diff --git a/codex-rs/core/src/mcp_tool_call.rs b/codex-rs/core/src/mcp_tool_call.rs
index 00327386b..f194ee79a 100644
--- a/codex-rs/core/src/mcp_tool_call.rs
+++ b/codex-rs/core/src/mcp_tool_call.rs
@@ -582,8 +582,11 @@ async fn remember_mcp_tool_approval(sess: &Session, key: McpToolApprovalKey) {
 }
 
 fn requires_mcp_tool_approval(annotations: &ToolAnnotations) -> bool {
-    annotations.read_only_hint == Some(false)
-        && (annotations.destructive_hint == Some(true) || annotations.open_world_hint == Some(true))
+    if annotations.destructive_hint == Some(true) {
+        return true;
+    }
+
+    annotations.read_only_hint == Some(false) && annotations.open_world_hint == Some(true)
 }
 
 async fn notify_mcp_tool_call_skip(
@@ -641,9 +644,9 @@ mod tests {
     }
 
     #[test]
-    fn approval_not_required_when_read_only_true() {
+    fn approval_required_when_destructive_even_if_read_only_true() {
         let annotations = annotations(Some(true), Some(true), Some(true));
-        assert_eq!(requires_mcp_tool_approval(&annotations), false);
+        assert_eq!(requires_mcp_tool_approval(&annotations), true);
     }
 
     #[test]