🔒 feat: Add MCP server domain restrictions for remote transports (#11013)

* 🔒 feat: Add MCP server domain restrictions for remote transports * 🔒 feat: Implement comprehensive MCP error handling and domain validation - Added `handleMCPError` function to centralize error responses for domain restrictions and inspection failures. - Introduced custom error classes: `MCPDomainNotAllowedError` and `MCPInspectionFailedError` for better error management. - Updated MCP server controllers to utilize the new error handling mechanism. - Enhanced domain validation logic in `createMCPTools` and `createMCPTool` functions to prevent operations on disallowed domains. - Added tests for runtime domain validation scenarios to ensure correct behavior. * chore: import order * 🔒 feat: Enhance domain validation in MCP tools with user role-based restrictions - Integrated `getAppConfig` to fetch allowed domains based on user roles in `createMCPTools` and `createMCPTool` functions. - Removed the deprecated `getAllowedDomains` method from `MCPServersRegistry`. - Updated tests to verify domain restrictions are applied correctly based on user roles. - Ensured that domain validation logic is consistent and efficient across tool creation processes. * 🔒 test: Refactor MCP tests to utilize configurable app settings - Introduced a mock for `getAppConfig` to enhance test flexibility. - Removed redundant mock definition to streamline test setup. - Ensured tests are aligned with the latest domain validation logic. --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Danny Avila <danny@librechat.ai>
2026-01-22 02:06:12 +01:00 · 2025-12-18 19:57:49 +01:00 · 2025-12-18 19:57:49 +01:00 · 95a69df70e
commit 95a69df70e
parent 98294755ee
19 changed files with 815 additions and 75 deletions
--- a/packages/api/src/auth/domain.ts
+++ b/packages/api/src/auth/domain.ts
@ -96,3 +96,45 @@ export async function isActionDomainAllowed(

  return false;
 }
+
+/**
+ * Extracts domain from MCP server config URL.
+ * Returns null for stdio transports (no URL) or invalid URLs.
+ * @param config - MCP server configuration (accepts any config with optional url field)
+ */
+export function extractMCPServerDomain(config: Record<string, unknown>): string | null {
+  const url = config.url;
+  // Stdio transports don't have URLs - always allowed
+  if (!url || typeof url !== 'string') {
+    return null;
+  }
+
+  try {
+    const parsedUrl = new URL(url);
+    return parsedUrl.hostname.replace(/^www\./i, '');
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Validates MCP server domain against allowedDomains.
+ * Reuses isActionDomainAllowed for consistent validation logic.
+ * Stdio transports (no URL) are always allowed.
+ * @param config - MCP server configuration with optional url field
+ * @param allowedDomains - List of allowed domains (with wildcard support)
+ */
+export async function isMCPDomainAllowed(
+  config: Record<string, unknown>,
+  allowedDomains?: string[] | null,
+): Promise<boolean> {
+  const domain = extractMCPServerDomain(config);
+
+  // Stdio transports don't have domains - always allowed
+  if (!domain) {
+    return true;
+  }
+
+  // Reuse existing validation logic (includes wildcard support)
+  return isActionDomainAllowed(domain, allowedDomains);
+}