LibreChat/packages/api/src/mcp/errors.ts

/**
 * MCP-specific error classes
 */

export const MCPErrorCodes = {
  DOMAIN_NOT_ALLOWED: 'MCP_DOMAIN_NOT_ALLOWED',
  INSPECTION_FAILED: 'MCP_INSPECTION_FAILED',
} as const;

export type MCPErrorCode = (typeof MCPErrorCodes)[keyof typeof MCPErrorCodes];

/**
 * Custom error for MCP domain restriction violations.
 * Thrown when a user attempts to connect to an MCP server whose domain is not in the allowlist.
 */
export class MCPDomainNotAllowedError extends Error {
  public readonly code = MCPErrorCodes.DOMAIN_NOT_ALLOWED;
  public readonly statusCode = 403;
  public readonly domain: string;

  constructor(domain: string) {
    super(`Domain "${domain}" is not allowed`);
    this.name = 'MCPDomainNotAllowedError';
    this.domain = domain;
    Object.setPrototypeOf(this, MCPDomainNotAllowedError.prototype);
  }
}

/**
 * Custom error for MCP server inspection failures.
 * Thrown when attempting to connect/inspect an MCP server fails.
 */
export class MCPInspectionFailedError extends Error {
  public readonly code = MCPErrorCodes.INSPECTION_FAILED;
  public readonly statusCode = 400;
  public readonly serverName: string;

  constructor(serverName: string, cause?: Error) {
    super(`Failed to connect to MCP server "${serverName}"`);
    this.name = 'MCPInspectionFailedError';
    this.serverName = serverName;
    if (cause) {
      this.cause = cause;
    }
    Object.setPrototypeOf(this, MCPInspectionFailedError.prototype);
  }
}

/**
 * Type guard to check if an error is an MCPDomainNotAllowedError
 */
export function isMCPDomainNotAllowedError(error: unknown): error is MCPDomainNotAllowedError {
  return error instanceof MCPDomainNotAllowedError;
}

/**
 * Type guard to check if an error is an MCPInspectionFailedError
 */
export function isMCPInspectionFailedError(error: unknown): error is MCPInspectionFailedError {
  return error instanceof MCPInspectionFailedError;
}
🔒 feat: Add MCP server domain restrictions for remote transports (#11013) * 🔒 feat: Add MCP server domain restrictions for remote transports * 🔒 feat: Implement comprehensive MCP error handling and domain validation - Added `handleMCPError` function to centralize error responses for domain restrictions and inspection failures. - Introduced custom error classes: `MCPDomainNotAllowedError` and `MCPInspectionFailedError` for better error management. - Updated MCP server controllers to utilize the new error handling mechanism. - Enhanced domain validation logic in `createMCPTools` and `createMCPTool` functions to prevent operations on disallowed domains. - Added tests for runtime domain validation scenarios to ensure correct behavior. * chore: import order * 🔒 feat: Enhance domain validation in MCP tools with user role-based restrictions - Integrated `getAppConfig` to fetch allowed domains based on user roles in `createMCPTools` and `createMCPTool` functions. - Removed the deprecated `getAllowedDomains` method from `MCPServersRegistry`. - Updated tests to verify domain restrictions are applied correctly based on user roles. - Ensured that domain validation logic is consistent and efficient across tool creation processes. * 🔒 test: Refactor MCP tests to utilize configurable app settings - Introduced a mock for `getAppConfig` to enhance test flexibility. - Removed redundant mock definition to streamline test setup. - Ensured tests are aligned with the latest domain validation logic. --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai> 2025-12-18 19:57:49 +01:00			`/**`
			`* MCP-specific error classes`
			`*/`

			`export const MCPErrorCodes = {`
			`DOMAIN_NOT_ALLOWED: 'MCP_DOMAIN_NOT_ALLOWED',`
			`INSPECTION_FAILED: 'MCP_INSPECTION_FAILED',`
			`} as const;`

			`export type MCPErrorCode = (typeof MCPErrorCodes)[keyof typeof MCPErrorCodes];`

			`/**`
			`* Custom error for MCP domain restriction violations.`
			`* Thrown when a user attempts to connect to an MCP server whose domain is not in the allowlist.`
			`*/`
			`export class MCPDomainNotAllowedError extends Error {`
			`public readonly code = MCPErrorCodes.DOMAIN_NOT_ALLOWED;`
			`public readonly statusCode = 403;`
			`public readonly domain: string;`

			`constructor(domain: string) {`
			super(`Domain "${domain}" is not allowed`);
			`this.name = 'MCPDomainNotAllowedError';`
			`this.domain = domain;`
			`Object.setPrototypeOf(this, MCPDomainNotAllowedError.prototype);`
			`}`
			`}`

			`/**`
			`* Custom error for MCP server inspection failures.`
			`* Thrown when attempting to connect/inspect an MCP server fails.`
			`*/`
			`export class MCPInspectionFailedError extends Error {`
			`public readonly code = MCPErrorCodes.INSPECTION_FAILED;`
			`public readonly statusCode = 400;`
			`public readonly serverName: string;`

			`constructor(serverName: string, cause?: Error) {`
			super(`Failed to connect to MCP server "${serverName}"`);
			`this.name = 'MCPInspectionFailedError';`
			`this.serverName = serverName;`
			`if (cause) {`
			`this.cause = cause;`
			`}`
			`Object.setPrototypeOf(this, MCPInspectionFailedError.prototype);`
			`}`
			`}`

			`/**`
			`* Type guard to check if an error is an MCPDomainNotAllowedError`
			`*/`
			`export function isMCPDomainNotAllowedError(error: unknown): error is MCPDomainNotAllowedError {`
			`return error instanceof MCPDomainNotAllowedError;`
			`}`

			`/**`
			`* Type guard to check if an error is an MCPInspectionFailedError`
			`*/`
			`export function isMCPInspectionFailedError(error: unknown): error is MCPInspectionFailedError {`
			`return error instanceof MCPInspectionFailedError;`
			`}`