabled);
-            _toolSettingsSection.OnAllowThirdPartyChanged += value => OnAllowThirdPartyChanged?.Invoke(value);
             _toolSettingsSection.OnSecurityLevelChanged += value => OnSecurityLevelChanged?.Invoke(value);
 
             _githubLinkRow = _root.Q<VisualElement>("github-link-row");
diff --git a/Packages/src/README.md b/Packages/src/README.md
index 736d27f30..79c800359 100644
--- a/Packages/src/README.md
+++ b/Packages/src/README.md
@@ -375,12 +375,7 @@ Async support:
 > [!IMPORTANT]
 > **Security Settings**
 >
-> Some tools are disabled by default for security reasons.
-> To use these tools, enable the corresponding items in the Unity CLI Loop window "Tool Settings":
->
-> **Basic Security Settings**:
-> - **Allow Tests Execution**: Enable `run-tests` tool
-> - **Allow Third Party Tools**: Enable user-developed custom tools
+> Custom tools are always available. Use individual tool toggles to hide tools from AI agents when needed.
 >
 > **Dynamic Code Security Level** (`execute-dynamic-code` tool):
 > - **Level 1 (Restricted)**: Unity API only, dangerous operations blocked (recommended)
@@ -475,8 +470,8 @@ You can publish your extension tools on GitHub and reuse them across other proje
 > [!IMPORTANT]
 > **Security Settings**
 >
-> Project-specific tools require enabling **Allow Third Party Tools** in the Unity CLI Loop window "Tool Settings".
-> When developing custom tools that involve dynamic code execution, also consider the **Dynamic Code Security Level** setting.
+> Project-specific tools are available without enabling an additional permission.
+> When developing custom tools that involve dynamic code execution, consider the **Dynamic Code Security Level** setting.
 
 <details>
 <summary>View Implementation Guide</summary>
diff --git a/Packages/src/README_ja.md b/Packages/src/README_ja.md
index 347a803a9..e9750c9bd 100644
--- a/Packages/src/README_ja.md
+++ b/Packages/src/README_ja.md
@@ -374,12 +374,7 @@ Unity Editor内で動的にC#コードを実行します。
 > [!IMPORTANT]
 > **セキュリティ設定について**
 >
-> 一部のツールはセキュリティ上の理由でデフォルトで無効化されています。
-> これらのツールを使用するには、Unity CLI Loopウィンドウの「Tool Settings」で該当する項目を有効化してください：
->
-> **基本セキュリティ設定**:
-> - **Allow Tests Execution**: `run-tests`ツールを有効化
-> - **Allow Third Party Tools**: ユーザーが独自に拡張したtoolを有効化
+> カスタムツールは常に利用できます。AIエージェントから隠したいツールは、個別のツールトグルで無効化してください。
 >
 > **Dynamic Code Security Level** (`execute-dynamic-code`ツール):
 > - **Level 1 (Restricted)**: Unity APIのみ、危険な操作はブロック（推奨）
@@ -474,8 +469,8 @@ Unity CLI Loopはコアパッケージへの変更を必要とせず、プロジ
 > [!IMPORTANT]
 > **セキュリティ設定について**
 >
-> プロジェクト固有に開発したツールは、Unity CLI Loopウィンドウの「Tool Settings」で **Allow Third Party Tools** を有効化する必要があります。
-> また、動的コード実行を含むカスタムツールを開発する場合は、**Dynamic Code Security Level**の設定も考慮してください。
+> プロジェクト固有に開発したツールは、追加の権限を有効化しなくても利用できます。
+> また、動的コード実行を含むカスタムツールを開発する場合は、**Dynamic Code Security Level**の設定を考慮してください。
 
 <details>
 <summary>実装ガイドを見る</summary>
diff --git a/README.md b/README.md
index 626ca0f0a..47a245c35 100644
--- a/README.md
+++ b/README.md
@@ -375,12 +375,7 @@ Async support:
 > [!IMPORTANT]
 > **Security Settings**
 >
-> Some tools are disabled by default for security reasons.
-> To use these tools, enable the corresponding items in the Unity CLI Loop window "Tool Settings":
->
-> **Basic Security Settings**:
-> - **Allow Tests Execution**: Enable `run-tests` tool
-> - **Allow Third Party Tools**: Enable user-developed custom tools
+> Custom tools are always available. Use individual tool toggles to hide tools from AI agents when needed.
 >
 > **Dynamic Code Security Level** (`execute-dynamic-code` tool):
 > - **Level 1 (Restricted)**: Unity API only, dangerous operations blocked (recommended)
@@ -475,8 +470,8 @@ You can publish your extension tools on GitHub and reuse them across other proje
 > [!IMPORTANT]
 > **Security Settings**
 >
-> Project-specific tools require enabling **Allow Third Party Tools** in the Unity CLI Loop window "Tool Settings".
-> When developing custom tools that involve dynamic code execution, also consider the **Dynamic Code Security Level** setting.
+> Project-specific tools are available without enabling an additional permission.
+> When developing custom tools that involve dynamic code execution, consider the **Dynamic Code Security Level** setting.
 
 <details>
 <summary>View Implementation Guide</summary>
diff --git a/README_ja.md b/README_ja.md
index 9685ee414..d0dfbdbcd 100644
--- a/README_ja.md
+++ b/README_ja.md
@@ -374,12 +374,7 @@ Unity Editor内で動的にC#コードを実行します。
 > [!IMPORTANT]
 > **セキュリティ設定について**
 >
-> 一部のツールはセキュリティ上の理由でデフォルトで無効化されています。
-> これらのツールを使用するには、Unity CLI Loopウィンドウの「Security Settings」で該当する項目を有効化してください：
->
-> **基本セキュリティ設定**:
-> - **Allow Tests Execution**: `run-tests`ツールを有効化
-> - **Allow Third Party Tools**: ユーザーが独自に拡張したtoolを有効化
+> カスタムツールは常に利用できます。AIエージェントから隠したいツールは、個別のツールトグルで無効化してください。
 >
 > **Dynamic Code Security Level** (`execute-dynamic-code`ツール):
 > - **Level 1 (Restricted)**: Unity APIのみ、危険な操作はブロック（推奨）
@@ -474,8 +469,8 @@ Unity CLI Loopはコアパッケージへの変更を必要とせず、プロジ
 > [!IMPORTANT]
 > **セキュリティ設定について**
 >
-> プロジェクト固有に開発したツールは、Unity CLI Loopウィンドウの「Security Settings」で **Allow Third Party Tools** を有効化する必要があります。
-> また、動的コード実行を含むカスタムツールを開発する場合は、**Dynamic Code Security Level**の設定も考慮してください。
+> プロジェクト固有に開発したツールは、追加の権限を有効化しなくても利用できます。
+> また、動的コード実行を含むカスタムツールを開発する場合は、**Dynamic Code Security Level**の設定を考慮してください。
 
 <details>
 <summary>実装ガイドを見る</summary>

From c81fda1c19690db97985ccb8245f8c110304f12b Mon Sep 17 00:00:00 2001
From: hatayama <booqle@gmail.com>
Date: Sat, 2 May 2026 05:17:36 +0900
Subject: [PATCH 2/5] Shorten CLI status label

Use the concise CLI prefix in the settings window so the configuration status row matches the requested wording.
---
 .../src/Editor/UI/UIToolkit/Components/CliSetupSection.cs   | 6 +++---
 Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml       | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Packages/src/Editor/UI/UIToolkit/Components/CliSetupSection.cs b/Packages/src/Editor/UI/UIToolkit/Components/CliSetupSection.cs
index f16a0f8a5..24aa05354 100644
--- a/Packages/src/Editor/UI/UIToolkit/Components/CliSetupSection.cs
+++ b/Packages/src/Editor/UI/UIToolkit/Components/CliSetupSection.cs
@@ -82,7 +82,7 @@ private void UpdateCliStatus(CliSetupData data)
             {
                 ViewDataBinder.ToggleClass(_cliStatusIcon, "mcp-cli-status-icon--installed", false);
                 ViewDataBinder.ToggleClass(_cliStatusIcon, "mcp-cli-status-icon--not-installed", false);
-                _cliStatusLabel.text = "uloop-cli: Checking...";
+                _cliStatusLabel.text = "CLI: Checking...";
                 return;
             }
 
@@ -91,11 +91,11 @@ private void UpdateCliStatus(CliSetupData data)
 
             if (data.IsCliInstalled && data.CliVersion != null)
             {
-                _cliStatusLabel.text = $"uloop-cli: v{data.CliVersion}";
+                _cliStatusLabel.text = $"CLI: v{data.CliVersion}";
                 return;
             }
 
-            _cliStatusLabel.text = "uloop-cli: Not installed";
+            _cliStatusLabel.text = "CLI: Not installed";
         }
 
         private void UpdateRefreshButton(CliSetupData data)
diff --git a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
index 1731d80d3..2d1b731b3 100644
--- a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
+++ b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uxml
@@ -8,7 +8,7 @@
                     <ui:VisualElement name="cli-content">
                         <ui:VisualElement class="mcp-cli-status-row">
                             <ui:VisualElement name="cli-status-icon" class="mcp-cli-status-icon mcp-cli-status-icon--not-installed" />
-                            <ui:Label name="cli-status-label" text="uloop-cli: Checking..." />
+                            <ui:Label name="cli-status-label" text="CLI: Checking..." />
                             <ui:Button name="refresh-cli-version-button" text="↻" class="mcp-button--refresh" />
                         </ui:VisualElement>
                         <ui:Button name="install-cli-button" text="Install CLI" class="mcp-button mcp-button--configure" />

From d8199621b54007313088dc07ef44259b95b059f0 Mon Sep 17 00:00:00 2001
From: hatayama <booqle@gmail.com>
Date: Sat, 2 May 2026 05:20:58 +0900
Subject: [PATCH 3/5] Remove third-party tool disable state

Third-party tools are now always available, so remove the leftover UI state that could mark that group as disabled. This keeps the settings list behavior aligned with the always-on permission model.
---
 .../McpEditorWindowRefreshPolicyTests.cs      |  1 -
 .../Tests/Editor/ToolSettingsSectionTests.cs  |  3 ---
 Packages/src/Editor/UI/McpEditorWindow.cs     |  3 ---
 .../src/Editor/UI/McpEditorWindowViewData.cs  |  3 ---
 .../Components/ToolSettingsSection.cs         | 22 ++++---------------
 .../Editor/UI/UIToolkit/McpEditorWindow.uss   |  4 ----
 6 files changed, 4 insertions(+), 32 deletions(-)

diff --git a/Assets/Tests/Editor/McpEditorWindowRefreshPolicyTests.cs b/Assets/Tests/Editor/McpEditorWindowRefreshPolicyTests.cs
index ac2fae119..f8f8c6726 100644
--- a/Assets/Tests/Editor/McpEditorWindowRefreshPolicyTests.cs
+++ b/Assets/Tests/Editor/McpEditorWindowRefreshPolicyTests.cs
@@ -148,7 +148,6 @@ private static ToolSettingsSectionData CreateToolSettingsData(
         {
             return new ToolSettingsSectionData(
                 showToolSettings,
-                allowThirdPartyTools: false,
                 DynamicCodeSecurityLevel.Restricted,
                 System.Array.Empty<ToolToggleItem>(),
                 System.Array.Empty<ToolToggleItem>(),
diff --git a/Assets/Tests/Editor/ToolSettingsSectionTests.cs b/Assets/Tests/Editor/ToolSettingsSectionTests.cs
index 7dba3180a..4b694af96 100644
--- a/Assets/Tests/Editor/ToolSettingsSectionTests.cs
+++ b/Assets/Tests/Editor/ToolSettingsSectionTests.cs
@@ -83,7 +83,6 @@ public void Update_HeaderOnlyRefreshAfterLoad_PreservesLoadedRows()
             ToolSettingsSectionData headerOnlyData = CreateData(
                 compileEnabled: false,
                 includeGetLogs: false,
-                allowThirdPartyTools: false,
                 includeThirdPartyTool: true,
                 hasToolListData: false);
 
@@ -208,7 +207,6 @@ private static ToolSettingsSectionData CreateData(
             bool compileEnabled,
             bool includeGetLogs,
             bool showToolSettings = true,
-            bool allowThirdPartyTools = true,
             bool includeThirdPartyTool = false,
             bool hasToolListData = true,
             DynamicCodeSecurityLevel dynamicCodeSecurityLevel = DynamicCodeSecurityLevel.Restricted)
@@ -246,7 +244,6 @@ private static ToolSettingsSectionData CreateData(
 
             return new ToolSettingsSectionData(
                 showToolSettings: showToolSettings,
-                allowThirdPartyTools: allowThirdPartyTools,
                 dynamicCodeSecurityLevel: dynamicCodeSecurityLevel,
                 builtInTools: builtInTools,
                 thirdPartyTools: thirdPartyTools,
diff --git a/Packages/src/Editor/UI/McpEditorWindow.cs b/Packages/src/Editor/UI/McpEditorWindow.cs
index 483a972bb..46249ae69 100644
--- a/Packages/src/Editor/UI/McpEditorWindow.cs
+++ b/Packages/src/Editor/UI/McpEditorWindow.cs
@@ -381,7 +381,6 @@ private ToolSettingsSectionData CreateToolSettingsHeaderData()
         {
             return new ToolSettingsSectionData(
                 _model.UI.ShowToolSettings,
-                ULoopSettings.GetAllowThirdPartyTools(),
                 ULoopSettings.GetDynamicCodeSecurityLevel(),
                 System.Array.Empty<ToolToggleItem>(),
                 System.Array.Empty<ToolToggleItem>(),
@@ -396,7 +395,6 @@ private ToolSettingsSectionData CreateToolSettingsData()
             {
                 return new ToolSettingsSectionData(
                     _model.UI.ShowToolSettings,
-                    ULoopSettings.GetAllowThirdPartyTools(),
                     ULoopSettings.GetDynamicCodeSecurityLevel(),
                     System.Array.Empty<ToolToggleItem>(),
                     System.Array.Empty<ToolToggleItem>(),
@@ -436,7 +434,6 @@ private ToolSettingsSectionData CreateToolSettingsData()
 
             return new ToolSettingsSectionData(
                 _model.UI.ShowToolSettings,
-                ULoopSettings.GetAllowThirdPartyTools(),
                 ULoopSettings.GetDynamicCodeSecurityLevel(),
                 builtIn.ToArray(),
                 thirdParty.ToArray(),
diff --git a/Packages/src/Editor/UI/McpEditorWindowViewData.cs b/Packages/src/Editor/UI/McpEditorWindowViewData.cs
index 12df8f037..aa76c0f49 100644
--- a/Packages/src/Editor/UI/McpEditorWindowViewData.cs
+++ b/Packages/src/Editor/UI/McpEditorWindowViewData.cs
@@ -69,7 +69,6 @@ public ToolToggleItem(string toolName, string description, bool isEnabled, bool
     public record ToolSettingsSectionData
     {
         public readonly bool ShowToolSettings;
-        public readonly bool AllowThirdPartyTools;
         public readonly DynamicCodeSecurityLevel DynamicCodeSecurityLevel;
         public readonly ToolToggleItem[] BuiltInTools;
         public readonly ToolToggleItem[] ThirdPartyTools;
@@ -78,7 +77,6 @@ public record ToolSettingsSectionData
 
         public ToolSettingsSectionData(
             bool showToolSettings,
-            bool allowThirdPartyTools,
             DynamicCodeSecurityLevel dynamicCodeSecurityLevel,
             ToolToggleItem[] builtInTools,
             ToolToggleItem[] thirdPartyTools,
@@ -86,7 +84,6 @@ public ToolSettingsSectionData(
             bool hasToolListData = true)
         {
             ShowToolSettings = showToolSettings;
-            AllowThirdPartyTools = allowThirdPartyTools;
             DynamicCodeSecurityLevel = dynamicCodeSecurityLevel;
             BuiltInTools = builtInTools;
             ThirdPartyTools = thirdPartyTools;
diff --git a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
index 3e02542e7..787be4b5e 100644
--- a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
+++ b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
@@ -25,7 +25,6 @@ public class ToolSettingsSection
         private readonly ListView _toolListView;
         private readonly List<ToolListRowData> _toolListRows = new();
         private readonly Dictionary<string, Toggle> _togglesByToolName = new();
-        private bool _allowThirdPartyTools = true;
         private bool _isRegistryAvailable;
         private bool _isUnavailableStateShown;
         private bool _isLoadingStateShown;
@@ -70,8 +69,6 @@ private void SetupBindings()
 
         public void Update(ToolSettingsSectionData data)
         {
-            _allowThirdPartyTools = true;
-
             ViewDataBinder.UpdateFoldout(_foldout, data.ShowToolSettings);
             UpdateSecurityLevelSelection(data.DynamicCodeSecurityLevel);
             UpdateSecurityLevelDescription(data.DynamicCodeSecurityLevel);
@@ -123,7 +120,7 @@ private void UpdateDeferredState()
         {
             if (_toolListRows.Count > 0 || _isUnavailableStateShown)
             {
-                UpdateThirdPartyGroupState();
+                RefreshToolListView();
                 return;
             }
 
@@ -214,7 +211,7 @@ private void UpdateToolList(ToolSettingsSectionData data)
             ViewDataBinder.SetVisible(_toolListStatusLabel, false);
             ViewDataBinder.SetVisible(_toolListView, true);
             SetToolSettingsInfoVisible(true);
-            UpdateThirdPartyGroupState();
+            RefreshToolListView();
 
             _isRegistryAvailable = true;
             _isUnavailableStateShown = false;
@@ -334,12 +331,6 @@ private static void AppendGroupSignature(StringBuilder builder, IReadOnlyList<To
             builder.Append(';');
         }
 
-        private void UpdateThirdPartyGroupState()
-        {
-            _allowThirdPartyTools = true;
-            RefreshToolListView();
-        }
-
         private static Label CreateToolListStatusLabel()
         {
             Label label = new Label();
@@ -391,7 +382,7 @@ private static VisualElement CreateToolListRowElement()
             {
                 evt.StopPropagation();
 
-                if (row.userData is not ToolListRowData item || item.IsHeader || !item.CanToggle)
+                if (row.userData is not ToolListRowData item || item.IsHeader)
                 {
                     return;
                 }
@@ -413,7 +404,6 @@ private void BindToolListRowElement(VisualElement row, int index)
 
             ToolListRowData item = _toolListRows[index];
             item.Owner = this;
-            item.CanToggle = !item.IsThirdParty || _allowThirdPartyTools;
             row.userData = item;
 
             Toggle toggle = row.Q<Toggle>("tool-list-row-toggle");
@@ -440,7 +430,6 @@ private void BindHeaderRow(VisualElement row, Toggle toggle, Label label, ToolLi
             row.SetEnabled(true);
             row.AddToClassList("mcp-tool-list-row--header");
             label.AddToClassList("mcp-tool-group-header");
-            ViewDataBinder.ToggleClass(row, "mcp-tool-list-row--disabled", item.IsThirdParty && !_allowThirdPartyTools);
         }
 
         private void BindToolRow(VisualElement row, Toggle toggle, Label label, ToolListRowData item)
@@ -450,15 +439,13 @@ private void BindToolRow(VisualElement row, Toggle toggle, Label label, ToolList
             label.text = item.ToolName;
             label.tooltip = item.Description;
 
-            row.SetEnabled(item.CanToggle);
-            ViewDataBinder.ToggleClass(row, "mcp-tool-list-row--disabled", !item.CanToggle);
+            row.SetEnabled(true);
             _togglesByToolName[item.ToolName] = toggle;
         }
 
         private static void ResetRowClasses(VisualElement row, Label label)
         {
             row.RemoveFromClassList("mcp-tool-list-row--header");
-            row.RemoveFromClassList("mcp-tool-list-row--disabled");
             label.RemoveFromClassList("mcp-tool-group-header");
         }
 
@@ -497,7 +484,6 @@ private sealed class ToolListRowData
             public readonly string Description;
             public readonly bool IsThirdParty;
             public bool IsEnabled;
-            public bool CanToggle = true;
             public ToolSettingsSection Owner;
 
             private ToolListRowData(
diff --git a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uss b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uss
index 3e5577936..a46ca7a7a 100644
--- a/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uss
+++ b/Packages/src/Editor/UI/UIToolkit/McpEditorWindow.uss
@@ -531,10 +531,6 @@
     padding-bottom: 0;
 }
 
-.mcp-tool-list-row--disabled {
-    opacity: 0.45;
-}
-
 .mcp-tool-registry-unavailable {
     color: #888888;
     -unity-font-style: italic;

From d0d81ec1809028c1ee89accfefff77f4e71a3866 Mon Sep 17 00:00:00 2001
From: hatayama <booqle@gmail.com>
Date: Sat, 2 May 2026 05:24:27 +0900
Subject: [PATCH 4/5] Remove stale third-party permission settings

Third-party tools no longer have a separate permission gate, so remove the persisted setting, security checker branch, and related docs. Keep only legacy JSON cleanup so old allowThirdPartyTools entries are stripped when settings are rewritten.
---
 Assets/Tests/Editor/ULoopSettingsTests.cs     | 38 +++--------
 Packages/src/Editor/Config/ULoopSettings.cs   | 37 ++--------
 .../src/Editor/Config/ULoopSettingsData.cs    |  1 -
 .../src/Editor/Security/McpSecurityChecker.cs | 67 +------------------
 .../Components/ToolSettingsSection.cs         | 17 ++---
 Packages/src/README.md                        |  2 +-
 Packages/src/README_ja.md                     |  2 +-
 README.md                                     |  2 +-
 README_ja.md                                  |  2 +-
 9 files changed, 28 insertions(+), 140 deletions(-)

diff --git a/Assets/Tests/Editor/ULoopSettingsTests.cs b/Assets/Tests/Editor/ULoopSettingsTests.cs
index b1a4aebd8..6a668393d 100644
--- a/Assets/Tests/Editor/ULoopSettingsTests.cs
+++ b/Assets/Tests/Editor/ULoopSettingsTests.cs
@@ -108,9 +108,10 @@ public void GetSettings_WhenNewFileAbsentAndLegacyExists_ShouldMigrateRemainingF
 
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
             Assert.IsTrue(File.Exists(SettingsFilePath), $"{SettingsFilePath} should be created by migration");
+            string updatedJson = File.ReadAllText(SettingsFilePath);
+            StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
         }
 
         [Test]
@@ -118,7 +119,6 @@ public void GetSettings_WhenNewFileExists_ShouldIgnoreLegacy()
         {
             ULoopSettingsData newSettings = new ULoopSettingsData
             {
-                allowThirdPartyTools = true,
                 dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.FullAccess
             };
             File.WriteAllText(SettingsFilePath, JsonUtility.ToJson(newSettings, true));
@@ -133,7 +133,6 @@ public void GetSettings_WhenNewFileExists_ShouldIgnoreLegacy()
 
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.FullAccess, result.dynamicCodeSecurityLevel);
         }
 
@@ -142,7 +141,6 @@ public void SetAndGet_RoundTrip_ShouldPreserveRemainingValues()
         {
             ULoopSettingsData written = new ULoopSettingsData
             {
-                allowThirdPartyTools = false,
                 dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
             };
             ULoopSettings.SaveSettings(written);
@@ -150,25 +148,9 @@ public void SetAndGet_RoundTrip_ShouldPreserveRemainingValues()
 
             ULoopSettingsData readBack = ULoopSettings.GetSettings();
 
-            Assert.IsTrue(readBack.allowThirdPartyTools);
             Assert.AreEqual(written.dynamicCodeSecurityLevel, readBack.dynamicCodeSecurityLevel);
         }
 
-        [Test]
-        public void SetAllowThirdPartyTools_WhenFalse_ShouldKeepThirdPartyToolsAllowed()
-        {
-            ULoopSettings.SaveSettings(new ULoopSettingsData
-            {
-                allowThirdPartyTools = true,
-                dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
-            });
-
-            ULoopSettings.SetAllowThirdPartyTools(false);
-
-            Assert.IsTrue(ULoopSettings.GetAllowThirdPartyTools());
-            Assert.IsTrue(ULoopSettings.GetSettings().allowThirdPartyTools);
-        }
-
         [Test]
         public void Migration_ShouldPurgeRemainingSecurityFieldsAndPreserveOtherSettings()
         {
@@ -204,7 +186,6 @@ public void GetSettings_WhenBothFilesAbsent_ShouldReturnDefaults()
 
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
             Assert.IsFalse(File.Exists(LegacySettingsFilePath),
                 "Legacy file should not be created when both files are absent");
@@ -215,7 +196,7 @@ public void GetSettings_WhenPrimaryMissingAndBackupExists_ShouldRecoverFromBacku
         {
             DeleteIfExists(SettingsFilePath);
 
-            ULoopSettingsData backupData = new ULoopSettingsData
+            SettingsFileFixture backupData = new SettingsFileFixture
             {
                 allowThirdPartyTools = false,
                 dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.FullAccess
@@ -226,9 +207,10 @@ public void GetSettings_WhenPrimaryMissingAndBackupExists_ShouldRecoverFromBacku
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
             Assert.IsTrue(File.Exists(SettingsFilePath), $"{SettingsFilePath} should be recovered from .bak");
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.FullAccess, result.dynamicCodeSecurityLevel);
             Assert.IsFalse(File.Exists(SettingsBackupPath), ".bak should be consumed by recovery");
+            string updatedJson = File.ReadAllText(SettingsFilePath);
+            StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
         }
 
         [Test]
@@ -237,7 +219,7 @@ public void GetSettings_WhenOldSecurityJsonExists_ShouldRenameToPermissions()
             DeleteIfExists(SettingsFilePath);
             DeleteIfExists(LegacySettingsFilePath);
 
-            ULoopSettingsData oldData = new ULoopSettingsData
+            SettingsFileFixture oldData = new SettingsFileFixture
             {
                 allowThirdPartyTools = false,
                 dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
@@ -249,8 +231,9 @@ public void GetSettings_WhenOldSecurityJsonExists_ShouldRenameToPermissions()
 
             Assert.IsTrue(File.Exists(SettingsFilePath), "New settings file should exist after rename");
             Assert.IsFalse(File.Exists(OldSettingsFilePath), "Old settings file should be removed after rename");
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
+            string updatedJson = File.ReadAllText(SettingsFilePath);
+            StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
         }
 
         [Test]
@@ -268,8 +251,9 @@ public void GetSettings_WhenJsonContainsRemovedFields_ShouldIgnoreThem()
 
             ULoopSettingsData result = ULoopSettings.GetSettings();
 
-            Assert.IsTrue(result.allowThirdPartyTools);
             Assert.AreEqual((int)DynamicCodeSecurityLevel.FullAccess, result.dynamicCodeSecurityLevel);
+            string updatedJson = File.ReadAllText(SettingsFilePath);
+            StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
         }
 
         [Test]
@@ -359,7 +343,7 @@ public void SaveSettings_WhenJsonContainsRemovedFields_ShouldRewriteWithoutThem(
 
             StringAssert.DoesNotContain("\"enableTestsExecution\"", updatedJson);
             StringAssert.DoesNotContain("\"allowMenuItemExecution\"", updatedJson);
-            StringAssert.Contains("\"allowThirdPartyTools\"", updatedJson);
+            StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
             StringAssert.Contains("\"dynamicCodeSecurityLevel\"", updatedJson);
         }
 
diff --git a/Packages/src/Editor/Config/ULoopSettings.cs b/Packages/src/Editor/Config/ULoopSettings.cs
index e9ebb9f73..bb95a1419 100644
--- a/Packages/src/Editor/Config/ULoopSettings.cs
+++ b/Packages/src/Editor/Config/ULoopSettings.cs
@@ -16,6 +16,8 @@ namespace io.github.hatayama.uLoopMCP
     /// </summary>
     public static class ULoopSettings
     {
+        private const string LEGACY_ALLOW_THIRD_PARTY_TOOLS_FIELD = "allowThirdPartyTools";
+
         private static string SettingsFilePath =>
             Path.Combine(McpConstants.ULOOP_DIR, McpConstants.ULOOP_SETTINGS_FILE_NAME);
 
@@ -36,7 +38,6 @@ public static ULoopSettingsData GetSettings()
         public static void SaveSettings(ULoopSettingsData settings)
         {
             Debug.Assert(settings != null, "settings must not be null");
-            settings = settings with { allowThirdPartyTools = true };
 
             string directory = Path.GetDirectoryName(SettingsFilePath);
             if (!string.IsNullOrEmpty(directory) && !Directory.Exists(directory))
@@ -64,18 +65,6 @@ public static void UpdateSettings(Func<ULoopSettingsData, ULoopSettingsData> tra
             SaveSettings(updated);
         }
 
-        public static bool GetAllowThirdPartyTools()
-        {
-            return true;
-        }
-
-        public static void SetAllowThirdPartyTools(bool value)
-        {
-            ULoopSettingsData settings = GetSettings();
-            ULoopSettingsData updated = settings with { allowThirdPartyTools = true };
-            SaveSettings(updated);
-        }
-
         public static DynamicCodeSecurityLevel GetDynamicCodeSecurityLevel()
         {
             ULoopSettingsData settings = GetSettings();
@@ -160,8 +149,8 @@ private static void LoadSettings()
                 _cachedSettings = JsonUtility.FromJson<ULoopSettingsData>(json);
                 bool migratedToolToggles = ApplyLegacyToolToggleMigrations(json);
                 bool normalizedDynamicCode = NormalizeLegacyDisabledDynamicCode();
-                bool normalizedThirdPartyTools = NormalizeThirdPartyToolsAllowed();
-                if (migratedToolToggles || normalizedDynamicCode || normalizedThirdPartyTools)
+                bool removedThirdPartyToolsField = json.Contains($"\"{LEGACY_ALLOW_THIRD_PARTY_TOOLS_FIELD}\"");
+                if (migratedToolToggles || normalizedDynamicCode || removedThirdPartyToolsField)
                 {
                     SaveSettings(_cachedSettings);
                 }
@@ -180,7 +169,7 @@ private static bool LegacyFileHasSecurityFields()
             }
 
             string json = File.ReadAllText(LegacySettingsFilePath);
-            return json.Contains($"\"{nameof(LegacySecuritySettingsProbe.allowThirdPartyTools)}\"")
+            return json.Contains($"\"{LEGACY_ALLOW_THIRD_PARTY_TOOLS_FIELD}\"")
                 || json.Contains($"\"{nameof(LegacySecuritySettingsProbe.dynamicCodeSecurityLevel)}\"");
         }
 
@@ -201,7 +190,6 @@ private class LegacySecuritySettingsProbe
         {
             public bool enableTestsExecution = true;
             public bool allowMenuItemExecution = true;
-            public bool allowThirdPartyTools = false;
             public int dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted;
         }
 
@@ -229,13 +217,11 @@ private static void MigrateFromLegacySettings()
 
             _cachedSettings = new ULoopSettingsData
             {
-                allowThirdPartyTools = true,
                 dynamicCodeSecurityLevel = probe.dynamicCodeSecurityLevel
             };
 
             ApplyLegacyToolToggleMigrations(legacyJson);
             NormalizeLegacyDisabledDynamicCode();
-            NormalizeThirdPartyToolsAllowed();
             SaveSettings(_cachedSettings);
 
             // Re-save legacy file to purge security fields that are no longer in
@@ -261,19 +247,6 @@ private static bool NormalizeLegacyDisabledDynamicCode()
             return true;
         }
 
-        private static bool NormalizeThirdPartyToolsAllowed()
-        {
-            Debug.Assert(_cachedSettings != null, "_cachedSettings must not be null");
-
-            if (_cachedSettings.allowThirdPartyTools)
-            {
-                return false;
-            }
-
-            _cachedSettings = _cachedSettings with { allowThirdPartyTools = true };
-            return true;
-        }
-
         private static bool ApplyLegacyToolToggleMigrations(string json)
         {
             if (string.IsNullOrWhiteSpace(json))
diff --git a/Packages/src/Editor/Config/ULoopSettingsData.cs b/Packages/src/Editor/Config/ULoopSettingsData.cs
index 760b105b2..9f82b37b6 100644
--- a/Packages/src/Editor/Config/ULoopSettingsData.cs
+++ b/Packages/src/Editor/Config/ULoopSettingsData.cs
@@ -9,7 +9,6 @@ namespace io.github.hatayama.uLoopMCP
     [Serializable]
     public record ULoopSettingsData
     {
-        public bool allowThirdPartyTools = true;
         public int dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted;
     }
 }
diff --git a/Packages/src/Editor/Security/McpSecurityChecker.cs b/Packages/src/Editor/Security/McpSecurityChecker.cs
index e47193b54..3518faa55 100644
--- a/Packages/src/Editor/Security/McpSecurityChecker.cs
+++ b/Packages/src/Editor/Security/McpSecurityChecker.cs
@@ -92,7 +92,7 @@ private static bool IsToolAllowedByAttribute(ToolAttributeInfo toolInfo)
             switch (toolInfo.RequiredSecuritySetting)
             {
                 case SecuritySettings.None:
-                    return IsThirdPartyToolAllowed(toolInfo.ToolName);
+                    return true;
                 default:
                     return false; // Unknown setting - block by default
             }
@@ -148,18 +148,7 @@ public static string GetBlockReason(string toolName)
                 return $"Tool '{toolName}' is not allowed by security policy.";
             }
 
-            switch (toolInfo.Value.RequiredSecuritySetting)
-            {
-                case SecuritySettings.None:
-                    if (IsThirdPartyTool(toolName))
-                    {
-                        return $"Tool '{toolName}' is not allowed by security policy.";
-                    }
-                    return $"Tool '{toolName}' is not allowed by security policy.";
-                    
-                default:
-                    return $"Tool '{toolName}' is not allowed by security policy.";
-            }
+            return $"Tool '{toolName}' is not allowed by security policy.";
         }
 
         /// <summary>
@@ -175,58 +164,6 @@ public static ToolSecurityInfo GetToolSecurityInfo(string toolName)
             return new ToolSecurityInfo(toolName, isAllowed, reason);
         }
 
-        /// <summary>
-        /// Checks if third party tools execution is allowed
-        /// </summary>
-        /// <returns>True if third party tools execution is allowed</returns>
-        private static bool IsThirdPartyToolsAllowed()
-        {
-            return ULoopSettings.GetAllowThirdPartyTools();
-        }
-
-        /// <summary>
-        /// Checks if a specific tool is allowed (considers both explicit setting and third party status)
-        /// </summary>
-        /// <param name="toolName">The name of the tool to check</param>
-        /// <returns>True if tool is allowed</returns>
-        private static bool IsThirdPartyToolAllowed(string toolName)
-        {
-            // If it's not a third party tool (i.e., official tool), allow it
-            if (!IsThirdPartyTool(toolName))
-            {
-                return true;
-            }
-            
-            // If it's a third party tool, check the setting
-            return IsThirdPartyToolsAllowed();
-        }
-
-        /// <summary>
-        /// Checks if a tool is a third party tool based on its assembly
-        /// </summary>
-        /// <param name="toolName">The name of the tool to check</param>
-        /// <returns>True if tool is from a third party assembly</returns>
-        private static bool IsThirdPartyTool(string toolName)
-        {
-            // Get tool type from registry
-            var registry = CustomToolManager.GetRegistry();
-            if (registry == null)
-            {
-                return true; // Default to third party if registry unavailable
-            }
-
-            var toolType = registry.GetToolType(toolName);
-            if (toolType == null)
-            {
-                return true; // Default to third party if tool type not found
-            }
-
-            // Check assembly name
-            string assemblyName = toolType.Assembly.GetName().Name;
-            
-            // Official uLoopMCP assembly
-            return assemblyName != "uLoopMCP.Editor";
-        }
     }
 
     /// <summary>
diff --git a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
index 787be4b5e..227a421d8 100644
--- a/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
+++ b/Packages/src/Editor/UI/UIToolkit/Components/ToolSettingsSection.cs
@@ -261,13 +261,13 @@ private void Rebuild(ToolSettingsSectionData data)
 
             if (data.BuiltInTools.Length > 0)
             {
-                _toolListRows.Add(ToolListRowData.CreateHeader("Built-in Tools", false));
+                _toolListRows.Add(ToolListRowData.CreateHeader("Built-in Tools"));
                 AddToolRows(data.BuiltInTools);
             }
 
             if (data.ThirdPartyTools.Length > 0)
             {
-                _toolListRows.Add(ToolListRowData.CreateHeader("Third Party Tools", true));
+                _toolListRows.Add(ToolListRowData.CreateHeader("Third Party Tools"));
                 AddToolRows(data.ThirdPartyTools);
             }
 
@@ -482,7 +482,6 @@ private sealed class ToolListRowData
             public readonly string ToolName;
             public readonly string Label;
             public readonly string Description;
-            public readonly bool IsThirdParty;
             public bool IsEnabled;
             public ToolSettingsSection Owner;
 
@@ -491,26 +490,23 @@ private ToolListRowData(
                 string toolName,
                 string label,
                 string description,
-                bool isEnabled,
-                bool isThirdParty)
+                bool isEnabled)
             {
                 IsHeader = isHeader;
                 ToolName = toolName;
                 Label = label;
                 Description = description;
                 IsEnabled = isEnabled;
-                IsThirdParty = isThirdParty;
             }
 
-            public static ToolListRowData CreateHeader(string label, bool isThirdParty)
+            public static ToolListRowData CreateHeader(string label)
             {
                 return new ToolListRowData(
                     true,
                     string.Empty,
                     label,
                     string.Empty,
-                    true,
-                    isThirdParty);
+                    true);
             }
 
             public static ToolListRowData CreateTool(ToolToggleItem item)
@@ -520,8 +516,7 @@ public static ToolListRowData CreateTool(ToolToggleItem item)
                     item.ToolName,
                     item.ToolName,
                     item.Description,
-                    item.IsEnabled,
-                    item.IsThirdParty);
+                    item.IsEnabled);
             }
         }
     }
diff --git a/Packages/src/README.md b/Packages/src/README.md
index 79c800359..5ab25590c 100644
--- a/Packages/src/README.md
+++ b/Packages/src/README.md
@@ -614,7 +614,7 @@ The `.uloop/` directory at the project root stores CLI cache, tool registry, and
 
 | File | Purpose | Git-track? |
 |------|---------|------------|
-| `settings.permissions.json` | Team-wide security policy (third-party tool access, dynamic code security level) | Optional |
+| `settings.permissions.json` | Team-wide security policy (dynamic code security level) | Optional |
 | `settings.tools.json` | Per-tool enable/disable preferences | Optional |
 | `tools.json` | Auto-generated CLI tool registry | No |
 | `outputs/` | Runtime outputs (test results, screenshots, hierarchy dumps) | No |
diff --git a/Packages/src/README_ja.md b/Packages/src/README_ja.md
index e9750c9bd..902dd24d6 100644
--- a/Packages/src/README_ja.md
+++ b/Packages/src/README_ja.md
@@ -613,7 +613,7 @@ description: "ツールの説明と使用タイミング"
 
 | ファイル | 用途 | git管理 |
 |---------|------|---------|
-| `settings.permissions.json` | チーム共有のセキュリティポリシー（サードパーティツール許可、動的コード実行レベル） | 任意 |
+| `settings.permissions.json` | チーム共有のセキュリティポリシー（動的コード実行レベル） | 任意 |
 | `settings.tools.json` | ツールごとの有効・無効設定 | 任意 |
 | `tools.json` | 自動生成されるCLIツールレジストリ | No |
 | `outputs/` | ランタイム出力（テスト結果、スクリーンショット、ヒエラルキーダンプ） | No |
diff --git a/README.md b/README.md
index 47a245c35..0ec587642 100644
--- a/README.md
+++ b/README.md
@@ -614,7 +614,7 @@ The `.uloop/` directory at the project root stores CLI cache, tool registry, and
 
 | File | Purpose | Git-track? |
 |------|---------|------------|
-| `settings.permissions.json` | Team-wide security policy (third-party tool access, dynamic code security level) | Optional |
+| `settings.permissions.json` | Team-wide security policy (dynamic code security level) | Optional |
 | `settings.tools.json` | Per-tool enable/disable preferences | Optional |
 | `tools.json` | Auto-generated CLI tool registry | No |
 | `outputs/` | Runtime outputs (test results, screenshots, hierarchy dumps) | No |
diff --git a/README_ja.md b/README_ja.md
index d0dfbdbcd..294f98d3b 100644
--- a/README_ja.md
+++ b/README_ja.md
@@ -613,7 +613,7 @@ description: "ツールの説明と使用タイミング"
 
 | ファイル | 用途 | git管理 |
 |---------|------|---------|
-| `settings.permissions.json` | チーム共有のセキュリティポリシー（サードパーティツール許可、動的コード実行レベル） | 任意 |
+| `settings.permissions.json` | チーム共有のセキュリティポリシー（動的コード実行レベル） | 任意 |
 | `settings.tools.json` | ツールごとの有効・無効設定 | 任意 |
 | `tools.json` | 自動生成されるCLIツールレジストリ | No |
 | `outputs/` | ランタイム出力（テスト結果、スクリーンショット、ヒエラルキーダンプ） | No |

From 30b3d6d12f231767a012795d2b2b000aaaac9906 Mon Sep 17 00:00:00 2001
From: hatayama <booqle@gmail.com>
Date: Sat, 2 May 2026 05:41:33 +0900
Subject: [PATCH 5/5] Preserve legacy tool-toggle migrations

Keep legacy run-tests and menu-item fields in the migration trigger so direct upgrades do not let stale extracted security defaults override the user's old tool-toggle settings.
---
 Assets/Tests/Editor/ULoopSettingsTests.cs   | 21 +++++++++++++++++++++
 Packages/src/Editor/Config/ULoopSettings.cs |  2 ++
 2 files changed, 23 insertions(+)

diff --git a/Assets/Tests/Editor/ULoopSettingsTests.cs b/Assets/Tests/Editor/ULoopSettingsTests.cs
index 6a668393d..7e9a6c44e 100644
--- a/Assets/Tests/Editor/ULoopSettingsTests.cs
+++ b/Assets/Tests/Editor/ULoopSettingsTests.cs
@@ -236,6 +236,27 @@ public void GetSettings_WhenOldSecurityJsonExists_ShouldRenameToPermissions()
             StringAssert.DoesNotContain("\"allowThirdPartyTools\"", updatedJson);
         }
 
+        [Test]
+        public void GetSettings_WhenOldSecurityJsonExistsAndLegacyDisablesRunTests_ShouldPreferLegacyToolToggle()
+        {
+            DeleteIfExists(SettingsFilePath);
+            DeleteIfExists(ToolSettingsFilePath);
+
+            ULoopSettingsData oldData = new ULoopSettingsData
+            {
+                dynamicCodeSecurityLevel = (int)DynamicCodeSecurityLevel.Restricted
+            };
+            File.WriteAllText(OldSettingsFilePath, JsonUtility.ToJson(oldData, true));
+            File.WriteAllText(LegacySettingsFilePath, "{ \"enableTestsExecution\": false, \"showDeveloperTools\": true }");
+            InvalidateBothCaches();
+
+            ULoopSettingsData result = ULoopSettings.GetSettings();
+
+            Assert.AreEqual((int)DynamicCodeSecurityLevel.Restricted, result.dynamicCodeSecurityLevel);
+            Assert.IsFalse(ToolSettings.IsToolEnabled(McpConstants.TOOL_NAME_RUN_TESTS));
+            Assert.IsFalse(File.Exists(OldSettingsFilePath), "Old settings file should be removed after legacy migration");
+        }
+
         [Test]
         public void GetSettings_WhenJsonContainsRemovedFields_ShouldIgnoreThem()
         {
diff --git a/Packages/src/Editor/Config/ULoopSettings.cs b/Packages/src/Editor/Config/ULoopSettings.cs
index bb95a1419..672addf5c 100644
--- a/Packages/src/Editor/Config/ULoopSettings.cs
+++ b/Packages/src/Editor/Config/ULoopSettings.cs
@@ -170,6 +170,8 @@ private static bool LegacyFileHasSecurityFields()
 
             string json = File.ReadAllText(LegacySettingsFilePath);
             return json.Contains($"\"{LEGACY_ALLOW_THIRD_PARTY_TOOLS_FIELD}\"")
+                || json.Contains($"\"{nameof(LegacySecuritySettingsProbe.enableTestsExecution)}\"")
+                || json.Contains($"\"{nameof(LegacySecuritySettingsProbe.allowMenuItemExecution)}\"")
                 || json.Contains($"\"{nameof(LegacySecuritySettingsProbe.dynamicCodeSecurityLevel)}\"");
         }