Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-29 22:05:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

🔒 feat: Add MCP server domain restrictions for remote transports (#11013)

Browse source 
* 🔒 feat: Add MCP server domain restrictions for remote transports

* 🔒 feat: Implement comprehensive MCP error handling and domain validation

- Added `handleMCPError` function to centralize error responses for domain restrictions and inspection failures.
- Introduced custom error classes: `MCPDomainNotAllowedError` and `MCPInspectionFailedError` for better error management.
- Updated MCP server controllers to utilize the new error handling mechanism.
- Enhanced domain validation logic in `createMCPTools` and `createMCPTool` functions to prevent operations on disallowed domains.
- Added tests for runtime domain validation scenarios to ensure correct behavior.

* chore: import order

* 🔒 feat: Enhance domain validation in MCP tools with user role-based restrictions

- Integrated `getAppConfig` to fetch allowed domains based on user roles in `createMCPTools` and `createMCPTool` functions.
- Removed the deprecated `getAllowedDomains` method from `MCPServersRegistry`.
- Updated tests to verify domain restrictions are applied correctly based on user roles.
- Ensured that domain validation logic is consistent and efficient across tool creation processes.

* 🔒 test: Refactor MCP tests to utilize configurable app settings

- Introduced a mock for `getAppConfig` to enhance test flexibility.
- Removed redundant mock definition to streamline test setup.
- Ensured tests are aligned with the latest domain validation logic.

---------

Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
This commit is contained in:
Atef Bellaaj 2025-12-18 19:57:49 +01:00 committed by GitHub
parent 98294755ee
commit 95a69df70e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
19 changed files with 815 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

6
packages/data-schemas/src/app/service.ts
View file

@ -60,7 +60,8 @@ export const AppService = async (params?: {
const availableTools = systemTools;
const mcpConfig = config.mcpServers || null;
const mcpServersConfig = config.mcpServers || null;
const mcpSettings = config.mcpSettings || null;
const registration = config.registration ?? configDefaults.registration;
const interfaceConfig = await loadDefaultInterface({ config, configDefaults });
const turnstileConfig = loadTurnstileConfig(config, configDefaults);
@ -74,7 +75,8 @@ export const AppService = async (params?: {
speech,
balance,
transactions,
mcpConfig,
mcpConfig: mcpServersConfig,
mcpSettings,
webSearch,
fileStrategy,
registration,

2
packages/data-schemas/src/types/app.ts
View file

@ -82,6 +82,8 @@ export interface AppConfig {
speech?: TCustomConfig['speech'];
/** MCP server configuration */
mcpConfig?: TCustomConfig['mcpServers'] | null;
/** MCP settings (domain allowlist, etc.) */
mcpSettings?: TCustomConfig['mcpSettings'] | null;
/** File configuration */
fileConfig?: TFileConfig;
/** Secure image links configuration */